View previous topic :: View next topic |
Author |
Message |
ghmarko Cheater Reputation: 0
Joined: 31 Jan 2020 Posts: 29 Location: 192.168.0.1
|
Posted: Mon Mar 30, 2020 8:49 am Post subject: Memory Reading api's |
|
|
can anyone here give me a list of api's used for memory reading ?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Mar 30, 2020 2:22 pm Post subject: |
|
|
Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode.
_________________
- Retired. |
|
Back to top |
|
|
ghmarko Cheater Reputation: 0
Joined: 31 Jan 2020 Posts: 29 Location: 192.168.0.1
|
Posted: Mon Mar 30, 2020 2:30 pm Post subject: |
|
|
atom0s wrote: | Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode. |
the game anticheat detect memory changing i need to know api's used for that (internal)
|
|
Back to top |
|
|
DanyDollaro Master Cheater Reputation: 3
Joined: 01 Aug 2019 Posts: 334
|
Posted: Mon Mar 30, 2020 4:47 pm Post subject: |
|
|
Check if there are codes that act on reading the section of code you are using to redirect the thread (the injection point).
Normally you can solve it with a "stealth edit" or bypassing the integrity check.
|
|
Back to top |
|
|
ghmarko Cheater Reputation: 0
Joined: 31 Jan 2020 Posts: 29 Location: 192.168.0.1
|
Posted: Tue Mar 31, 2020 5:48 am Post subject: |
|
|
DanyDollaro wrote: | Check if there are codes that act on reading the section of code you are using to redirect the thread (the injection point).
Normally you can solve it with a "stealth edit" or bypassing the integrity check. |
i know but iam using c++ cant use stealthedit
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Tue Mar 31, 2020 10:27 am Post subject: |
|
|
https://forum.cheatengine.org/faq.php#1
note:
regardless of what API's you are using and whether they are usemode or kernelmode API's, if the game is shipped with a built-in integrity-check then none of the API's will help.
(if no integrity-check then yes some API's can help, but again CEF have some rules so check the FAQ)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Tue Mar 31, 2020 11:37 pm Post subject: |
|
|
ghmarko wrote: | atom0s wrote: | Finding the process:
- FindWindow (to find based on window name or window class.)
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
PSAPI has its own set of API that does the same stuff as well:
https://docs.microsoft.com/en-us/windows/win32/psapi/psapi-functions
Opening the process:
- OpenProcess
Memory related:
- ReadProcessMemory
- WriteProcessMemory
- VirtualAllocEx
- VirtualProtectEx
- VirtualQueryEx
And so on, these are the main ones that are the most commonly used from a trainer standpoint that is external and from usermode. |
the game anticheat detect memory changing i need to know api's used for that (internal) |
You can try using the 'NT' versions of the functions, if those are detected as well then you either need to learn how to bypass the anti-cheat or create a driver.
_________________
- Retired. |
|
Back to top |
|
|
|