long addresses to read

[JustWorkHereLUL]

I've been trying to learn game hacking and I managed to make a hack for AssaultCube which had int addresses and the static addresses were easy to find. Now I've taken one of the offline games to try to make a simple hack for it (money and level). But when I was trying to find the static address I noticed they are longer than the ones in AssaultCube. I tried to use my modified function for reading where the address points, but as the result I always get 0.

Here is my function:

Code:

        private long ReadLong(long Address)
        {
            byte[] buffer = new byte[sizeof(long)];
            int bytesToRead = 0;

            ReadProcessMemory(ProcessHandle(), Address, buffer, buffer.Length, ref bytesToRead);

            MessageBox.Show(buffer[0].ToString());

            unsafe
            {
                fixed (byte* p = &buffer[0])
                {
                    return *(long*)p;
                }
            }
        }

and here are the addresses I found:



Also I'm wondering what is this static address? How do I check where that points to?

Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x.

[Zaczero]

1. Don't use THREADSTACK as your base (it's dynamic - aka. created by cheat engine), find module which is contained in the game (.dll or .exe)

2. In cheat engine to read longs you have to change type from 4 bytes to 8 bytes (4 bytes is int)

--

"Also I'm wondering what is this static address? How do I check where that points to?"
If use THREADSTACK as your base there is no static address, you gotta make a new pointer with static base (.dll or .exe)

"Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x."
Maybe game is 64 bit? If target process is 64 bit your process has to be 64 bit as well

[defaulto]

I've been trying to learn game hacking and I managed to make a hack for AssaultCube which had int addresses and the static addresses were easy to find. Now I've taken one of the offline games to try to make a simple hack for it (money and level). But when I was trying to find the static address I noticed they are longer than the ones in AssaultCube. I tried to use my modified function for reading where the address points, but as the result I always get 0.

Here is my function:

Code:

        private long ReadLong(long Address)
        {
            byte[] buffer = new byte[sizeof(long)];
            int bytesToRead = 0;

            ReadProcessMemory(ProcessHandle(), Address, buffer, buffer.Length, ref bytesToRead);

            MessageBox.Show(buffer[0].ToString());

            unsafe
            {
                fixed (byte* p = &buffer[0])
                {
                    return *(long*)p;
                }
            }
        }

and here are the addresses I found:



Also I'm wondering what is this static address? How do I check where that points to?

Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x.

I don't know why you use a function to read values of the type long.
Maybe because the address is looking longer than the static ones in assault cube? ^^
Well, sorry. Long is a signed 64-Bit (8 Byte) Value with a range from -9.223.372.036.854.775.808 to 9.223.372.036.854.775.807.
What makes it look so long are offsets. More about them at "Where does the pointer points to [...]". In general, those are based on the game structure.

I don't recommend to use THREADSTACK's at all. Try to get a module of the game and not the 'threadstack.exe'.

If you are getting only THREADSTACK's, try to do these steps:

---

in memoryview go to view->enumerate modules and symbols and see if it's being populated. If not, disable all options in settings-extta and reopen the process. If you can't it's because it's protected, and the modulelist isn't bypassed by the kernel (yet) also, try a higher level and structsize
- Dark Byte, Site Admin of the Cheat Engine Forum

---

Where does the pointer points to you are asking?
It is pointing to the address 0x23840D277B8 in the Screenshot. The last address on the top. It is changing tough after each game start.
So what you need to do is getting the base address of the threadstack.exe related to the process id of the game you want to cheat in.
Then you add those offsets like this (shown in Cheat Engine too):

---

Code:

// Baseaddress of the THREADSTACK0

( ( ( ( ( ( BT - 0xBA0 ) + 0xD8 ) + 0x18 ) + 0x20 ) + 0x48 ) + 0xB8 )

---

Since you chose THREADSTACK it's a bit more complicated but not impossible.
To find the final address of it do it like this:

---

Code:

// You might need to adjust this code a bit - I found this snippet and think that it fits into here since it is clean
// If I would code you a solution it would look even worse

// I edited it a bit so you technically just have to put your game title
// If you get errors, hover over them > using directives are missing

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);

//////////////////////////////////////////////////////////////////
// Structure
//////////////////////////////////////////////////////////////////
private IntPtr Thread0Address;
private IntPtr GameAddress;
private static int[] GAME_OFFSETS = { 0xD8, 0x18, 0x20, 0x48, B8 };
private static int GAME_FIRST = 0xBA0;
//////////////////////////////////////////////////////////////////

private async void hookAll()
{
    SVProcess = Process.GetProcessesByName("REPLACE_THIS_WITH_YOUR_GAME_TITLE")[0];
    SVHandle = OpenProcess(ProcessAccessFlags.All, true, SVProces*****);
    SVBaseAddress = SVProcess.MainModule.BaseAddress;
    Thread0Address = (IntPtr) await getThread0Address();
    getGameAddress();
}

private Task<int> getThread0Address()
{
    var proc = new Process
    {
        StartInfo = new ProcessStartInfo
        {
            FileName = "threadstack.exe",
            Arguments = SVProces***** + "",
            UseShellExecute = false,
            RedirectStandardOutput = true,
            CreateNoWindow = true
        }
    };

    proc.Start();

    while (!proc.StandardOutput.EndOfStream)
    {
        string line = proc.StandardOutput.ReadLine();
        if (line.Contains("THREADSTACK 0 BASE ADDRESS: "))
        {
            line = line.Substring(line.LastIndexOf(":") + 2);
            return Task.FromResult(int.Parse(line.Substring(2), System.Globalization.NumberStyles.HexNumber));
        }
    }
    return Task.FromResult(0);
}

private void getGameAddress()
{
    IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
    foreach (int offset in GAME_OFFSETS)
        curAdd = (IntPtr) ReadInt32(curAdd + offset);
    GameAddress = (IntPtr) curAdd;
}

private int ReadInt32(IntPtr addr)
{
    byte[] results = new byte[4];
    int read = 0;
    ReadProcessMemory(SVHandle, addr, results, results.Length, out read);
    return BitConverter.ToInt32(results, 0);
}

- Original Code is made by someone called BT

---

Hope I could help you a bit. If you got questions about this solution you can ask them me.
Maybe someone else got an easier method for this. So don't mark this as solved.

1. Don't use THREADSTACK as your base (it's dynamic - aka. created by cheat engine), find module which is contained in the game (.dll or .exe)

2. In cheat engine to read longs you have to change type from 4 bytes to 8 bytes (4 bytes is int)

--

"Also I'm wondering what is this static address? How do I check where that points to?"
If use THREADSTACK as your base there is no static address, you gotta make a new pointer with static base (.dll or .exe)

"Worth to mention that I got a System Access Violation Exception if i didn't run the code as 64x."
Maybe game is 64 bit? If target process is 64 bit your process has to be 64 bit as well

Damn, you were faster than me. Worked like a half hour on this post.
(Would wonder myself when someone tells me that I have to think about it before posting)

Where u all learned the types pls? Because u better search the Source and burn it.
Long int = int

Code:

Size of long int types is 4 bytes
Signed long min: -2147483648 max: 2147483647
Unsigned long min: 0 max: 4294967295

- - - Updated - - -

Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type Pointer or UInt64)

Ah sorry. You're right. My bad. Will add both then and mark them with C# & in general.

[MikeRohsoft]

Where u all learned the types pls? Because u better search the Source and burn it.
Long int = int

Code:

Size of long int types is 4 bytes
Signed long min: -2147483648 max: 2147483647
Unsigned long min: 0 max: 4294967295

- - - Updated - - -

Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type IntPtr or UInt64)

- - - Updated - - -

I didn't got it out of the context now, but, if it's 64 Bit, it will not work:

Code:

private void getGameAddress()
{
    IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
    foreach (int offset in GAME_OFFSETS)
        curAdd = (IntPtr) ReadInt32(curAdd + offset);
    GameAddress = (IntPtr) curAdd;
}

[defaulto]

Where u all learned the types pls? Because u better search the Source and burn it.
Long int = int

Code:

Size of long int types is 4 bytes
Signed long min: -2147483648 max: 2147483647
Unsigned long min: 0 max: 4294967295

- - - Updated - - -

Ah I See ^^ in C# it's alias for Int64 (which will work better btw, but it's even not the correct Pointer Type, better use type IntPtr or UInt64)

- - - Updated - - -

I didn't got it out of the context now, but, if it's 64 Bit, it will not work:

Code:

private void getGameAddress()
{
    IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
    foreach (int offset in GAME_OFFSETS)
        curAdd = (IntPtr) ReadInt32(curAdd + offset);
    GameAddress = (IntPtr) curAdd;
}

Would it work with your memory class?
https://www.mpgh.net/forum/showthread.php?t=1404542

Nevermind, yea.

[MikeRohsoft]

Would it work with your memory class?
https://www.mpgh.net/forum/showthread.php?t=1404542

Nevermind, yea.

Yes it would, but currently there is no Multi Offset Support, you have to Read every Level by yourself atm ^^

[JustWorkHereLUL]

First of all, thank you for your long awnser!

I don't know why you use a function to read values of the type long.
Maybe because the address is looking longer than the static ones in assault cube? ^^

I actually hovered on the address and it said long so thats why I guess :P

So what you need to do is getting the base address of the threadstack.exe related to the process id of the game you want to cheat in.

Wdym by this? I can get modules and see if there are anything that looks right but idk what do I do with the address after that. I only got threadstack when I pointerscanned 1 freakin' time and got 48 hits and clicked all, only threadstocks remained the same after I restarted the game.

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);

//////////////////////////////////////////////////////////////////
// Structure
//////////////////////////////////////////////////////////////////
private IntPtr Thread0Address;
private IntPtr GameAddress;
private static int[] GAME_OFFSETS = { 0xD8, 0x18, 0x20, 0x48, B8 };
private static int GAME_FIRST = 0xBA0;
//////////////////////////////////////////////////////////////////

private async void hookAll()
{
SVProcess = Process.GetProcessesByName("REPLACE_THIS_WITH_YOUR _GAME_TITLE")[0];
SVHandle = OpenProcess(ProcessAccessFlags.All, true, SVProces*****);
SVBaseAddress = SVProcess.MainModule.BaseAddress;
Thread0Address = (IntPtr) await getThread0Address();
getGameAddress();
}

private Task<int> getThread0Address()
{
var proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "threadstack.exe",
Arguments = SVProces***** + "",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true
}
};

proc.Start();

while (!proc.StandardOutput.EndOfStream)
{
string line = proc.StandardOutput.ReadLine();
if (line.Contains("THREADSTACK 0 BASE ADDRESS: "))
{
line = line.Substring(line.LastIndexOf(":") + 2);
return Task.FromResult(int.Parse(line.Substring(2), System.Globalization.NumberStyles.HexNumber));
}
}
return Task.FromResult(0);
}

private void getGameAddress()
{
IntPtr curAdd = (IntPtr) ReadInt32(Thread0Address - GAME_FIRST);
foreach (int offset in GAME_OFFSETS)
curAdd = (IntPtr) ReadInt32(curAdd + offset);
GameAddress = (IntPtr) curAdd;
}

private int ReadInt32(IntPtr addr)
{
byte[] results = new byte[4];
int read = 0;
ReadProcessMemory(SVHandle, addr, results, results.Length, out read);
return BitConverter.ToInt32(results, 0);
}
[/CODE]
- Original Code is made by someone called BT[/INDENT]

---

Didn't get much from this so I guess I'll try to find another address?? Or then just try to learn whats going on here peace by peace :P

[defaulto]

Didn't get much from this so I guess I'll try to find another address?? Or then just try to learn whats going on here peace by peace :P

That's why you shouldn't use thread stack for your pointers. It's kinda complicated for 'beginners'.
I believe that you will get used to pointers pretty fast. Something else you could try is to look up 'Signature Scanning'.
Or try to cheat in another game. I still wonder, which game is it at this point? I could maybe help you out.

[JustWorkHereLUL]

That's why you shouldn't use thread stack for your pointers. It's kinda complicated for 'beginners'.
I believe that you will get used to pointers pretty fast. Something else you could try is to look up 'Signature Scanning'.
Or try to cheat in another game. I still wonder, which game is it at this point? I could maybe help you out.

It's pc building simulator lol, I'm trying to code a bhop for csgo rn and im frustrated af rn, If you could help me with this? I have a function to get baseaddress of client_panorama.dll and to that I add 0xCF2A3C, I can print health on console and am I on air or on ground, but for some reason I don't always get the Player Base, instead it will be 0. I think it's something to do with my Read() function...

Code:

        static int Read(int Address)
        {
            byte[] buffer = new byte[sizeof(int)];
            int bytesToRead = 0;

            ReadProcessMemory(GetHandle(), Address, buffer, buffer.Length, ref bytesToRead);

            //Console.WriteLine(buffer[0]);

            unsafe
            {
                fixed(byte *p = &buffer[0])
                {
                    //Console.WriteLine(*(int*)p);
                    return *(int*)p;
                }
            }
        }

[defaulto]

It's pc building simulator lol, I'm trying to code a bhop for csgo rn and im frustrated af rn, If you could help me with this? I have a function to get baseaddress of client_panorama.dll and to that I add 0xCF2A3C, I can print health on console and am I on air or on ground, but for some reason I don't always get the Player Base, instead it will be 0. I think it's something to do with my Read() function...

Code:

        static int Read(int Address)
        {
            byte[] buffer = new byte[sizeof(int)];
            int bytesToRead = 0;

            ReadProcessMemory(GetHandle(), Address, buffer, buffer.Length, ref bytesToRead);

            //Console.WriteLine(buffer[0]);

            unsafe
            {
                fixed(byte *p = &buffer[0])
                {
                    //Console.WriteLine(*(int*)p);
                    return *(int*)p;
                }
            }
        }

Try to DM OfficerX with this problem. I am sure he is willing to help you as long you got the knowledge he thinks is necessary for you to understand his way.
It's nearly too simple how he makes it (which shows that his experience is quite big). I think you could learn a bit from him.

Maybe MikeRohsoft can help you most likely too. But since OfficerX made Skush I think he is the better option when it comes to CS:GO.

I once tried to go C# with CS:GO because Azuki inspired me a bit. I failed making external cheats for it due the same problem you have. (no wonder, my Intralism Bot got made in C# and is far away from being perfect, in case it gets an silly value it just restarts)
It isn't the lack of information I have about CS:GO but C#. I am not used to it yet (memory reading related) and still use libraries from others to read the memory (which is sad tbh) ^^

[JustWorkHereLUL]

@MikeRohsoft can you help me with this? OfficerX hasn't responded me and I'd like to get this working :W.

[JustWorkHereLUL]

@defaulto Bruh can u help me? no one has answered me yet lol. Also have other questions you might be able to help me with at Counter Strike: Global Offensive Coding & Resources

[MikeRohsoft]

i don't understand why you just don't try it with my class? should be more intuitive for you

[Zaczero]

Try to DM OfficerX with this problem. I am sure he is willing to help you as long you got the knowledge he thinks is necessary for you to understand his way.
It's nearly too simple how he makes it (which shows that his experience is quite big). I think you could learn a bit from him.

Maybe MikeRohsoft can help you most likely too. But since OfficerX made Skush I think he is the better option when it comes to CS:GO.

I once tried to go C# with CS:GO because Azuki inspired me a bit. I failed making external cheats for it due the same problem you have. (no wonder, my Intralism Bot got made in C# and is far away from being perfect, in case it gets an silly value it just restarts)
It isn't the lack of information I have about CS:GO but C#. I am not used to it yet (memory reading related) and still use libraries from others to read the memory (which is sad tbh) ^^

"Try to DM @OfficerX "
what a joke

[XoXlonG]

Thanks for the useful information