Originally Posted by
JustWorkHereLUL
I've been trying to learn game hacking and I managed to make a hack for AssaultCube which had int addresses and the static addresses were easy to find. Now I've taken one of the offline games to try to make a simple hack for it (money and level). But when I was trying to find the static address I noticed they are longer than the ones in AssaultCube. I tried to use my modified function for reading where the address points, but as the result I always get 0.
Here is my function:
Code:
private long ReadLong(long Address)
{
byte[] buffer = new byte[sizeof(long)];
int bytesToRead = 0;
ReadProcessMemory(ProcessHandle(), Address, buffer, buffer.Length, ref bytesToRead);
MessageBox.Show(buffer[0].ToString());
unsafe
{
fixed (byte* p = &buffer[0])
{
return *(long*)p;
}
}
}
and here are the addresses I found:
Also I'm wondering what is this static address? How do I check where that points to?
Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x.
I don't know why you use a function to read values of the type long.
Maybe because the address is looking longer than the static ones in assault cube? ^^
Well, sorry. Long is a signed 64-Bit (8 Byte) Value with a range from -9.223.372.036.854.775.808 to 9.223.372.036.854.775.807.
What makes it look so long are offsets. More about them at "Where does the pointer points to [...]". In general, those are based on the game structure.
I don't recommend to use THREADSTACK's at all. Try to get a module of the game and not the 'threadstack.exe'.
If you are getting only THREADSTACK's, try to do these steps:
in memoryview go to view->enumerate modules and symbols and see if it's being populated. If not, disable all options in settings-extta and reopen the process. If you can't it's because it's protected, and the modulelist isn't bypassed by the kernel (yet) also, try a higher level and structsize
- Dark Byte, Site Admin of the Cheat Engine Forum
Where does the pointer points to you are asking?
It is pointing to the address 0x23840D277B8 in the Screenshot. The last address on the top. It is changing tough after each game start.
So what you need to do is getting the base address of the threadstack.exe related to the process id of the game you want to cheat in.
Then you add those offsets like this (shown in Cheat Engine too):
Code:
// Baseaddress of the THREADSTACK0
( ( ( ( ( ( BT - 0xBA0 ) + 0xD8 ) + 0x18 ) + 0x20 ) + 0x48 ) + 0xB8 )
Since you chose THREADSTACK it's a bit more complicated but not impossible.
To find the final address of it do it like this:
Code:
// You might need to adjust this code a bit - I found this snippet and think that it fits into here since it is clean
// If I would code you a solution it would look even worse
// I edited it a bit so you technically just have to put your game title
// If you get errors, hover over them > using directives are missing
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
//////////////////////////////////////////////////////////////////
// Structure
//////////////////////////////////////////////////////////////////
private IntPtr Thread0Address;
private IntPtr GameAddress;
private static int[] GAME_OFFSETS = { 0xD8, 0x18, 0x20, 0x48, B8 };
private static int GAME_FIRST = 0xBA0;
//////////////////////////////////////////////////////////////////
private async void hookAll()
{
SVProcess = Process.GetProcessesByName("REPLACE_THIS_WITH_YOUR_GAME_TITLE")[0];
SVHandle = OpenProcess(ProcessAccessFlags.All, true, SVProces*****);
SVBaseAddress = SVProcess.MainModule.BaseAddress;
Thread0Address = (IntPtr) await getThread0Address();
getGameAddress();
}
private Task<int> getThread0Address()
{
var proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "threadstack.exe",
Arguments = SVProces***** + "",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true
}
};
proc.Start();
while (!proc.StandardOutput.EndOfStream)
{
string line = proc.StandardOutput.ReadLine();
if (line.Contains("THREADSTACK 0 BASE ADDRESS: "))
{
line = line.Substring(line.LastIndexOf(":") + 2);
return Task.FromResult(int.Parse(line.Substring(2), System.Globalization.NumberStyles.HexNumber));
}
}
return Task.FromResult(0);
}
private void getGameAddress()
{
IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
foreach (int offset in GAME_OFFSETS)
curAdd = (IntPtr) ReadInt32(curAdd + offset);
GameAddress = (IntPtr) curAdd;
}
private int ReadInt32(IntPtr addr)
{
byte[] results = new byte[4];
int read = 0;
ReadProcessMemory(SVHandle, addr, results, results.Length, out read);
return BitConverter.ToInt32(results, 0);
}
- Original Code is made by someone called
BT
Hope I could help you a bit. If you got questions about this solution you can ask them me.
Maybe someone else got an easier method for this. So don't mark this as solved.
Originally Posted by
Zaczero
1. Don't use THREADSTACK as your base (it's dynamic - aka. created by cheat engine), find module which is contained in the game (.dll or .exe)
2. In cheat engine to read longs you have to change type from 4 bytes to 8 bytes (4 bytes is int)
--
"Also I'm wondering what is this static address? How do I check where that points to?"
If use THREADSTACK as your base there is no static address, you gotta make a new pointer with static base (.dll or .exe)
"Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x."
Maybe game is 64 bit? If target process is 64 bit your process has to be 64 bit as well
Damn, you were faster than me. Worked like a half hour on this post.
(Would wonder myself when someone tells me that I have to think about it before posting)
Originally Posted by
MikeRohsoft
Where u all learned the types pls? Because u better search the Source and burn it.
Long int = int
Code:
Size of long int types is 4 bytes
Signed long min: -2147483648 max: 2147483647
Unsigned long min: 0 max: 4294967295
- - - Updated - - -
Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type Pointer or UInt64)
Ah sorry. You're right. My bad. Will add both then and mark them with C# & in general.