How Do I Find Static Memory Addresses?

[Phizo]

I think they're called 'static memory addresses'. They're the addresses that don't change.

Anyway, I'm making a hack for a game and I located the dynamic memory addresses (I think they're called) which change everytime the application is reopened. How can I find the address that doesn't change?

I don't want to have to continously search for the memory addresses and add them in again. Because then there is no point of the program, I may as well just use CE or some other memory editor.

Thank you.

[Nico]

Use signature scanning

[Phizo]

Use signature scanning

Ahhh...?

Explain please?

[ket_]

You shure can use "CE or some other memory editor"

Or B write a code that looks for changed m.adress at some specific place every time when game is restarted.. now the next question will be can you post some basic source, no im not so advanced.. but i'm browsing this forum and i think you could do it too here are many good articles what you could use/learn from..

btw whats your game ?

[Phizo]

You shure can use "CE or some other memory editor"

Or B write a code that looks for changed m.adress at some specific place every time when game is restarted.. now the next question will be can you post some basic source, no im not so advanced.. but i'm browsing this forum and i think you could do it too here are many good articles what you could use/learn from..

btw whats your game ?

I'm making this hack for a game called "Sniper: Ghost Warrior" I can give you the full source, there is no need to hide it. It's nothing fancy.

Full source:

Code:

// My first game hack. This is for "Sniper: Ghost Warrior"

#include "stdafx.h"
#include <iostream>
#include <Windows.h>

using namespace std;

int main ()
{
	HWND hWnd = FindWindow(0, L"Sniper: Ghost Warrior"); // Finds the window titled "Sniper: Ghost Warrior".

	if (hWnd == 0) // If it can't find the window, then:
	{
		cout << "Can't find window, dopey noonga!" << endl;
	}
	else
	{
		DWORD pr0c3zz;
		GetWindowThreadProcessId(hWnd, &pr0c3zz); // Locates the process through the window.
		HANDLE trollpr0c3zz = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pr0c3zz); // Gives access to process.
		if (!trollpr0c3zz) // If it can't access the process, then:
		{
			cout << "I can nawtz open pr0c3zz :(." << endl;
		}
		else
		{
			int ammoAmount = 10; // Amount of bullets in current round.
			int  roundsAmount = 60; // Amount of rounds left.
			int ammoAddr = 0x29500340; // Ammunition memory address.
			int roundsAddr = 0x296E629C; // Rounds memory address.

				cout << "Unlimited ammo - F1" << endl;

				bool AmmoHax = false;

			while(1) // Loops so the memory keeps rewriting itself if it's changed.
				{
                if (GetAsyncKeyState(VK_F1)) // If the "F1" hotkey is pressed then it will write the new data to the memory address.
						AmmoHax = !AmmoHax;

						if (AmmoHax)
						WriteProcessMemory(trollpr0c3zz, (LPVOID)ammoAddr, &ammoAmount, sizeof(ammoAmount), NULL); // Modifies the ammunition's memory value to 10.
						WriteProcessMemory(trollpr0c3zz, (LPVOID)roundsAddr, &roundsAmount, sizeof(roundsAmount), NULL); // Modifies the rounds' memory value to 60.

			} // End of loop.
				
		}
		CloseHandle(trollpr0c3zz); // Removes access to the process when it is not needed.
		}
	system("pause");
	return 0;
}

I labeled it so people can learn from it ^.^

[KissU]

Two words for you: Cheat Engine.
Just make Cheat Engine tutorial man.
The mutiple-level pointers and you will know how to get static address.
Just simple pointers .

*Note*
int ammoAddr = 0x29500340; // Ammunition memory address.
int roundsAddr = 0x296E629C; // Rounds memory address.
I think you should use DWORD or long long int for address. int is 32767 max if Im not wrong
and 296E629C is 695100060 in DEC.
Whathever its just a note.

[Phizo]

Well, I tried the CE tutorial. That's why I posted here all confused :P.

I might have missed something in the tutorial, I'll give it another shot. Thanks.

[Phizo]

Okay, I tested on Minesweeper and I think I found the base address of the number of mines left.

Picture:




Only problem is...that green address changes everytime I reopen the program :S. I thought it was suppose to stay the same?

Last time it was "FF4DAA38". Now it's "FF7AAA38".

Any help would be appreciated, thanks.

[Jason]

Most of the time you won't get CEs nice "green" value, but that doesn't mean there isn't a way to calculate precisely where the address will be. Most of your addresses are relative to the imagebase, which isn't necessarily constant which is why CE doesn't show those addresses as "static", although it's easy to find the imagebase of a module and then just add on the offsets.

https://www.mpgh.net/forum/31-c-c-pro...ng-memory.html

This thread was an example of offsetting from the imagebase to find the real address of the values.

FYI unlimited ammo is rarely as easy as changing a single address, usually each gun will have its own ammo counter so you have to modify all of them

[Phizo]

Most of the time you won't get CEs nice "green" value, but that doesn't mean there isn't a way to calculate precisely where the address will be. Most of your addresses are relative to the imagebase, which isn't necessarily constant which is why CE doesn't show those addresses as "static", although it's easy to find the imagebase of a module and then just add on the offsets.

https://www.mpgh.net/forum/31-c-c-pro...ng-memory.html

This thread was an example of offsetting from the imagebase to find the real address of the values.

FYI unlimited ammo is rarely as easy as changing a single address, usually each gun will have its own ammo counter so you have to modify all of them

Yeah, I realized that you need different addresses for each weapon. I'm just making it for the sniper (main weapon) of the game. Just trying to learn the basics and move on from there.

Thanks for the help once again, Jason xD. I'll check out that thread, cheers!

[[MPGH]master131]

Two words for you: Cheat Engine.
Just make Cheat Engine tutorial man.
The mutiple-level pointers and you will know how to get static address.
Just simple pointers .

*Note*
int ammoAddr = 0x29500340; // Ammunition memory address.
int roundsAddr = 0x296E629C; // Rounds memory address.
I think you should use DWORD or long long int for address. int is 32767 max if Im not wrong
and 296E629C is 695100060 in DEC.
Whathever its just a note.

DWORD and int are both 4 bytes.

[Phizo]

DWORD and int are both 4 bytes.

Yeah, lol. That's what I was thinking. You can only hold the same amount of value anyway xD.

I had a look at that thread, I still don't get it :\.

[KissU]

DWORD and int are both 4 bytes.

Whathever its just a note,I said with this "IM NOT SURE",But thanks btw to"explain".

[Phizo]

Well, is there a way I can make my program search for the dynamic address and then edit it? Or would that be too much work?

[Jason]

Two words for you: Cheat Engine.
Just make Cheat Engine tutorial man.
The mutiple-level pointers and you will know how to get static address.
Just simple pointers .

*Note*
int ammoAddr = 0x29500340; // Ammunition memory address.
int roundsAddr = 0x296E629C; // Rounds memory address.
I think you should use DWORD or long long int for address. int is 32767 max if Im not wrong
and 296E629C is 695100060 in DEC.
Whathever its just a note.

So much is wrong with this dude.

In the majority of architectures today, an int is a 32-bit signed integer, with range from -2147483647 to +2147483647.

296E629C is NOT DEC, it's a hexadecimal numeric notation.

long long ints are 8 bytes and produce unnecessary wastage as you're not likely to get an address outside the range of a DWORD (unsigned 32-bit integer, with max value of 2^32)

Yeah.