[Help] Dealing with pointers from a dll

[ctpsolo]

I'm currently learning how to find and use pointers in memory hacks.
I got adress + offset to a simple hack by using CE on the game, and according to some sources I found I could use this in my dll to retrieve the adress that the pointer directs to:

DWORD Addy = *((DWORD*)0x00053B78+0x44);

I'm not sure if it's correct because it seems like everyone are saying different things. Anyway, this only gives me an error the second after I injected my dll to the game, "the instruction on xxxxxxxx refered to 0x00053B78 - error, could not read memory", something like that. So I tried using VirtualProtect on the pointer adress before retrieving the addy, which only results in the same error unfortunately.

This is a snippet from how my dll looks right now:

Code:

DWORD Protection;
DWORD Addy = *((DWORD*)0x00053B78+0x44); //This gives error when injected

while(1==1){

//This part should work fine because I used it on a emulator with statical adresses and it writes the memory without error messages.
if(GetAsyncKeyState('Z') == -32767){
VirtualProtect((LPVOID)Addy, 4, PAGE_EXECUTE_READWRITE, &Protection);
*(DWORD*)Addy = 0x12;

So, anyone could give me a helping hand? I'm sure it's a somewhat trivial error due to incorrect sources I looked at =)

[ctpsolo]

Added errorhandling for VirtualProtect on the pointer addy before I try to retrieve the adress it points to and it seems like VP fails... Hmm, this is very frustrating :/

[TehKiller]

Code:

DWORD *pBasePointer = (DWORD*)0x00053B78;
DWORD *pOffsetPointer = (DWORD*)(*pBasePointer)+0x44;
*pOffsetPointer = value;

edit: or try:

Code:

DWORD *pPointer = (DWORD*)(*(DWORD*)0x00053B78)+0x44;
*pPointer = value

[ctpsolo]

Code:

DWORD *pBasePointer = (DWORD*)0x00053B78;
DWORD *pOffsetPointer = (DWORD*)(*pBasePointer)+0x44;
*pOffsetPointer = value;

edit: or try:

Code:

DWORD *pPointer = (DWORD*)(*(DWORD*)0x00053B78)+0x44;
*pPointer = value

Okey I would like to thank you altough I still haven't got it to work. I'm no longer recieveing memory errors so I'm probably on the road again, just need to figure out what else is wrong.

[Hell_Demon]

what game/app is it for?

[Combatant]

For MapleStory, I use a snippet I learnt a while ago from Kitterz:

Code:

__inline ULONG_PTR ReadPointer(ULONG_PTR* ulBase, INT nOffset)
{
   if ( !IsBadReadPtr((VOID*)ulBase, sizeof(ULONG_PTR)) )
        if ( !IsBadReadPtr((VOID*)((*(ULONG_PTR*)ulBase)+nOffset), sizeof(ULONG_PTR)) )
            return *(ULONG_PTR*)((*(ULONG_PTR*)ulBase)+nOffset);
    return 0;
}

Code:

DWORD MonsterBase = 0x00B414E8;
DWORD MonsterOffset = 0x24;

Code:

ReadPointer((ULONG_PTR*)MonsterBase, MonsterOffset)

I still use this in bots that I make, but technically, it SHOULD work for whatever game you're working with.

[ctpsolo]

Thanks for the answers so far!
Ok, my question now is how do I go along with "multi layers" of pointers?
Let's say I have a base pointer that with offset 37 takes me to another pointer with offset 40 that takes me to another pointer... yea you get it, until it takes me to the actual hack address. How would I then express it in c++ to retrieve the adress I want to change?

I looked for dll sources and found couple of interesting but none of them seems to have dealt with a lot of pointers.

[zeco]

Thanks for the answers so far!
Ok, my question now is how do I go along with "multi layers" of pointers?
Let's say I have a base pointer that with offset 37 takes me to another pointer with offset 40 that takes me to another pointer... yea you get it, until it takes me to the actual hack address. How would I then express it in c++ to retrieve the adress I want to change?

I looked for dll sources and found couple of interesting but none of them seems to have dealt with a lot of pointers.

I'm going to assume that you have the address in a DWORD initally.

so you say offset of 37, then offset of 40, then let's say offset of 68, and that gives us the value we are looking for


DWORD Addy = 0xFF01CD;

DWORD Value = *( *( *( (DWORD***)Addy + 37 ) + 40) + 68 );

Ignore my explanation below if you wish, due to the cumbersome nature of multilevel pointers, and My failure with communication, The way I have said it below is EXTREMELY confusing. You have been forewarned.

As you can see, In the orange, we have type casted Addy to the type pointer to a pointer to a pointer to an DWORD, and we dereference Addy+37, which results in a value of type pointer to a pointer to a DWORD, and so on. Otherwise, i suppose you could have typecasted it to a pointer to Int multiple times to dereference it, but this way is better.

In the green, we have dereferenced, (the value contained within Addy +37), + 40.

In the purple we have dereferenced,( the value contained within (, the value contained within Addy+37, and 40,) ) + 68.

[why06]

Really is that how that works?

I'll be damned. o_O
I always wondered why people did those ungodly complex pointers like DWORD***, and now I guess this is why....

So is the first offset in the center or on the outside?

[zeco]

Really is that how that works?

I'll be damned. o_O
I always wondered why people did those ungodly complex pointers like DWORD***, and now I guess this is why....

So is the first offset in the center or on the outside?

First offset, is on the Inside. I can't even think of a way to visualize it. . . Maybe difference sized containers inside each other?

Either way, it's a bit easier to understand in assembly syntax come to think of it.

[ [ [Addy+37] + 40 ] + 38]

Atleast I think that's assembly syntax. This is how you refer to multilevel pointers in MHS (memory hacking software). I never actually managed to figure it out in CE, then again I haven't tried in a long time.

P.S. This isn't why! You are Why!
P.P.S Yay my post count is the same as the size of my harddrive.
P.P.P.S And Why06's post count is the year of birth of someone i know. . .
P.P.P.P.S WTH Why06. . . 2000 posts? You are crazy.

[shad0w']

In pure assembly, it would be far more ugly than that.
If you think you would have to separately parse each offset to the register.

Also (back to C++) you should use DWORD_PTR, its 0x64 compatible and uses less runtime memory.

[Combatant]

For multi-level pointers, I always use something like:

Code:

DWORD MouseBase = 0x00B43EDC;
DWORD MouseOffset = 0x978;
DWORD MouseXOffset = 0x84;
DWORD MouseYOffset = 0x88;
int RealMouse = 0;
RealMouse = *((DWORD*)MouseBase) + MouseOffset;
SetDlgItemText(hWnd, IDC_TXTMOUSEXPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseXOffset), buf, 10) );
SetDlgItemText(hWnd, IDC_TXTMOUSEYPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseYOffset), buf, 10) );

or, since the MouseYOffset is just MouseXOffset + 4, I'd use this for setting the MouseY text.

Code:

SetDlgItemText(hWnd, IDC_TXTMOUSEYPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseXOffset + 4), buf, 10) );