Is your exe path correct?
edit:
Wait what the hell GetModuleHandle returns a handle which is totally not an address. It is nonsensical trying to cast it to a DWORD and use it as an address.
hi everybody!
I practice using c++ builder & cheat engine to change the money of Plants VS Zombies.
and I know the address of money. ("popcapgame1.exe"+0002619C, Offest = C)
First step, i use GetModuleHandle() like this in C++ builder:
//-------------------------------------------------------------------------------------------
DWORD baseAddr = (DWORD)GetModuleHandle("popcapgame1.exe");
//-------------------------------------------------------------------------------------------
when i use debugger to check the value of the baseAddr, the value is always 0. (i don't know why...)
i'm sure that process's name is right and process is running.
and i can't use Findwindow() because the money of data saves in popcapgame1.exe.
it's not saving in PlantsVSZombies.exe
Is your exe path correct?
edit:
Wait what the hell GetModuleHandle returns a handle which is totally not an address. It is nonsensical trying to cast it to a DWORD and use it as an address.
Last edited by Eddington; 07-04-2015 at 07:57 PM.
GetModuleHandle only works for exe's if it's in the same process ( Aka only in DLLs injected into a process can it be used to return the base of a process )
Besides, GMH returns -1 for the local process ( psuedo-handle ) anyways.
I.E.
Process Name: calc.exe
Code: GetModuleHandleA( "calc.exe" ) -> Returns "-1"
Code: GetModuleHandleA( NULL ) -> Returns "-1"
Code: GetModuleHandleA( "explorer.exe" ) -> Returns NULL ( No such module in the process calc.exe exists. )
If you want to read an external process's modules, you'll need to create a snapshot and walk through the module list, locate the desired module and read the base from the PROCESSENTRY32/MODULEENTRY32 structures.
In your case however, since you're merely dealing with a process named "popcapwhatever.exe" a simple snapshot with TH32CS_SNAPPROCESS will work. ( Simply do strcmp with szExeFile stripping out the last "\" delimiter and attach to that process ID. )
Refs:
https://msdn.microsof*****m/en-us/librarydows/desktop/ms682489(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684834(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684836(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684218(v=vs.85).aspx
https://msdn.microsof*****m/en-us/lib...(v=vs.85).aspx
Try googling next time.
Code:// Find the process and get the PROCESSENTRY32 structure from it PROCESSENTRY32 pe; MODULEENTRY32 me; while( Module32First( moduleSnapshot, &me ){ if( me.th32ProcessID == pe.th32ProcessID ){ // Module is a child of the parent moduleBase = reinterpret_cast< ULONG_PTR >( me.modBaseAddr ); break; } Module32Next( moduleSnapshot, &me ); }
Last edited by Hitokiri~; 07-05-2015 at 01:22 AM.
Sorry, i'm newbie in Windows API.
Actually I found a source code at first.
refs: =.=" sorry i can't post links yet.
//------------------------------------------------------------------------------------------------------------------------
// My first game hack. This is for "Sniper: Ghost Warrior"
#include "stdafx.h"
#include <iostream>
#include <Windows.h>
using namespace std;
int main ()
{
HWND hWnd = FindWindow(0, L"Sniper: Ghost Warrior"); // Finds the window titled "Sniper: Ghost Warrior".
if (hWnd == 0) // If it can't find the window, then:
{
cout << "Can't find window, dopey noonga!" << endl;
}
else
{
DWORD pr0c3zz;
GetWindowThreadProcessId(hWnd, &pr0c3zz); // Locates the process through the window.
HANDLE trollpr0c3zz = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pr0c3zz); // Gives access to process.
if (!trollpr0c3zz) // If it can't access the process, then:
{
cout << "I can nawtz open pr0c3zz ." << endl;
}
else
{
int ammoAmount = 10; // Amount of bullets in current round.
int roundsAmount = 60; // Amount of rounds left.
int ammoAddr = 0x29500340; // Ammunition memory address.
int roundsAddr = 0x296E629C; // Rounds memory address.
cout << "Unlimited ammo - F1" << endl;
bool AmmoHax = false;
while(1) // Loops so the memory keeps rewriting itself if it's changed.
{
if (GetAsyncKeyState(VK_F1)) // If the "F1" hotkey is pressed then it will write the new data to the memory address.
AmmoHax = !AmmoHax;
if (AmmoHax)
WriteProcessMemory(trollpr0c3zz, (LPVOID)ammoAddr, &ammoAmount, sizeof(ammoAmount), NULL); // Modifies the ammunition's memory value to 10.
WriteProcessMemory(trollpr0c3zz, (LPVOID)roundsAddr, &roundsAmount, sizeof(roundsAmount), NULL); // Modifies the rounds' memory value to 60.
} // End of loop.
}
CloseHandle(trollpr0c3zz); // Removes access to the process when it is not needed.
}
system("pause");
return 0;
}
//--------------------------------------------------------------------------------------------------------------------------
when this game is running, it generates two processes. (popcapgame1.exe and PlantsVSZombies.exe)
i can't use Findwindow() like the above example after i analysis the money of memory address by cheat engine.
the money of data saves in popcapgame1.exe. it's not saving in PlantsVSZombies.exe.
i google it, and i found GetModuleHandle() could be used maybe.
refs: sorry i can't post links yet.
that's why i have the first problem.
thanks rely.
but Hitokiri's rely is too diffcult for me. = ||
could you explain simpler like the first example?
i think i need to learn more about the windows api.
thanks rely again.
Last edited by Laertesiceking; 07-05-2015 at 10:31 AM.
https://pastebin.com/zvdGCZ4RCode:
- #include <iostream>
- #include <Windows.h>
- #include <TlHelp32.h>
- #include <Shlwapi.h>
- using namespace std;
- DWORD GetProcessIdByName( LPCSTR procName ){
- PROCESSENTRY32 pe;
- HANDLE snapShot;
- pe.dwSize = sizeof( pe );
- snapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
- if( !snapShot ) throw runtime_error( "Unable to create a snapshot for processes." );
- if( Process32First( snapShot, &pe ) ){
- do{
- if( !stricmp( pe.szExeFile, procName ) ){
- CloseHandle( snapShot );
- return pe.th32ProcessID;
- }
- } while( Process32Next( snapShot, &pe ) );
- }
- CloseHandle( snapShot );
- return -1;
- }
- HMODULE GetModuleBaseByName( DWORD PID, LPCSTR modName ){
- MODULEENTRY32 me;
- HANDLE snapShot;
- WCHAR wModName[MAX_PATH];
- wcstombs_s(
- me.dwSize = sizeof( me );
- me.th32ProcessID = PID;
- snapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, NULL );
- if( !snapShot ) throw runtime_error( "Unable to create a snapshot for process modules." );
- if( Module32First( snapShot, &me ) ){
- do{
- if( !StrCmpW( me.szModule, wModName ) ){
- CloseHandle( snapShot );
- return HMODULE( me.modBaseAddr );
- }
- } while( Module32Next( snapShot, &me );
- }
- CloseHandle( snapShot );
- return HMODULE( NULL );
- }
- HANDLE OpenProcessByName( LPCSTR procName ){
- HANDLE hProc = INVALID_HANDLE_VALUE;
- DWORD pID = GetProcessIdByName( procName );
- if( pID != -1 )
- hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID );
- return hProc;
- }
- HANDLE OpenProcessID( DWORD PID ){
- return OpenProcess( PROCESS_ALL_ACCESS, FALSE, PID );
- }
- int main( int argc, char** argv ){
- DWORD pid = -1, tick = 0;
- HANDLE Proc = INVALID_HANDLE_VALUE;
- PVOID BaseModule = NULL, PVOID Money = NULL;
- DWORD MoneyInt = 99999, Out = 0;
- cout << "Waiting for Plants vs Zombies to start " << endl;
- while( ( pid = GetProcessIdByName( "popcapgame1.exe" ), pid == -1 ) )
- {
- cout << ".";
- Sleep(1000);
- }
- cout << endl << "Located Process with ID of ( " << pid << " )" << endl << "Attaching ..." << endl;
- Proc = OpenProcessID( pid );
- if( !Proc ) throw runtime_error( "Unable to attach to the process." );
- cout << "Attached to process." << endl << "Locating module's base address..." << endl;
- BaseModule = PVOID( GetModuleBaseByName( "popcapgame1.exe" );
- if( !BaseModule ) throw runtime_error( "Unable to locate the module's base address." );
- else cout << "Located module's base address at: " << BaseModule << endl;
- Money = PVOID( PCHAR( BaseModule ) + 0x2619C );
- cout << "Keeping $$ value constant .";
- while( 1 ){
- if( GetAsyncKeyState( VK_F1 ) & 1 )
- break;
- if( tick++ > 10 ){
- cout << "."
- tick = 0;
- }
- WriteProcessMemory( Proc, Money, LPCVOID( &MoneyInt ), sizeof( DWORD ), &Out );
- Sleep( 100 );
- }
- cout << "Hotkey pressed. Program terminated." << endl;
- CloseHandle( Proc );
- getchar();
- return 0;
- }
You really should pay me for my kind work. Especially since I'm not a kind person.
Cosmo_ (07-06-2015)
Thank you so much!
I'll study hard.
I guess OP found his answer.
I do not use any type of messenger outside of MPGH.
Inactive but you can reach me through VM/PM.