Results 1 to 14 of 14
  1. #1
    JustWorkHereLUL's Avatar
    Join Date
    Nov 2017
    Gender
    male
    Posts
    169
    Reputation
    10
    Thanks
    2
    My Mood
    Angry

    Question long addresses to read

    I've been trying to learn game hacking and I managed to make a hack for AssaultCube which had int addresses and the static addresses were easy to find. Now I've taken one of the offline games to try to make a simple hack for it (money and level). But when I was trying to find the static address I noticed they are longer than the ones in AssaultCube. I tried to use my modified function for reading where the address points, but as the result I always get 0.

    Here is my function:
    Code:
            private long ReadLong(long Address)
            {
                byte[] buffer = new byte[sizeof(long)];
                int bytesToRead = 0;
    
                ReadProcessMemory(ProcessHandle(), Address, buffer, buffer.Length, ref bytesToRead);
    
                MessageBox.Show(buffer[0].ToString());
    
                unsafe
                {
                    fixed (byte* p = &buffer[0])
                    {
                        return *(long*)p;
                    }
                }
            }
    and here are the addresses I found:



    Also I'm wondering what is this static address? How do I check where that points to?

    Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x.

  2. #2
    Zaczero's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    localhost
    Posts
    3,287
    Reputation
    1517
    Thanks
    12,766
    My Mood
    Sleepy
    1. Don't use THREADSTACK as your base (it's dynamic - aka. created by cheat engine), find module which is contained in the game (.dll or .exe)

    2. In cheat engine to read longs you have to change type from 4 bytes to 8 bytes (4 bytes is int)

    --

    "Also I'm wondering what is this static address? How do I check where that points to?"
    If use THREADSTACK as your base there is no static address, you gotta make a new pointer with static base (.dll or .exe)

    "Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x."
    Maybe game is 64 bit? If target process is 64 bit your process has to be 64 bit as well


    Last edited by Zaczero; 4 Weeks Ago at 06:42 AM.
    . . . malsignature.com . . .



    [ global rules ] [ scam report ] [ image title ] [ name change ] [ anime force ]
    [ league of legends marketplace rules ] [ battlefield marketplace rules ]

    "because everytime you post a picture of anime in here
    your virginity's time increases by 1 month"
    ~Smoke 2/18/2018


    Former Staff 09-29-2018
    Battlefield Minion 07-21-2018
    Premium Seller 03-04-2018
    Publicist 12-10-2017
    League of Legends Minion 05-31-2017
    Premium 02-05-2017
    Member 10-13-2013

  3. #3
    defaulto's Avatar
    Join Date
    Aug 2017
    Gender
    male
    Posts
    181
    Reputation
    104
    Thanks
    34
    My Mood
    Angelic
    Quote Originally Posted by JustWorkHereLUL View Post
    I've been trying to learn game hacking and I managed to make a hack for AssaultCube which had int addresses and the static addresses were easy to find. Now I've taken one of the offline games to try to make a simple hack for it (money and level). But when I was trying to find the static address I noticed they are longer than the ones in AssaultCube. I tried to use my modified function for reading where the address points, but as the result I always get 0.

    Here is my function:
    Code:
            private long ReadLong(long Address)
            {
                byte[] buffer = new byte[sizeof(long)];
                int bytesToRead = 0;
    
                ReadProcessMemory(ProcessHandle(), Address, buffer, buffer.Length, ref bytesToRead);
    
                MessageBox.Show(buffer[0].ToString());
    
                unsafe
                {
                    fixed (byte* p = &buffer[0])
                    {
                        return *(long*)p;
                    }
                }
            }
    and here are the addresses I found:



    Also I'm wondering what is this static address? How do I check where that points to?

    Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x.
    I don't know why you use a function to read values of the type long.
    Maybe because the address is looking longer than the static ones in assault cube? ^^
    Well, sorry. Long is a signed 64-Bit (8 Byte) Value with a range from -9.223.372.036.854.775.808 to 9.223.372.036.854.775.807.
    What makes it look so long are offsets. More about them at "Where does the pointer points to [...]". In general, those are based on the game structure.

    I don't recommend to use THREADSTACK's at all. Try to get a module of the game and not the 'threadstack.exe'.

    If you are getting only THREADSTACK's, try to do these steps:
    in memoryview go to view->enumerate modules and symbols and see if it's being populated. If not, disable all options in settings-extta and reopen the process. If you can't it's because it's protected, and the modulelist isn't bypassed by the kernel (yet) also, try a higher level and structsize
    - Dark Byte, Site Admin of the Cheat Engine Forum



    Where does the pointer points to you are asking?
    It is pointing to the address 0x23840D277B8 in the Screenshot. The last address on the top. It is changing tough after each game start.
    So what you need to do is getting the base address of the threadstack.exe related to the process id of the game you want to cheat in.
    Then you add those offsets like this (shown in Cheat Engine too):

    Code:
    // Baseaddress of the THREADSTACK0
    
    ( ( ( ( ( ( BT - 0xBA0 ) + 0xD8 ) + 0x18 ) + 0x20 ) + 0x48 ) + 0xB8 )



    Since you chose THREADSTACK it's a bit more complicated but not impossible.
    To find the final address of it do it like this:

    Code:
    // You might need to adjust this code a bit - I found this snippet and think that it fits into here since it is clean
    // If I would code you a solution it would look even worse
    
    // I edited it a bit so you technically just have to put your game title
    // If you get errors, hover over them > using directives are missing
    
    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
    
    //////////////////////////////////////////////////////////////////
    // Structure
    //////////////////////////////////////////////////////////////////
    private IntPtr Thread0Address;
    private IntPtr GameAddress;
    private static int[] GAME_OFFSETS = { 0xD8, 0x18, 0x20, 0x48, B8 };
    private static int GAME_FIRST = 0xBA0;
    //////////////////////////////////////////////////////////////////
    
    private async void hookAll()
    {
        SVProcess = Process.GetProcessesByName("REPLACE_THIS_WITH_YOUR_GAME_TITLE")[0];
        SVHandle = OpenProcess(ProcessAccessFlags.All, true, SVProcess.Id);
        SVBaseAddress = SVProcess.MainModule.BaseAddress;
        Thread0Address = (IntPtr) await getThread0Address();
        getGameAddress();
    }
    
    private Task<int> getThread0Address()
    {
        var proc = new Process
        {
            StartInfo = new ProcessStartInfo
            {
                FileName = "threadstack.exe",
                Arguments = SVProcess.Id + "",
                UseShellExecute = false,
                RedirectStandardOutput = true,
                CreateNoWindow = true
            }
        };
    
        proc.Start();
    
        while (!proc.StandardOutput.EndOfStream)
        {
            string line = proc.StandardOutput.ReadLine();
            if (line.Contains("THREADSTACK 0 BASE ADDRESS: "))
            {
                line = line.Substring(line.LastIndexOf(":") + 2);
                return Task.FromResult(int.Parse(line.Substring(2), System.Globalization.NumberStyles.HexNumber));
            }
        }
        return Task.FromResult(0);
    }
    
    private void getGameAddress()
    {
        IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
        foreach (int offset in GAME_OFFSETS)
            curAdd = (IntPtr) ReadInt32(curAdd + offset);
        GameAddress = (IntPtr) curAdd;
    }
    
    private int ReadInt32(IntPtr addr)
    {
        byte[] results = new byte[4];
        int read = 0;
        ReadProcessMemory(SVHandle, addr, results, results.Length, out read);
        return BitConverter.ToInt32(results, 0);
    }
    - Original Code is made by someone called BT



    Hope I could help you a bit. If you got questions about this solution you can ask them me.
    Maybe someone else got an easier method for this. So don't mark this as solved.

    Quote Originally Posted by Zaczero View Post
    1. Don't use THREADSTACK as your base (it's dynamic - aka. created by cheat engine), find module which is contained in the game (.dll or .exe)

    2. In cheat engine to read longs you have to change type from 4 bytes to 8 bytes (4 bytes is int)

    --

    "Also I'm wondering what is this static address? How do I check where that points to?"
    If use THREADSTACK as your base there is no static address, you gotta make a new pointer with static base (.dll or .exe)

    "Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x."
    Maybe game is 64 bit? If target process is 64 bit your process has to be 64 bit as well


    Damn, you were faster than me. Worked like a half hour on this post.
    (Would wonder myself when someone tells me that I have to think about it before posting)

    Quote Originally Posted by MikeRohsoft View Post
    Where u all learned the types pls? Because u better search the Source and burn it.
    Long int = int
    Code:
    Size of long int types is 4 bytes
    Signed long min: -2147483648 max: 2147483647
    Unsigned long min: 0 max: 4294967295


    - - - Updated - - -

    Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type Pointer or UInt64)
    Ah sorry. You're right. My bad. Will add both then and mark them with C# & in general.
    Last edited by defaulto; 4 Weeks Ago at 07:10 AM. Reason: had to fix some spelling. let me know if you find some issues

    b1g_m3m3.mp4 - Apex Legends EAC:
    (Somehow the idea I wanted is only working in a Code-Block)
    Code:


     




  4. #4
    MikeRohsoft's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Los Santos
    Posts
    781
    Reputation
    508
    Thanks
    23,564
    My Mood
    Paranoid
    Where u all learned the types pls? Because u better search the Source and burn it.
    Long int = int
    Code:
    Size of long int types is 4 bytes
    Signed long min: -2147483648 max: 2147483647
    Unsigned long min: 0 max: 4294967295


    - - - Updated - - -

    Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type IntPtr or UInt64)


    - - - Updated - - -

    I didn't got it out of the context now, but, if it's 64 Bit, it will not work:
    Code:
    private void getGameAddress()
    {
        IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
        foreach (int offset in GAME_OFFSETS)
            curAdd = (IntPtr) ReadInt32(curAdd + offset);
        GameAddress = (IntPtr) curAdd;
    }
    Last edited by MikeRohsoft; 4 Weeks Ago at 07:13 AM.

  5. #5
    defaulto's Avatar
    Join Date
    Aug 2017
    Gender
    male
    Posts
    181
    Reputation
    104
    Thanks
    34
    My Mood
    Angelic
    Quote Originally Posted by MikeRohsoft View Post
    Where u all learned the types pls? Because u better search the Source and burn it.
    Long int = int
    Code:
    Size of long int types is 4 bytes
    Signed long min: -2147483648 max: 2147483647
    Unsigned long min: 0 max: 4294967295


    - - - Updated - - -

    Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type IntPtr or UInt64)


    - - - Updated - - -

    I didn't got it out of the context now, but, if it's 64 Bit, it will not work:
    Code:
    private void getGameAddress()
    {
        IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
        foreach (int offset in GAME_OFFSETS)
            curAdd = (IntPtr) ReadInt32(curAdd + offset);
        GameAddress = (IntPtr) curAdd;
    }
    Would it work with your memory class?
    https://www.mpgh.net/forum/showthread.php?t=1404542

    Nevermind, yea.
    Last edited by defaulto; 4 Weeks Ago at 07:38 AM.

    b1g_m3m3.mp4 - Apex Legends EAC:
    (Somehow the idea I wanted is only working in a Code-Block)
    Code:


     




  6. #6
    MikeRohsoft's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Los Santos
    Posts
    781
    Reputation
    508
    Thanks
    23,564
    My Mood
    Paranoid
    Quote Originally Posted by defaulto View Post
    Would it work with your memory class?
    https://www.mpgh.net/forum/showthread.php?t=1404542

    Nevermind, yea.
    Yes it would, but currently there is no Multi Offset Support, you have to Read every Level by yourself atm ^^

  7. #7
    JustWorkHereLUL's Avatar
    Join Date
    Nov 2017
    Gender
    male
    Posts
    169
    Reputation
    10
    Thanks
    2
    My Mood
    Angry
    First of all, thank you for your long awnser!

    Quote Originally Posted by defaulto View Post
    I don't know why you use a function to read values of the type long.
    Maybe because the address is looking longer than the static ones in assault cube? ^^
    I actually hovered on the address and it said long so thats why I guess :P

    Quote Originally Posted by defaulto View Post
    So what you need to do is getting the base address of the threadstack.exe related to the process id of the game you want to cheat in.
    Wdym by this? I can get modules and see if there are anything that looks right but idk what do I do with the address after that. I only got threadstack when I pointerscanned 1 freakin' time and got 48 hits and clicked all, only threadstocks remained the same after I restarted the game.

    Quote Originally Posted by defaulto View Post

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);

    //////////////////////////////////////////////////////////////////
    // Structure
    //////////////////////////////////////////////////////////////////
    private IntPtr Thread0Address;
    private IntPtr GameAddress;
    private static int[] GAME_OFFSETS = { 0xD8, 0x18, 0x20, 0x48, B8 };
    private static int GAME_FIRST = 0xBA0;
    //////////////////////////////////////////////////////////////////

    private async void hookAll()
    {
    SVProcess = Process.GetProcessesByName("REPLACE_THIS_WITH_YOUR _GAME_TITLE")[0];
    SVHandle = OpenProcess(ProcessAccessFlags.All, true, SVProcess.Id);
    SVBaseAddress = SVProcess.MainModule.BaseAddress;
    Thread0Address = (IntPtr) await getThread0Address();
    getGameAddress();
    }

    private Task<int> getThread0Address()
    {
    var proc = new Process
    {
    StartInfo = new ProcessStartInfo
    {
    FileName = "threadstack.exe",
    Arguments = SVProcess.Id + "",
    UseShellExecute = false,
    RedirectStandardOutput = true,
    CreateNoWindow = true
    }
    };

    proc.Start();

    while (!proc.StandardOutput.EndOfStream)
    {
    string line = proc.StandardOutput.ReadLine();
    if (line.Contains("THREADSTACK 0 BASE ADDRESS: "))
    {
    line = line.Substring(line.LastIndexOf(":") + 2);
    return Task.FromResult(int.Parse(line.Substring(2), System.Globalization.NumberStyles.HexNumber));
    }
    }
    return Task.FromResult(0);
    }

    private void getGameAddress()
    {
    IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
    foreach (int offset in GAME_OFFSETS)
    curAdd = (IntPtr) ReadInt32(curAdd + offset);
    GameAddress = (IntPtr) curAdd;
    }

    private int ReadInt32(IntPtr addr)
    {
    byte[] results = new byte[4];
    int read = 0;
    ReadProcessMemory(SVHandle, addr, results, results.Length, out read);
    return BitConverter.ToInt32(results, 0);
    }
    [/CODE]
    - Original Code is made by someone called BT[/INDENT]

    Didn't get much from this so I guess I'll try to find another address?? Or then just try to learn whats going on here peace by peace :P

  8. #8
    defaulto's Avatar
    Join Date
    Aug 2017
    Gender
    male
    Posts
    181
    Reputation
    104
    Thanks
    34
    My Mood
    Angelic
    Quote Originally Posted by JustWorkHereLUL View Post
    Didn't get much from this so I guess I'll try to find another address?? Or then just try to learn whats going on here peace by peace :P
    That's why you shouldn't use thread stack for your pointers. It's kinda complicated for 'beginners'.
    I believe that you will get used to pointers pretty fast. Something else you could try is to look up 'Signature Scanning'.
    Or try to cheat in another game. I still wonder, which game is it at this point? I could maybe help you out.

    b1g_m3m3.mp4 - Apex Legends EAC:
    (Somehow the idea I wanted is only working in a Code-Block)
    Code:


     




  9. #9
    JustWorkHereLUL's Avatar
    Join Date
    Nov 2017
    Gender
    male
    Posts
    169
    Reputation
    10
    Thanks
    2
    My Mood
    Angry
    Quote Originally Posted by defaulto View Post
    That's why you shouldn't use thread stack for your pointers. It's kinda complicated for 'beginners'.
    I believe that you will get used to pointers pretty fast. Something else you could try is to look up 'Signature Scanning'.
    Or try to cheat in another game. I still wonder, which game is it at this point? I could maybe help you out.
    It's pc building simulator lol, I'm trying to code a bhop for csgo rn and im frustrated af rn, If you could help me with this? I have a function to get baseaddress of client_panorama.dll and to that I add 0xCF2A3C, I can print health on console and am I on air or on ground, but for some reason I don't always get the Player Base, instead it will be 0. I think it's something to do with my Read() function...

    Code:
            static int Read(int Address)
            {
                byte[] buffer = new byte[sizeof(int)];
                int bytesToRead = 0;
    
                ReadProcessMemory(GetHandle(), Address, buffer, buffer.Length, ref bytesToRead);
    
                //Console.WriteLine(buffer[0]);
    
                unsafe
                {
                    fixed(byte *p = &buffer[0])
                    {
                        //Console.WriteLine(*(int*)p);
                        return *(int*)p;
                    }
                }
            }

  10. #10
    defaulto's Avatar
    Join Date
    Aug 2017
    Gender
    male
    Posts
    181
    Reputation
    104
    Thanks
    34
    My Mood
    Angelic
    Quote Originally Posted by JustWorkHereLUL View Post
    It's pc building simulator lol, I'm trying to code a bhop for csgo rn and im frustrated af rn, If you could help me with this? I have a function to get baseaddress of client_panorama.dll and to that I add 0xCF2A3C, I can print health on console and am I on air or on ground, but for some reason I don't always get the Player Base, instead it will be 0. I think it's something to do with my Read() function...

    Code:
            static int Read(int Address)
            {
                byte[] buffer = new byte[sizeof(int)];
                int bytesToRead = 0;
    
                ReadProcessMemory(GetHandle(), Address, buffer, buffer.Length, ref bytesToRead);
    
                //Console.WriteLine(buffer[0]);
    
                unsafe
                {
                    fixed(byte *p = &buffer[0])
                    {
                        //Console.WriteLine(*(int*)p);
                        return *(int*)p;
                    }
                }
            }
    Try to DM OfficerX with this problem. I am sure he is willing to help you as long you got the knowledge he thinks is necessary for you to understand his way.
    It's nearly too simple how he makes it (which shows that his experience is quite big). I think you could learn a bit from him.

    Maybe MikeRohsoft can help you most likely too. But since OfficerX made Skush I think he is the better option when it comes to CS:GO.

    I once tried to go C# with CS:GO because Azuki inspired me a bit. I failed making external cheats for it due the same problem you have. (no wonder, my Intralism Bot got made in C# and is far away from being perfect, in case it gets an silly value it just restarts)
    It isn't the lack of information I have about CS:GO but C#. I am not used to it yet (memory reading related) and still use libraries from others to read the memory (which is sad tbh) ^^

    b1g_m3m3.mp4 - Apex Legends EAC:
    (Somehow the idea I wanted is only working in a Code-Block)
    Code:


     




  11. #11

  12. #12

  13. #13
    MikeRohsoft's Avatar
    Join Date
    May 2013
    Gender
    male
    Location
    Los Santos
    Posts
    781
    Reputation
    508
    Thanks
    23,564
    My Mood
    Paranoid
    i don't understand why you just don't try it with my class? should be more intuitive for you

  14. #14
    Zaczero's Avatar
    Join Date
    Oct 2013
    Gender
    male
    Location
    localhost
    Posts
    3,287
    Reputation
    1517
    Thanks
    12,766
    My Mood
    Sleepy
    Quote Originally Posted by defaulto View Post
    Try to DM OfficerX with this problem. I am sure he is willing to help you as long you got the knowledge he thinks is necessary for you to understand his way.
    It's nearly too simple how he makes it (which shows that his experience is quite big). I think you could learn a bit from him.

    Maybe MikeRohsoft can help you most likely too. But since OfficerX made Skush I think he is the better option when it comes to CS:GO.

    I once tried to go C# with CS:GO because Azuki inspired me a bit. I failed making external cheats for it due the same problem you have. (no wonder, my Intralism Bot got made in C# and is far away from being perfect, in case it gets an silly value it just restarts)
    It isn't the lack of information I have about CS:GO but C#. I am not used to it yet (memory reading related) and still use libraries from others to read the memory (which is sad tbh) ^^
    "Try to DM @OfficerX "
    what a joke

    . . . malsignature.com . . .



    [ global rules ] [ scam report ] [ image title ] [ name change ] [ anime force ]
    [ league of legends marketplace rules ] [ battlefield marketplace rules ]

    "because everytime you post a picture of anime in here
    your virginity's time increases by 1 month"
    ~Smoke 2/18/2018


    Former Staff 09-29-2018
    Battlefield Minion 07-21-2018
    Premium Seller 03-04-2018
    Publicist 12-10-2017
    League of Legends Minion 05-31-2017
    Premium 02-05-2017
    Member 10-13-2013

Similar Threads

  1. [Source Code] Updated Address - MUST READ CODERS
    By Boomdocks in forum Metal Assault Discussions
    Replies: 4
    Last Post: 06-13-2016, 08:08 AM
  2. IP address plzz read !!
    By [D]ark [M]oon in forum Hardware & Software Support
    Replies: 5
    Last Post: 09-25-2010, 08:21 AM
  3. IP Address Banned from Warrock Read This!
    By Ariez in forum WarRock - International Hacks
    Replies: 19
    Last Post: 04-19-2009, 07:06 AM
  4. Reading from a memory address
    By isaacboy in forum Visual Basic Programming
    Replies: 0
    Last Post: 03-26-2009, 03:28 AM
  5. How To: Convert Address to long
    By stonie in forum Visual Basic Programming
    Replies: 4
    Last Post: 12-18-2008, 12:41 PM