View previous topic :: View next topic |
Author |
Message |
nsehnheni How do I cheat? Reputation: 0
Joined: 02 Mar 2020 Posts: 4
|
Posted: Fri Jun 19, 2020 7:01 pm Post subject: How do I read/write memory pointers for 64 bit games? |
|
|
For 3 days now I've been trying to get this to work. I am working on a cheat console application for a game called "Drug Dealer Simulator" made on the unreal engine. At first I didn't know how to write to the processes memory for 64 bit addresses e.g. "23E17846CC4" but now that I've found the static pointer address I want my application to be able to modify the value of that.
The module name is "DrugDealerSimulator-Win64-Shipping.exe" and the offset is 02B4A9A0.
I tried adding them together to see if it would work and give me the correct address before I then added on the 7 pointers.
Code:
DWORD64 baseAddress;
ReadProcessMemory(pHandle, (LPCVOID)(ClientBase + 0x02B4A9A0), &baseAddress, sizeof(baseAddress), NULL);
cout << "Address is: " << baseAddress << "" << endl;
cin.get();
but it tells me that the address is zero. Does anyone know what I am doing wrong because I've been trying to figure this out for days now and usually I have been able to figure things out by the next day but this is driving me mad. Any help would be appreciated.
|
|
Back to top |
|
|
Astaroth4256 Advanced Cheater Reputation: 0
Joined: 25 May 2014 Posts: 59
|
Posted: Fri Jun 19, 2020 7:08 pm Post subject: |
|
|
ClientBase should be the process' module base. Are you sure you're getting the correct module? There can be several different modules for one process so you should filter them out by name or something. Additionally, don't use (LPCVOID), use LongToPtr(long)
|
|
Back to top |
|
|
nsehnheni How do I cheat? Reputation: 0
Joined: 02 Mar 2020 Posts: 4
|
Posted: Fri Jun 19, 2020 7:28 pm Post subject: |
|
|
Astaroth4256 wrote: | ClientBase should be the process' module base. Are you sure you're getting the correct module? There can be several different modules for one process so you should filter them out by name or something. Additionally, don't use (LPCVOID), use LongToPtr(long) |
I go on task manager, it says "UE4Game" I then go to details and there are two one says "DrugDealerSimulator.exe" and another "DrugDealerSimulator-Win64-Shipping" but I'm pretty sure the module is right because the pointer in cheat engine does say:
"DrugDealerSimulator-Win64-Shipping.exe"+02B4A9A0
and the longtoptr(long) says type name is not allowed
"ReadProcessMemory(pHandle, LongToPtr(long)(ClientBase + 0x02B4A9A0), &baseAddress, sizeof(baseAddress), NULL);"
Actually I changed it to
ReadProcessMemory(pHandle, LongToPtr(ClientBase + 0x02B4A9A0), &baseAddress, sizeof(baseAddress), NULL);
it gave me an address but it said the address was 140708359796723
|
|
Back to top |
|
|
Astaroth4256 Advanced Cheater Reputation: 0
Joined: 25 May 2014 Posts: 59
|
Posted: Sat Jun 20, 2020 4:55 am Post subject: |
|
|
So converted to hex the address was 00007FF937CD77F3, seems correct to me. If you're sure you're getting the correct clientbase in the code then he problem could be longtoptr accepting a 4byte value while you're using dword64 which is 8byte. Try looking for a 64bit version of longtoptr, if you can't find it then you need to set your application to 64bit for lpcvoid to work though still I'd advise against casting to lpcvoid, find a proper method of conversion.
|
|
Back to top |
|
|
Banjo Patterson Cheater Reputation: 1
Joined: 15 May 2018 Posts: 36
|
Posted: Sun Jun 21, 2020 6:34 pm Post subject: |
|
|
What is the type of ClientBase? If it's a pointer, you'll need to divide 0x02B4A9A0 by the size of the type because of pointer arithmetic.
E.g.
long long ClientBase = 100;
long long* pClientBase = &ClientBase;
Print pClientBase: 000000D86EAFFC40
pClientBase += 1;
Print pClientBase: 000000D86EAFFC48
It's also a good idea to check RPM for errors using GetLastError incase that catches something.
|
|
Back to top |
|
|
|