Results 1 to 15 of 15
  1. #1
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty

    Working on Memory Searcher

    Well I need to create an undetected cheat engine (UCE)
    This isn't really so much a code discussion as a design discussion.

    I was wondering how exactly to look for values. I can easily just look through addresses till I find a value, but theres other things I have to consider:
    • Storing all the data and ciphering through quickly.
    • Different Data types
    • the format of those Data types
    • .code segment vs. .data segment (where to look at)
    • To filter opcodes?
    • Different ways of going throug memory, for instance if Im searching for DWORDS and I skip through by 4 bytes what if one of the DWORDs are offset, so now the whole search is messed up because the values don't line up.


    And there's a lot more to consider. Basically Im just looking around for information right now. If anyone could clear up a few of these points, or share your thoughts on something Im not considering that would be great. I think best when Im talking with other people so this would help me out greatly.

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  2. #2
    scimmyboy's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Location
    https://mpgh.net MPGHCash: $442,596,199
    Posts
    5,645
    Reputation
    26
    Thanks
    896
    My Mood
    Happy
    heres a memory searcher i wrote, also, quite awhile ago. hope it helps in anyway.

    Code:
    #include <windows.h>
    #include <iostream>
    
    class CMemory
    {
    public:
        BOOL SearchMemory(BYTE *Find, DWORD dwStart, DWORD dwEnd, DWORD pID)
        {
            DWORD dwLength = (dwEnd - dwStart) + 1;
            BYTE *dwBuffer = new BYTE[dwLength], dwReadByte;
            DWORD BufferPosition = 0, dwCurrent = 0, dwOldProtection;
            HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
            BOOL bReturn = FALSE;
    
            VirtualProtectEx(hProcess, (void *)dwStart, dwLength, PAGE_EXECUTE_READ, &dwOldProtection);
    
            for (dwCurrent = dwStart; dwCurrent <= dwEnd; dwCurrent++)
            {
                 ReadProcessMemory(hProcess, (LPCVOID)dwCurrent, (LPVOID)&dwReadByte, 1, 0);
                dwBuffer[BufferPosition] = dwReadByte;
                BufferPosition++;
            }
    
             VirtualProtectEx(hProcess, (void *)dwStart, dwLength, dwOldProtection, &dwOldProtection);
    
            std::cout << std::endl;
    
            DWORD dwFindLen = strlen((char *)Find);
    
            BYTE *bBufferEnd = &dwBuffer[ dwLength - dwFindLen + 1 ];
            BYTE *Current = dwBuffer;
    
            for (;Current < bBufferEnd; Current++)
            {
                 if (*Current == *Find)
                {
                     if (!memcmp(Current + 1, Find + 1, dwFindLen - 1))
                     {
                         bReturn = TRUE;
                         break;
                     }
                }
            }
    
             delete [] dwBuffer;
    
            return bReturn;
        };
    };
    
    int main ()
    {
        DWORD dwPid;
        char Search[ 0x100 ];
    
        std::cout << "Search? ";
        std::cin.getline( Search, 0x100 );
    
        std::cout << "Pid: ";
        std::cin >> dwPid;
    
        CMemory *myMemory = new CMemory;
        if (myMemory->SearchMemory((BYTE *)Search, 0x00400000, 0x00409050, dwPid))
        {
            std: :cout << "Found\n";
        } else {
            std::cout << "Not found\n";
        }
        delete myMemory;
    
        return 0;
    }

  3. #3
    Lolland's Avatar
    Join Date
    Feb 2009
    Gender
    male
    Location
    Lolland!
    Posts
    3,156
    Reputation
    49
    Thanks
    868
    My Mood
    Inspired
    Quote Originally Posted by Justin View Post
    heres a memory searcher i wrote, also, quite awhile ago. hope it helps in anyway.

    Code:
    #include <windows.h>
    #include <iostream>
    
    class CMemory
    {
    public:
        BOOL SearchMemory(BYTE *Find, DWORD dwStart, DWORD dwEnd, DWORD pID)
        {
            DWORD dwLength = (dwEnd - dwStart) + 1;
            BYTE *dwBuffer = new BYTE[dwLength], dwReadByte;
            DWORD BufferPosition = 0, dwCurrent = 0, dwOldProtection;
            HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
            BOOL bReturn = FALSE;
    
            VirtualProtectEx(hProcess, (void *)dwStart, dwLength, PAGE_EXECUTE_READ, &dwOldProtection);
    
            for (dwCurrent = dwStart; dwCurrent <= dwEnd; dwCurrent++)
            {
                 ReadProcessMemory(hProcess, (LPCVOID)dwCurrent, (LPVOID)&dwReadByte, 1, 0);
                dwBuffer[BufferPosition] = dwReadByte;
                BufferPosition++;
            }
    
             VirtualProtectEx(hProcess, (void *)dwStart, dwLength, dwOldProtection, &dwOldProtection);
    
            std::cout << std::endl;
    
            DWORD dwFindLen = strlen((char *)Find);
    
            BYTE *bBufferEnd = &dwBuffer[ dwLength - dwFindLen + 1 ];
            BYTE *Current = dwBuffer;
    
            for (;Current < bBufferEnd; Current++)
            {
                 if (*Current == *Find)
                {
                     if (!memcmp(Current + 1, Find + 1, dwFindLen - 1))
                     {
                         bReturn = TRUE;
                         break;
                     }
                }
            }
    
             delete [] dwBuffer;
    
            return bReturn;
        };
    };
    
    int main ()
    {
        DWORD dwPid;
        char Search[ 0x100 ];
    
        std::cout << "Search? ";
        std::cin.getline( Search, 0x100 );
    
        std::cout << "Pid: ";
        std::cin >> dwPid;
    
        CMemory *myMemory = new CMemory;
        if (myMemory->SearchMemory((BYTE *)Search, 0x00400000, 0x00409050, dwPid))
        {
            std: :cout << "Found\n";
        } else {
            std::cout << "Not found\n";
        }
        delete myMemory;
    
        return 0;
    }
    https://r00tsecurity.org/db/code/120

    Hmm...
    Last edited by Lolland; 01-30-2010 at 01:20 AM.

  4. The Following 3 Users Say Thank You to Lolland For This Useful Post:

    crushed (01-30-2010),Hell_Demon (01-30-2010),ilovecookies (01-30-2010)

  5. #4
    B1ackAnge1's Avatar
    Join Date
    Aug 2009
    Gender
    male
    Posts
    455
    Reputation
    74
    Thanks
    344
    My Mood
    Cynical
    Didn't C&P but everything down to the last space, tab spacing, and just weirdness like using \n instead of endl with cout, is exactly the same?

    I declare Pasta... HD, if you will do the honors... lol

  6. The Following 2 Users Say Thank You to B1ackAnge1 For This Useful Post:

    crushed (01-30-2010),Hell_Demon (01-30-2010)

  7. #5
    crushed's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    My name is Jay. k?
    Posts
    415
    Reputation
    10
    Thanks
    113
    My Mood
    Sneaky
    Quote Originally Posted by Justin View Post
    it might have been copy paste a year and a half ago when i just started learning to compile different source codes of C++ programs
    The fact that you got proved wrong by BA should be enough of a reason to stfu.

    And Why, is this what you were telling me about on MSN? >_>; I know you tell me about your Tiger Wood stories, but yeah. Guess you were serious about haxing CA.

    EDIT: You were also mentioning Hex editing, what was that about? o_O

  8. #6
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Ok. You ripped, but can we get on with the problem at hand, So far Justin has been the only one who offered some advice, even if it was jacked source. The reason I was talking about Hex editing crushed is that was looking into the file format of an executable, but this is just a deadlisting, and Im not sure the same rules apply when its loaded up into memory.

    Basically should I even have to look outside the .data section for values, and how would I go about determining what is which section. =/


    BTW:
    @ Justin: You seem to rip on a regular basis. I have even see you post hacks in the CA section, by some WeeMan205 guy, but claim them as ur own, with ur name in the credits and everything. People here try to keep a certain level of honor about their work. In many situations its okay to copy things, but credit should always, be given to the original author. I strongly believe in keeping this dignity, because somewhere on this site needs a backbone. As you just saw people in this forum, blow up at things like that quicker then anything else. So, I don't know about the rest of the site, but as long as ur in these forums try to be considerate of the fact that if you do not respect other people's work, no one will respect yours.

    But enough on this, lets get back to the discussion at hand hmmm?

    EDIT:
    I just looked over the code. Its a good start, but it doesn't return the memory address, just a bool. Mines needs to be a little more advanced then this, for different sized variables: floats,chars, etc. I still need to know if I can just look through every single address in the code or weather just looking through the data area would be best?
    Last edited by why06; 01-30-2010 at 10:18 AM.

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  9. #7
    Matrix_NEO006's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Posts
    240
    Reputation
    12
    Thanks
    33
    My Mood
    Lonely
    theres UCE available. + undetected by Xlive.
    [Application] Psych Tool v1 (Modified CE) - The World of Game Hacking

  10. The Following User Says Thank You to Matrix_NEO006 For This Useful Post:

    why06 (01-30-2010)

  11. #8
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Quote Originally Posted by Matrix_NEO006 View Post
    Well... that makes things a lot easier. Sucks cuz I just figure out how to go about it:
    I was gonna search the entire process memory,
    offset bytes from the beginning of the memory for different data types,
    and even create small program with different data types and debug it to see how different data types are stored in memory.

    But this is much easier! Thanks for the headsup

    EDIT:
    Hmmmm.... I've tried it out. It seems it's detected for CA... =/

    Guess back to plan A.
    Last edited by why06; 01-30-2010 at 09:28 PM.

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  12. #9
    crushed's Avatar
    Join Date
    Oct 2009
    Gender
    male
    Location
    My name is Jay. k?
    Posts
    415
    Reputation
    10
    Thanks
    113
    My Mood
    Sneaky
    Quote Originally Posted by B1ackAnge1 View Post
    lol , lolland posted the original link - i just looked it over and commented on it
    I love how this thread has 2 pages of posts, but only that posted source code, and Matrix's UCE was the one that helped Why. This is what I love about this section. LOL

    As for you and Lolland's post, they helped out, so that's considered "help". As for me, I spam. And ask random questions.

  13. #10
    valkmax's Avatar
    Join Date
    Sep 2009
    Gender
    female
    Posts
    21
    Reputation
    10
    Thanks
    1
    My Mood
    Amused
    Allot of time if I am unable to find source to help me in the language I am using I will look for it in another language and see what I can understand from it. Normally it is not that hard to at least grab the concepts from other languages source code to be able to implement them into yours.

  14. #11
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Quote Originally Posted by crushed View Post
    I love how this thread has 2 pages of posts, but only that posted source code, and Matrix's UCE was the one that helped Why. This is what I love about this section. LOL
    Yeh thanks a lot jerks, way to stay on-topic, I swear one guy C&P and forget about helping me out. D;

    @valkmax: Thanks for the advice, only second person to help me out. ;(

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  15. #12
    Hell_Demon's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    I love causing havoc
    Posts
    3,976
    Reputation
    343
    Thanks
    4,320
    My Mood
    Cheeky
    Quote Originally Posted by why06 View Post
    Yeh thanks a lot jerks, way to stay on-topic, I swear one guy C&P and forget about helping me out. D;

    @valkmax: Thanks for the advice, only second person to help me out. ;(
    Code:
    struct noobstruct
    {
        unsigned long *ptr[25];
    };
    
    noobstruct rm;
    readprocmem here
    for(int i=0;i<25;i++)
    {
        cout<<"address "<<base+sizeof(unsigned long)*i<<" - value "<<rm->ptr[i];
    }
    Too lazy to write it out, if you want to continue just do loops, increasing the base by the size of the noobstruct while readprocmem doesnt fail with a ERROR_PARTIAL_READ
    Ah we-a blaze the fyah, make it bun dem!

  16. #13
    Matrix_NEO006's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Posts
    240
    Reputation
    12
    Thanks
    33
    My Mood
    Lonely
    for the application i would use Cheat Engine Source code.btw CE 5.6 has released
    Last edited by Matrix_NEO006; 01-31-2010 at 03:54 PM.

  17. #14
    why06's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    IBM
    Posts
    4,304
    Reputation
    170
    Thanks
    2,203
    My Mood
    Flirty
    Quote Originally Posted by Matrix_NEO006 View Post
    for the application i would use Cheat Engine Source code.btw CE 5.6 has released
    Believe me, I am taking a look through it. Its just that the source code is so damn big O_O. And written in another language >_>

    Not to mention no programmer ever comments their work. =/

    "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."
    - Dwight D. Eisenhower

  18. #15
    Matrix_NEO006's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Posts
    240
    Reputation
    12
    Thanks
    33
    My Mood
    Lonely
    its in delphi

Similar Threads

  1. Memory searcher problem...
    By Crash in forum Combat Arms Coding Help & Discussion
    Replies: 15
    Last Post: 10-10-2010, 05:36 PM
  2. [Help] Engine and Memory Searcher
    By silentrunner2 in forum Combat Arms EU Hack Coding/Source Code
    Replies: 5
    Last Post: 09-01-2010, 04:36 AM
  3. What Memory Searcher?
    By peanut627 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 12
    Last Post: 05-22-2010, 06:49 AM
  4. Working mhs MEMORY HACK need help
    By dinourx7 in forum Combat Arms Discussions
    Replies: 2
    Last Post: 12-27-2009, 11:10 PM
  5. Replies: 2
    Last Post: 03-01-2007, 07:10 PM