Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How shall I approach THREADSTACK?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
X9UWiAx8
How do I cheat?
Reputation: 0

Joined: 31 Aug 2019
Posts: 2

PostPosted: Sat Aug 31, 2019 8:09 am    Post subject: How shall I approach THREADSTACK? Reply with quote

In order to learn stuff I made the following C++ app:

Code:
#include <iostream>
#include <Windows.h>
void main() {
   int* a = new int(12321);
   while(true) {
      std::cout << *a << std::endl;
      Sleep(1000);
   }
}


I made "a" intentionally a pointer. A scanned with CE and over these days I learnt that I should find pointers related to the scanned value, cause it is dinamically alocated. In the example I showed, there should be no way inside by reverse engineering any of the dlls since I don't use (except os stuff which I maybe not discovered yet how to exploit them). I used the pointer map functionality and got linked to "THREADSTACK". I spent some time how to get to my desired value by working with the offsets and hardcoded "THREADSTACK" address. I made a C# utility that opens the process for me, and let me easily write / read and so on.

After ~ 1 day of working, I got everything up. I studied how to get the tricky "THREADSTACK" address. I have been working with Windows API, but so far I was able to actually get it just for x86 apps, and I don't have any idea why that. I followed some people that said that getting the address is one of hardest way and not preffered. I got myself into DLL injecting, and as my first topic, I automated it myself using C# (no injecting using CE). So far it worked and I displayed a MessageBox from the injected app. I followed this way thinking that now I could get the "THREADSTACK" easily since the code is executed into the victim process, but at the time of writing I didn't found anything about how to do that.

Am I supposed to approach another way to do this? I'm not looking especially for "THREADSTACK" address, but for being able to create an executable that can edit another process' memory in any given circumstances (restart app, restart pc, another pc, etc). Sry for bad English.


Last edited by X9UWiAx8 on Sat Aug 31, 2019 1:07 pm; edited 1 time in total
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 70

Joined: 06 Jul 2014
Posts: 2295

PostPosted: Sat Aug 31, 2019 8:27 am    Post subject: Reply with quote

You can look at how CE resolves THREADSTACK addresses here.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
X9UWiAx8
How do I cheat?
Reputation: 0

Joined: 31 Aug 2019
Posts: 2

PostPosted: Sat Aug 31, 2019 11:19 am    Post subject: Reply with quote

Thx for help. I was able to use the given block to make a C# function that does the job of caching THREADSTACKs.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites