Using CE Pointers

[0wned1337]

Hello Guys,

I know I might not am the first to ask this but,

Is there someone who can point me ( ) how to use Pointers (these Multi-Level-Things), that I got from CE?

I'm "working" with Jorndel's Mem class (Here, so it'd be great if somebody could give me an example WITH this class.)


It would be great if somebody has mercy and help me (or at least give me some other Links related to this, because I'm to dumb to find them ^^)



Thank You

[_PuRe.LucK*]

Just add the offsets to the pointer and then write in the memory with the end pointer

[RoPMadM]

Just add the offsets to the pointer and then write in the memory with the end pointer

Thats it.

Dim BaseAddress as Integer = Process.MainModule + SaticPointerOffset
-> read Memory for next Address
Dim rAddress as Integer = BaseAddress + Offsets

Loop that for your numbers of Offsets.

[jins3xy97]

can make example for address got more than 1 offsets ?

[0wned1337]

Okay, this is my translation to vb what @Helios.v3 wrote, but it just returns me a 0:

Code:

        Dim mem As New memory_Jorndel
        Dim XP As Integer
       

        mem.Process_Handle("Flight.exe")
        XP = mem.ReadInteger(&H10845AC)
        XP = mem.ReadInteger(XP + &H25C)
        XP = mem.ReadInteger(XP + &H3BC)
        XP = mem.ReadInteger(XP + &H238)
        XP = mem.ReadInteger(XP + &H254)
        XP = mem.ReadInteger(XP + &H3E4)
        MsgBox(XP)

Here's how CE shows the Pointer:

Code:

https://i.imgur.com/vvHmOQU.png

Hope you can help me ^^

[abuckau907]

Okay, this is my translation to vb what @Helios.v3 wrote, but it just returns me a 0:

Code:

Code:

        Dim mem As New memory_Jorndel
        Dim XP As Integer
       

        mem.Process_Handle("Flight.exe")
        XP = mem.ReadInteger(&H10845AC)
        XP = mem.ReadInteger(XP + &H25C)
        XP = mem.ReadInteger(XP + &H3BC)
        XP = mem.ReadInteger(XP + &H238)
        XP = mem.ReadInteger(XP + &H254)
        XP = mem.ReadInteger(XP + &H3E4)
        MsgBox(XP)

^^Based on the image, 0x10845AC isn't the beginning of the pointer list.. it's (mainModule + that).

XP = mem.ReadInteger(&H10845AC)
should be
XP = mem.ReadInteger(_mainModuleBase + &H10845AC)

Dim mem As New memory_Jorndel
Dim XP As Integer


mem.Process_Handle("Flight.exe")
XP = mem.ReadInteger(_mainModuleBase + &H10845AC)
XP = mem.ReadInteger(XP + &H25C)
XP = mem.ReadInteger(XP + &H3BC)
XP = mem.ReadInteger(XP + &H238)
XP = mem.ReadInteger(XP + &H254)
XP = mem.ReadInteger(XP + &H3E4)
MsgBox(XP)

_mainModuleBase is the .BaseAddress() of the firrst (or 'main') module of your target process. ChatEngine simply shows the programName.exe, but it actually means the 'MainModuleBase.' (for an .exe, the .exe itsself will be the first module)
Use Intellisense and check the memory class you're using - if there author was nice there should be a readonly property named similar to 'MainModuleBase' or 'MainModuleAddress'.
Edit: I didn't see the link before. Checked it, and no code for dealing with modules.
We could use Windows APIs to re-figure out the info for your process (since you only record the .Handle() to it.), instead we'll just add a couple variables and record the info when you first get a handle to the target process.
original code from link:

Private pHandel As IntPtr
Public Function Process_Handle(ProcessName As String) As Boolean
Try
Dim ProcList As Process() = Process.GetProcessesByName(ProcessName)
If ProcList.Length = 0 Then
Return False
Else
pHandel = ProcList(0).Handle
Return True
End If
Catch ex As Exception
Console.Beep()
Console.WriteLine("Process_Handle - " + ex.Message)
Return False
End Try
End Function

add these changes:

Private pHandel As IntPtr
Private procId As Integer
Private mainModuleBase As Integer
Public Function Process_Handle(ProcessName As String) As Boolean
Try
Dim ProcList As Process() = Process.GetProcessesByName(ProcessName)
If ProcList.Length = 0 Then
Return False
Else
pHandel = ProcList(0).Handle
procId = ProcList(0).Id
mainModuleBase = ProcList(0).MainModule.BaseAddress
Return True
End If
Catch ex As Exception
Console.Beep()
Console.WriteLine("Process_Handle - " + ex.Message)
Return False
End Try
End Function

Public ReadOnly Property MainModuleBase() As Int32
Get
Return mainModuleBase
End Get
End Property

''procID is unused. But you get the point..

 

//I mis-read the post. I thought you were asking 'what are pointers?'
------------------------------------------------------------------------------
My attempt at helping...
------------------------------------------------------------------------------

You can read any 4 bytes and treat them as a number
You use numbers to refer to memory locations.

That's it.


ANY 4 bytes == a number

memory address == a number

ie. any 4 bytes can "hold a number, which can be used to refer to a memory box"

that's all pointers are....4 memory boxes storing 4 bytes which represents a number: also a memory address.

Example:

Pretend our baseaddress (..the beginning of the pointer list) is 0x11112222

If we read 4 bytes from 0x11112222, 0x11112223, 0x11112224, 0x11112225
Those 4 bytes == some number == some memory box.

Pretend those four bytes were 0x11223344

0x11112222 -> 0x11223344

0x11112222 points to 0x11223344

now we read 4 bytes from 0x11223344, 0x11223345, 0x11223346, 0x11223347

pretend those 4 bytes were 0x44448888.

0x11112222 points to 0x11223344 which points to 0x44448888.
That's 3 levels deep. Could keep going...


If the offsets are throwing you off, just remember, a number + a number = another number.

A memory address (...a number) + offset (..a number) == another number (which is, an address)


(4 is for 32 bit -- replace '4' with '8' if you're on 64bit)

In the image you posted it looks like it's doing that process, 6 times (?)


Looks like it's doing...

Code:

Dim addr1 As Integer = ReadInteger(_mainModuleBase + &H010845AC)
Dim addr2 As Integer = ReadInteger(addr1 + &H25C)
Dim addr3 As Integer = ReadInteger(addr2 + &H3bc)
Dim addr4 as Integer = ReadInteger(addr3 + &H238)
Dim addr5 As Integer = ReadInteger(addr4 + &H254)
Dim addr6 As Integer = ReadInteger(addr5 + &H3e4)

MsgBox("Final address: 0x" & addr6.ToString("X"))

''You can re-use one Integer variable as in the example above. I did it this way for clarity - hopefully.

[0wned1337]

First thank you, for your help. Now everything makes more Sense for me, but it looks like it doesn't for VS Studio

This is how the Module looks now ( I had to change your Property to GetMainModuleBase(), else there's an compiling error because theres already a declaration for it):

Code:

Imports System.Runtime.InteropServices
Imports System.Text

Public Class memory_Jorndel
#Region "Basic Stuff"

    


    <DllImport("kernel32.dll")> _
    Private Shared Function ReadProcessMemory(hProcess As IntPtr, lpBaseAddress As IntPtr, <[In](), Out()> buffer As Byte(), size As UInt32, ByRef lpNumberOfBytesWritten As IntPtr) As Int32
    End Function
    <DllImport("kernel32.dll")> _
    Private Shared Function WriteProcessMemory(hProcess As IntPtr, lpBaseAddress As IntPtr, <[In](), Out()> buffer As Byte(), size As UInt32, ByRef lpNumberOfBytesWritten As IntPtr) As Int32
    End Function
    <DllImport("user32.dll", CharSet:=CharSet.Auto, ExactSpelling:=True)> _
    Public Shared Function GetKeyState(ByVal virtualKeyCode As Keys) As Short
    End Function
    Private pHandel As IntPtr
    Private procId As Integer
    Private mainModuleBase As Integer
    Public Function Process_Handle(ProcessName As String) As Boolean
        Try
            Dim ProcList As Process() = Process.GetProcessesByName(ProcessName)
            If ProcList.Length = 0 Then
                Return False
            Else
                pHandel = ProcList(0).Handle
                procId = ProcList(0).Id
                mainModuleBase = ProcList(0).MainModule.BaseAddress
                Return True
            End If
        Catch ex As Exception
            Console.Beep()
            Console.WriteLine("Process_Handle - " + ex.Message)
            Return False
        End Try
    End Function

    Public ReadOnly Property GetMainModuleBase() As Int32
        Get
            Return MainModuleBase
        End Get
    End Property


    Private Function Read(Address As Integer, Length As Integer) As Byte()
        Dim Buffer As Byte() = New Byte(Length - 1) {}
        Dim Zero As IntPtr = IntPtr.Zero
        ReadProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
        Return Buffer
    End Function
    Private Sub Write(Address As Integer, Value As Integer)
        Dim Buffer As Byte() = BitConverter.GetBytes(Value)
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub
#End Region

    'This is the part you want to edit
#Region "Write Functions (Integer & String)"
    Public Sub WriteInteger(Address As Integer, Value As Integer)
        Write(Address, Value)
    End Sub
    Public Sub WriteString(Address As Integer, Text As String)
        Dim Buffer As Byte() = New ASCIIEncoding().GetBytes(Text)
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub
    Public Sub WriteBytes(Address As Integer, Bytes As Byte())
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Bytes, CUInt(Bytes.Length), Zero)
    End Sub
    Public Sub WriteNOP(Address As Integer)
        Dim Buffer As Byte() = New Byte() {&H90, &H90, &H90, &H90, &H90}
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub


#End Region
#Region "Read Functions (Integer & String)"
    Public Function ReadInteger(Address As Integer, Optional Length As Integer = 4) As Integer
        Return BitConverter.ToInt32(Read(Address, Length), 0)
    End Function
    Public Function ReadString(Address As Integer, Optional Length As Integer = 4) As String
        Return New ASCIIEncoding().GetString(Read(Address, Length))
    End Function
    Public Function ReadBytes(Address As Integer, Length As Integer) As Byte()
        Return Read(Address, Length)
    End Function
#End Region
#Region "Extra"
    Public Function HotKey(Key As Keys) As Boolean
        Return Convert.ToBoolean(GetKeyState(Key))
    End Function
    Private Check_res As Boolean = True
    Public Function Check_Value(Value As String) As Integer
        For Each a As Char In Value
            If Char.IsNumber(a, 0) Then
                Check_res = True
            Else
                Check_res = False
                Return 0
                Exit For
            End If
        Next
        Return Convert.ToInt32(Value)
    End Function
#End Region
End Class

If I C&P your Code,

Code:

mem.Process_Handle("Flight.exe")
        Dim addr1 As Integer = mem.ReadInteger(mem.GetMainModuleBase + &H10845AC)
        Dim addr2 As Integer = mem.ReadInteger(addr1 + &H25C)
        Dim addr3 As Integer = mem.ReadInteger(addr2 + &H3BC)
        Dim addr4 As Integer = mem.ReadInteger(addr3 + &H238)
        Dim addr5 As Integer = mem.ReadInteger(addr4 + &H254)
        Dim addr6 As Integer = mem.ReadInteger(addr5 + &H3E4)

        MsgBox("Final address: 0x" & addr6.ToString("X"))

there's the same success as with my code:





Also, there isn't any beep to show that there's an error while the memclass is doing it's job.

Flight.exe is an 32-bit Executable, so there are no 64-bit problems.


So where's the problem? oO

[abuckau907]

1. How was MainModuleBase() already declared?! I downloaded the code from the link you provided (on the fist page, the first post. I'm not checking all the pages for updates....what is the FULL code you're using?). I didn't see MainModuleBase() when I downloaded the code. ? Either way..should work as you posted, but I'm confused why you got that error. edit: Identifiers are case insensitive, silly me.

2. Your pointer list is wrong? Did you find it yourself, or did you just find this image somewhere? The code looks correct - your pointer list must be invalid?
Have CheatEngine (or similar) open and set a breakpoint on the 6 lines that read the pointer list. When it reads (MainModuleBase + offset1), use CE and verify it got the correct results. Do that for each of the 6 .ReadInteger() calls and verify with CE the data you read. Idk man, sorry. This *is* one way to follow a series of pointers...code looks like it should work.

edit:
Please set breakpoints on the 6 reads and post the value returned for each.

ie.
[mainmodulebase + offset1] -> 0xSomeaddress
[Someaddress + offset2] -> 0xAnotheraddress
[Anotheraddress + offset3] -> 0xYetanother
Please post values you get for all 6 addr.

[0wned1337]

1. With your changes we declare mainModuleBase As Integer

Code:

Private mainModuleBase As Integer

2. Okay, now I feel trolled, the Pointer in CE isn't valid anymore, it worked all the time oO.

I'm trying to find a new Pointer now and then I'll update this Post.

[abuckau907]

1. haha I forgot it's case-insensitive. I normally prefix private members with an _ (ie. _mainModuleBase) - and some people prefix them with 'm' (stands for 'member' - ie. mMainModuleBase). Re-learn something every day : )

2. cooleo. Looking forward to updates.

[0wned1337]

Okay, this is my new Pointer, that works for the moment.




Sadly, I can't set breakpoints without crashing the game


This is the current source code:




And these are the Results from these MsgBoxes:

MsgBox1:


MsgBox2:





Am I correct that theres something wrong with reading the BaseAddress
(In case you want to look at the memory class again)

Code:

Imports System.Runtime.InteropServices
Imports System.Text

Public Class memory_Jorndel
#Region "Basic Stuff"

    


    <DllImport("kernel32.dll")> _
    Private Shared Function ReadProcessMemory(hProcess As IntPtr, lpBaseAddress As IntPtr, <[In](), Out()> buffer As Byte(), size As UInt32, ByRef lpNumberOfBytesWritten As IntPtr) As Int32
    End Function
    <DllImport("kernel32.dll")> _
    Private Shared Function WriteProcessMemory(hProcess As IntPtr, lpBaseAddress As IntPtr, <[In](), Out()> buffer As Byte(), size As UInt32, ByRef lpNumberOfBytesWritten As IntPtr) As Int32
    End Function
    <DllImport("user32.dll", CharSet:=CharSet.Auto, ExactSpelling:=True)> _
    Public Shared Function GetKeyState(ByVal virtualKeyCode As Keys) As Short
    End Function
    Private pHandel As IntPtr
    Private procId As Integer
    Private mainModuleBase As Integer
    Public Function Process_Handle(ProcessName As String) As Boolean
        Try
            Dim ProcList As Process() = Process.GetProcessesByName(ProcessName)
            If ProcList.Length = 0 Then
                Return False
            Else
                pHandel = ProcList(0).Handle
                procId = ProcList(0).Id
                mainModuleBase = ProcList(0).MainModule.BaseAddress
                Return True
            End If
        Catch ex As Exception
            Console.Beep()
            Console.WriteLine("Process_Handle - " + ex.Message)
            Return False
        End Try
    End Function

    Public ReadOnly Property GetMainModuleBase() As Int32
        Get
            Return MainModuleBase
        End Get
    End Property


    Private Function Read(Address As Integer, Length As Integer) As Byte()
        Dim Buffer As Byte() = New Byte(Length - 1) {}
        Dim Zero As IntPtr = IntPtr.Zero
        ReadProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
        Return Buffer
    End Function
    Private Sub Write(Address As Integer, Value As Integer)
        Dim Buffer As Byte() = BitConverter.GetBytes(Value)
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub
#End Region

    'This is the part you want to edit
#Region "Write Functions (Integer & String)"
    Public Sub WriteInteger(Address As Integer, Value As Integer)
        Write(Address, Value)
    End Sub
    Public Sub WriteString(Address As Integer, Text As String)
        Dim Buffer As Byte() = New ASCIIEncoding().GetBytes(Text)
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub
    Public Sub WriteBytes(Address As Integer, Bytes As Byte())
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Bytes, CUInt(Bytes.Length), Zero)
    End Sub
    Public Sub WriteNOP(Address As Integer)
        Dim Buffer As Byte() = New Byte() {&H90, &H90, &H90, &H90, &H90}
        Dim Zero As IntPtr = IntPtr.Zero
        WriteProcessMemory(pHandel, New IntPtr(Address), Buffer, UInt32.Parse(Buffer.Length), Zero)
    End Sub


#End Region
#Region "Read Functions (Integer & String)"
    Public Function ReadInteger(Address As Integer, Optional Length As Integer = 4) As Integer
        Return BitConverter.ToInt32(Read(Address, Length), 0)
    End Function
    Public Function ReadString(Address As Integer, Optional Length As Integer = 4) As String
        Return New ASCIIEncoding().GetString(Read(Address, Length))
    End Function
    Public Function ReadBytes(Address As Integer, Length As Integer) As Byte()
        Return Read(Address, Length)
    End Function
#End Region
#Region "Extra"
    Public Function HotKey(Key As Keys) As Boolean
        Return Convert.ToBoolean(GetKeyState(Key))
    End Function
    Private Check_res As Boolean = True
    Public Function Check_Value(Value As String) As Integer
        For Each a As Char In Value
            If Char.IsNumber(a, 0) Then
                Check_res = True
            Else
                Check_res = False
                Return 0
                Exit For
            End If
        Next
        Return Convert.ToInt32(Value)
    End Function
#End Region
End Class

[RoPMadM]

Try this @0wned1337 :
Multilevel-Pointer und Offsets in VB.Net | Keller-Elite Lernblog

[0wned1337]

Okay, thanks for the Link, but I still have one problem with it:

When I try to get the BaseAddress, I get a System.IndexOutOfRangeException with the code from the site

but also with my own Code:

[abuckau907]

Dim p As Process() = Process.GetProcessByName(MW3)

p(0) DOES NOT EXIST if 'MW3' not found. p(0) might as well be p(50)..same exception.

Check actual process name vs. what you passed in for the value 'MW3'. Remove ".exe" from it?

edit: Your second image looks incorrect... you're simply adding all the offsets to the baseaddress - you never dereference except at the very last step. You might as well simply add 1 very large offset. +5 is the same as +1 five times.. if you're following a pointer list, the code before looked correct:

Code:

        XP = mem.ReadInteger(mem.GetMainModuleBase + H10845AC)
        XP = mem.ReadInteger(XP + &H25C)
        XP = mem.ReadInteger(XP + &H3BC)
        XP = mem.ReadInteger(XP + &H238)
        XP = mem.ReadInteger(XP + &H254)
        XP = mem.ReadInteger(XP + &H3E4)

[0wned1337]

OMFG it's working

The Problem gets solved by removing the .exe

I dont't know what happened to me while forgetting to read the values. But for now, it's working.
But now my new Pointer doesn't work anymore, so I'm using the old one again (now I have enough time to figure out the right pointer )

So this is the final source code

master131 module:

Code:

 
Dim XP As IntPtr
        XP = CInt(Process.GetProcessesByName("Flight")(0).MainModule.BaseAddress)
        XP = ReadMemory(Of Integer)(XP + &H10845AC)
        XP = ReadMemory(Of Integer)(XP + &H25C)
        XP = ReadMemory(Of Integer)(XP + &H3BC)
        XP = ReadMemory(Of Integer)(XP + &H238)
        XP = ReadMemory(Of Integer)(XP + &H254)
        XP = ReadMemory(Of Integer)(XP + &H3E4)
        MsgBox(XP.ToString)

Jorndel's class:

Code:

 Dim XP As IntPtr
        Dim mem As New memory_Jorndel
        mem.Process_Handle("Flight")
        XP = CInt(Process.GetProcessesByName("Flight")(0).MainModule.BaseAddress)
        XP = mem.ReadInteger(XP + &H10845AC)
        XP = mem.ReadInteger(XP + &H25C)
        XP = mem.ReadInteger(XP + &H3BC)
        XP = mem.ReadInteger(XP + &H238)
        XP = mem.ReadInteger(XP + &H254)
        XP = mem.ReadInteger(XP + &H3E4)
        MsgBox(XP.ToString)

(Just for someone with the same Problem)


So Thank you @Helios.v3 and @abuckau907 for your Help!