How Do I Find Static Memory Addresses?

[Fovea]

The size of data-types is implementation defined. An int is guaranteed to have a range of -32767 to 32767 by the C++ standard, although it can hold more. The same goes for other standard integral types.

[KissU]

THANKS but I am smart enough to understand on first exanation dont need 3 answers for a question that i didnt made.

[Phizo]

Ah, guys...can we please stay on topic please?

Also, I think I posted this in the wrong section /facepalm.

[KissU]

Ah, guys...can we please stay on topic please?

Also, I think I posted this in the wrong section /facepalm.

For first you find what writes/accesses the address.

After you click something and see more info.
Click on the check-box HEX and search for the addres that him said on box.
"The value of pointer that you need should be: "
U search for this value.

Go to add address manually.
And click on check-box pointer.
The offset will be the one when you find what it writes/access
Like move [eax+10],ecx
The offset will be 10.

Now you do the samething search what access
And find another pointer.

And now for last you find a nice green and base pointer.
Put offset and it will give us the value that we want.
But how to use it on C++?
Like this:
[Highlight=C++]#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <conio.h>

DWORD dwNOPs[]={0x90,0x90,0x90,0x90,0x90,0x90,0x90};
DWORD dwScore = 0x0000FFFF;
DWORD dwScorez = 0x00;

DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(_***cmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}

int _tmain(int nArgumentCount, TCHAR **lpvArgumentVector)
{
SetConsoleTitle(_T("Solitaire Trainer [Windows 7 Version]"));
HWND hWindow = FindWindow(NULL, _T("Paciência"));
if(hWindow == NULL)
{
printf(_T("The window could not be found.\n"));
}
else
{
printf(_T("The window was found.\n"));
DWORD dwProcessIdentifier = 0;
GetWindowThreadProcessId(hWindow, &dwProcessIdentifier);
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcessIdentifier);
if(hProcess == NULL)
{
printf(_T("The process could not be opened.\n"));
}
else
{
printf(_T("The process was opened.\n"));
DWORD dwModuleBaseAddress = dwGetModuleBaseAddress(dwProcessIdentifier, _T("solitaire.exe"));
if(dwModuleBaseAddress != 0)
{
DWORD dwMemoryBuffer = 0;
if(ReadProcessMemory(hProcess, (PVOID)(dwModuleBaseAddress + 0x00097074), &dwMemoryBuffer, sizeof(dwMemoryBuffer), NULL) && ReadProcessMemory(hProcess, (PVOID)(dwMemoryBuffer + 0x2C), &dwMemoryBuffer, sizeof(dwMemoryBuffer), NULL) && WriteProcessMemory(hProcess, (PVOID)(dwMemoryBuffer + 0x10), &dwScore, sizeof(dwScore), NULL))
{
printf(_T("The score was set.\n"));
}
else
{
printf(_T("The score could not be set.\n"));
}
DWORD dwMemoryBuffers = 0;
printf(_T("The module base address was found.\n"));
if(ReadProcessMemory(hProcess, (PVOID)(dwModuleBaseAddress + 0x00097074), &dwMemoryBuffers, sizeof(dwMemoryBuffers), NULL) && ReadProcessMemory(hProcess, (PVOID)(dwMemoryBuffers + 0x2C), &dwMemoryBuffers, sizeof(dwMemoryBuffers), NULL) && WriteProcessMemory(hProcess, (PVOID)(dwMemoryBuffers + 0x08), &dwNOPs, sizeof(dwNOPs), NULL)) {
printf(_T("Time no longer decreases the score.\n"));

}
else
{
printf(_T("Time could not be prevented from decreasing the score.\n"));
}
}
else
{
printf(_T("The module base address could not be found.\n"));
}
CloseHandle(hProcess);
}
}
printf(_T("\nPress enter to exit.\n"));
while(_getch() != 0x0D);
return 0;
}
[/HIGHLIGHT]
if(_***cmp(ModuleEntry32.szModule, lpszModuleName) == 0)
is if(_ t c s cmp(ModuleEntry32.szModule, lpszModuleName) == 0) (I dont know why its _***cmp)
( I used a different base address on code but you can change )
If you still dont understando ask us.
I think its enough.
Hope I helped. =) ::

[Phizo]

Thanks for the detailed reply dude .

However...that's what I was doing. I found the green address the same way, but the green address changes :S. I'm really confused, isn't the static address suppose to stay the same?

Sorry if I'm being a nuisance. It's just weird that I'm doing the exact same thing but my green address keep changing.

[KissU]

Thanks for the detailed reply dude .

However...that's what I was doing. I found the green address the same way, but the green address changes :S. I'm really confused, isn't the static address suppose to stay the same?

Sorry if I'm being a nuisance. It's just weird that I'm doing the exact same thing but my green address keep changing.

You dont need search for them every time that you run the program,just use one and it should work like in code that I give i used one different than the one that i found and both should work for us,hope you can end it!

[Phizo]

You dont need search for them every time that you run the program,just use one and it should work like in code that I give i used one different than the one that i found and both should work for us,hope you can end it!

Oh, okay. I'll try, thanks dude .

[KissU]

Oh, okay. I'll try, thanks dude .

Ok, nope.When you need just come there and ask!
And if its works let we know