GetModuleHandleA error? or is it something else? please help me, or atleast take look

[orx]

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <stdio.h>

void OrXHThread (){
	Sleep(3000);
	while(1){
		if(GetAsyncKeyState(VK_F11) &1){

			MessageBoxA(0, "1" ,"1",0);

			    DWORD base = (DWORD)GetModuleHandleA("SpiderSolitaire.exe");
				if(base){
					MessageBoxA(0, "Baas kood leitud",(LPCSTR)(DWORD)base, 0);
				}

				while(1){

    DWORD base = (DWORD)GetModuleHandleA("SpiderSolitaire.exe");

	*(float*)((DWORD)base + (DWORD)0x93090 + (DWORD)0x8C + (DWORD)0x10) = 17500;

					
					if(GetAsyncKeyState(VK_F12) &1){
						break;
					}

		Sleep(5);
				}

		}
					if(GetAsyncKeyState(VK_F4) &1){

						MessageBoxA(0, (LPCSTR)0x37905D28, "TEST", 0);
					}
	Sleep(1);

	}

}



BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) {
    DisableThreadLibraryCalls(hDll);
    
    if ( dwReason == DLL_PROCESS_ATTACH ) {
        MessageBoxA(0,"Hack Written By OrX ","Team Estonia", 0); 
	
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)OrXHThread, 0, 0, 0);
    }
	 
    return true ;
}

My problem is, that it injects successfully to SpiderSolitaire.exe with PERX injector, after 3 sec i press f11 it pops up my check, which says 1, and if it find base address, then gives message about that too..

I found the pointer with cheat engine

: SpiderSolitaire.exe+93090 offset1: 8C offset2: 10

if i add new pointer, i always get the number of score in thespidersolitaire. and i can change it via cheat engine. I am trying to change it with my DLL now, could someone take a look? ive been combing GOOGLE for several days now for the GetModuleHandleA, if i display it as LPCSTR then i get "MZ" for the base address..

Thanks in advance

OrX

[orx]

ideas?
/msg2short

[Fovea]

That's not how you read a pointer.

[kibbles18]

sprintf it or print it as the data type it is
why are we helping you? your siggy says ur a c++ pro.

[orx]

i code in c++, i am trying to figure out why doesnt it get me a correct base address., that sig was quite old, and full of bullshit, sorry for that.

[orx]

So i figured, that it actually finds the base address ( it is changing.. ), but i wont be able to overwrite the memory.

If i add new pointer to the cheat engine, then it always find the correct address.
Any ideas?

[orx]

seriously? its getting realy annoying.. that it wont rewrite the memory. am i using the offsets correct?

For some reason GetModuleHandleA() returns me 00000000 i made a standalone program which checks for it.. if i type in Kernel32 then it successfully gets me an address.. here is the code:

Code:

// BASE.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <iostream>
#include <Windows.h>

using namespace std;


int main(){
	char nimi[64];
	while(1){
	cout << " Insert Module Name: " << endl;
	cin >> nimi;
	cout << endl;
	cout << hex << GetModuleHandleA(nimi);
	cin.get();

	}
	return 0;

}

[kibbles18]

MZ is the executable DOS header. That means that you did get the correct base address, because you printed it as a string. Are you sure that you have the correct offsets, and that they are not in hex instead of decimal? You also don't need to declare offsets as dword. Why are you finding the module handle twice and declaring the same variable twice?

[orx]

MZ is the executable DOS header. That means that you did get the correct base address, because you printed it as a string. Are you sure that you have the correct offsets, and that they are not in hex instead of decimal? You also don't need to declare offsets as dword. Why are you finding the module handle twice and declaring the same variable twice?

I was playing around a bit.

I got those values with cheat engine, pointerscanner of cheatengine. i believe that they are hex not decimal. But if i calculated with calculator.. E400000 + 0x93090 + 0xC8 + 0x10 i did not get the same value as i get with cheat engine..
I am realy in trouble. i am in that "realy pissed off" state right now. since ive been fucking around with it for a week now..

[Fovea]

Once again, that is not how you read pointers.

Code:

*reinterpret_cast<float*>(*reinterpret_cast<unsigned long*>(*reinterpret_cast<unsigned long*>(base + 0x93090) + 0xC8) + 0x10) = some_value;

[kibbles18]

idk, try this:

Code:

__asm{
push eax
mov eax, base
add eax, 93090h
add eax, 8Ch
add eax, 10h
mov [eax], 17500
pop eax
}

you might have to replace the "h" at the end of the value with the prefix 0x, ive never really used inline asm, so i dont know what it enforces. if that dosent work, then the offsets or something is wrong.
an alternative i found to writing to the address is to change the instruction in memory of the register that holds the value you want to change, because it is usually static

[orx]

idk, try this:

Code:

__asm{
push eax
mov eax, base
add eax, 93090h
add eax, 8Ch
add eax, 10h
mov [eax], 17500
pop eax
}

you might have to replace the "h" at the end of the value with the prefix 0x, ive never really used inline asm, so i dont know what it enforces. if that dosent work, then the offsets or something is wrong.
an alternative i found to writing to the address is to change the instruction in memory of the register that holds the value you want to change, because it is usually static

Doesnt work at all...

current state:

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>

void OrXHThread (){
	Sleep(3000);
	int var = 2500;
	while(1){
		if(GetAsyncKeyState(VK_F11) &1){
			char bf[32];
			var++;
			//sprintf(bf, "Running, current value: %i", var);
			MessageBoxA(0, bf ,"Running",0);
			
			   
				while(1){

						DWORD base = (DWORD)GetModuleHandleA("SpiderSolitaire.exe");

						//*(float*)(base + 0x93090 + 0x8C + 0x10) = var; 
					

					__asm{
push eax
mov eax, base
add eax, 0x93090
add eax, 0x8C
add eax, 0x10
mov [eax], 17500
pop eax
}


					if(GetAsyncKeyState(VK_F12) &1){break;}
					Sleep(5);
				}

		}

	Sleep(1);

	}

}



BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) {
    DisableThreadLibraryCalls(hDll);
    
    if ( dwReason == DLL_PROCESS_ATTACH ) {
        MessageBoxA(0,"Hack Written By OrX ","Team Estonia", 0); 
	
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)OrXHThread, 0, 0, 0);
    }
	 
    return true ;
}

[Crash]

idk, try this:

Code:

__asm{
push eax
mov eax, base
add eax, 93090h
add eax, 8Ch
add eax, 10h
mov [eax], 17500
pop eax
}

you might have to replace the "h" at the end of the value with the prefix 0x, ive never really used inline asm, so i dont know what it enforces. if that dosent work, then the offsets or something is wrong.
an alternative i found to writing to the address is to change the instruction in memory of the register that holds the value you want to change, because it is usually static

I think it would be this instead (not entirely sure) :

Code:

push eax
move eax, base
add eax, 0x93090
mov eax, [eax]
add eax, 0x8C
mov eax, [eax]
add eax, 0x10
mov eax, [eax]
mov [eax], 17500
pop eax

As Fovea said

[orx]

I think it would be this instead (not entirely sure) :

Code:

push eax
move eax, base
add eax, 0x93090
mov eax, [eax]
add eax, 0x8C
mov eax, [eax]
add eax, 0x10
mov eax, [eax]
mov [eax], 17500
pop eax

As Fovea said

This causes a crash. second after starting hack thread, the program crashes

.. i am kinda sad because this isnt even showing any improvements..

[kibbles18]

you only need to dereference the pointer after you have found the static address. the way you suggested would be the c++ equivalent of

Code:

*(DWORD*) base = (DWORD)(GetModuleHandleA("w/e");
---add offsets----
*base = 17500;

try this:

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <stdio.h>

void OrXHThread (){
	Sleep(3000);
	while(1){
		if(GetAsyncKeyState(VK_F11) &1){

			MessageBoxA(0, "1" ,"1",0);

			    DWORD base = (DWORD)GetModuleHandleA("SpiderSolitaire.exe");
				if(base){
					MessageBoxA(0, "Baas kood leitud",(LPCSTR)(DWORD)base, 0);
				}

				while(1){

    DWORD base = (DWORD)GetModuleHandleA("SpiderSolitaire.exe");

	__asm{
push eax
mov eax, base
add eax, 0x93090
add eax, 0x8C
add eax, 0x10
mov [eax], 17500
pop eax
}
					
					if(GetAsyncKeyState(VK_F12) &1){
						break;
					}

		Sleep(5);
				}

		}
					if(GetAsyncKeyState(VK_F4) &1){

						MessageBoxA(0, (LPCSTR)0x37905D28, "TEST", 0);
					}
	Sleep(1);

	}

}



BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) {
    DisableThreadLibraryCalls(hDll);
    
    if ( dwReason == DLL_PROCESS_ATTACH ) {
        MessageBoxA(0,"Hack Written By OrX ","Team Estonia", 0); 
	
		CreateThread(0, 0, (LPTHREAD_START_ROUTINE)OrXHThread, 0, 0, 0);
    }
	 
    return true ;
}