| View previous topic :: View next topic |
| Author |
Message |
ghmarko
Cheater
![]() Reputation: 0
Joined: 31 Jan 2020
Posts: 29
Location: 192.168.0.1
|
 Posted: Mon Mar 30, 2020 8:49 am Post subject: Memory Reading api's |
 |
|
| can anyone here give me a list of api's used for memory reading ?
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Mon Mar 30, 2020 2:22 pm Post subject: |
|
|
Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode.
_________________
- Retired. |
|
| Back to top |
|
|
ghmarko
Cheater
![]() Reputation: 0
Joined: 31 Jan 2020
Posts: 29
Location: 192.168.0.1
|
| Posted: Mon Mar 30, 2020 2:30 pm Post subject: |
|
|
| atom0s wrote: | Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode. |
the game anticheat detect memory changing i need to know api's used for that (internal)
|
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Mon Mar 30, 2020 4:47 pm Post subject: |
|
|
Check if there are codes that act on reading the section of code you are using to redirect the thread (the injection point).
Normally you can solve it with a "stealth edit" or bypassing the integrity check.
|
|
| Back to top |
|
|
ghmarko
Cheater
![]() Reputation: 0
Joined: 31 Jan 2020
Posts: 29
Location: 192.168.0.1
|
| Posted: Tue Mar 31, 2020 5:48 am Post subject: |
|
|
| DanyDollaro wrote: | Check if there are codes that act on reading the section of code you are using to redirect the thread (the injection point).
Normally you can solve it with a "stealth edit" or bypassing the integrity check. |
i know but iam using c++ cant use stealthedit 
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Tue Mar 31, 2020 10:27 am Post subject: |
|
|
https://forum.cheatengine.org/faq.php#1
note:
regardless of what API's you are using and whether they are usemode or kernelmode API's, if the game is shipped with a built-in integrity-check then none of the API's will help.
(if no integrity-check then yes some API's can help, but again CEF have some rules so check the FAQ)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Tue Mar 31, 2020 11:37 pm Post subject: |
|
|
| ghmarko wrote: | | atom0s wrote: | Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode. |
the game anticheat detect memory changing i need to know api's used for that (internal) |
You can try using the 'NT' versions of the functions, if those are detected as well then you either need to learn how to bypass the anti-cheat or create a driver.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
