why06 (01-16-2010)
I'm currently learning how to find and use pointers in memory hacks.
I got adress + offset to a simple hack by using CE on the game, and according to some sources I found I could use this in my dll to retrieve the adress that the pointer directs to:
DWORD Addy = *((DWORD*)0x00053B78+0x44);
I'm not sure if it's correct because it seems like everyone are saying different things. Anyway, this only gives me an error the second after I injected my dll to the game, "the instruction on xxxxxxxx refered to 0x00053B78 - error, could not read memory", something like that. So I tried using VirtualProtect on the pointer adress before retrieving the addy, which only results in the same error unfortunately.
This is a snippet from how my dll looks right now:
So, anyone could give me a helping hand? I'm sure it's a somewhat trivial error due to incorrect sources I looked at =)Code:DWORD Protection; DWORD Addy = *((DWORD*)0x00053B78+0x44); //This gives error when injected while(1==1){ //This part should work fine because I used it on a emulator with statical adresses and it writes the memory without error messages. if(GetAsyncKeyState('Z') == -32767){ VirtualProtect((LPVOID)Addy, 4, PAGE_EXECUTE_READWRITE, &Protection); *(DWORD*)Addy = 0x12;
why06 (01-16-2010)
Added errorhandling for VirtualProtect on the pointer addy before I try to retrieve the adress it points to and it seems like VP fails... Hmm, this is very frustrating :/
edit: or try:Code:DWORD *pBasePointer = (DWORD*)0x00053B78; DWORD *pOffsetPointer = (DWORD*)(*pBasePointer)+0x44; *pOffsetPointer = value;
Code:DWORD *pPointer = (DWORD*)(*(DWORD*)0x00053B78)+0x44; *pPointer = value
ctpsolo (01-16-2010)
what game/app is it for?
Ah we-a blaze the fyah, make it bun dem!
For MapleStory, I use a snippet I learnt a while ago from Kitterz:
Code:__inline ULONG_PTR ReadPointer(ULONG_PTR* ulBase, INT nOffset) { if ( !IsBadReadPtr((VOID*)ulBase, sizeof(ULONG_PTR)) ) if ( !IsBadReadPtr((VOID*)((*(ULONG_PTR*)ulBase)+nOffset), sizeof(ULONG_PTR)) ) return *(ULONG_PTR*)((*(ULONG_PTR*)ulBase)+nOffset); return 0; }Code:DWORD MonsterBase = 0x00B414E8; DWORD MonsterOffset = 0x24;I still use this in bots that I make, but technically, it SHOULD work for whatever game you're working with.Code:ReadPointer((ULONG_PTR*)MonsterBase, MonsterOffset)
Thanks for the answers so far!
Ok, my question now is how do I go along with "multi layers" of pointers?
Let's say I have a base pointer that with offset 37 takes me to another pointer with offset 40 that takes me to another pointer... yea you get it, until it takes me to the actual hack address. How would I then express it in c++ to retrieve the adress I want to change?
I looked for dll sources and found couple of interesting but none of them seems to have dealt with a lot of pointers.
I'm going to assume that you have the address in a DWORD initally.
so you say offset of 37, then offset of 40, then let's say offset of 68, and that gives us the value we are looking for
DWORD Addy = 0xFF01CD;
DWORD Value = *( *( *( (DWORD***)Addy + 37 ) + 40) + 68 );
Ignore my explanation below if you wish, due to the cumbersome nature of multilevel pointers, and My failure with communication, The way I have said it below is EXTREMELY confusing. You have been forewarned.
As you can see, In the orange, we have type casted Addy to the type pointer to a pointer to a pointer to an DWORD, and we dereference Addy+37, which results in a value of type pointer to a pointer to a DWORD, and so on. Otherwise, i suppose you could have typecasted it to a pointer to Int multiple times to dereference it, but this way is better.
In the green, we have dereferenced, (the value contained within Addy +37), + 40.
In the purple we have dereferenced,( the value contained within (, the value contained within Addy+37, and 40,) ) + 68.
Last edited by zeco; 01-24-2010 at 07:54 PM.
Really is that how that works?
I'll be damned. o_O
I always wondered why people did those ungodly complex pointers like DWORD***, and now I guess this is why....
So is the first offset in the center or on the outside?
"Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter plane with a half million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. This is, I repeat, the best way of life to be found on the road the world has been taking. This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron."- Dwight D. Eisenhower
First offset, is on the Inside. I can't even think of a way to visualize it. . . Maybe difference sized containers inside each other?
Either way, it's a bit easier to understand in assembly syntax come to think of it.
[ [ [Addy+37] + 40 ] + 38]
Atleast I think that's assembly syntax. This is how you refer to multilevel pointers in MHS (memory hacking software). I never actually managed to figure it out in CE, then again I haven't tried in a long time.
P.S. This isn't why! You are Why!
P.P.S Yay my post count is the same as the size of my harddrive.
P.P.P.S And Why06's post count is the year of birth of someone i know. . .
P.P.P.P.S WTH Why06. . . 2000 posts? You are crazy.
Last edited by zeco; 01-24-2010 at 09:00 PM.
why06 (01-25-2010)
In pure assembly, it would be far more ugly than that.
If you think you would have to separately parse each offset to the register.
Also (back to C++) you should use DWORD_PTR, its 0x64 compatible and uses less runtime memory.
[IMG]https://i234.photobucke*****m/albums/ee320/silent712/Shad0w1-1.png[/IMG]
For multi-level pointers, I always use something like:
or, since the MouseYOffset is just MouseXOffset + 4, I'd use this for setting the MouseY text.Code:DWORD MouseBase = 0x00B43EDC; DWORD MouseOffset = 0x978; DWORD MouseXOffset = 0x84; DWORD MouseYOffset = 0x88; int RealMouse = 0; RealMouse = *((DWORD*)MouseBase) + MouseOffset; SetDlgItemText(hWnd, IDC_TXTMOUSEXPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseXOffset), buf, 10) ); SetDlgItemText(hWnd, IDC_TXTMOUSEYPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseYOffset), buf, 10) );
Code:SetDlgItemText(hWnd, IDC_TXTMOUSEYPOINTER, _itoa(ReadPointer((ULONG_PTR*)RealMouse, MouseXOffset + 4), buf, 10) );