| View previous topic :: View next topic |
| Author |
Message |
shakib187
Expert Cheater
 Reputation: 0
Joined: 24 May 2007
Posts: 215
|
 Posted: Tue Nov 05, 2013 4:45 am Post subject: [c++ dll] Code not working, a few questions |
 |
|
| Code: |
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <conio.h>
#include <string>
#include <fstream>
#include <float.h>
using namespace std;
void shoot()
{
mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0);
Sleep(1);
mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0);
}
DWORD WINAPI LoopFunction( LPVOID lpParam )
{
HANDLE phandle = GetCurrentProcess();
DWORD pointer = 0x00EE43A8;
DWORD pointed;
ReadProcessMemory(phandle,(void*)(pointer),&pointed,sizeof(DWORD),0);
while(1) {
if (GetAsyncKeyState(VK_HOME)&1)
if (pointed == 1)
{
(shoot());
}
}
//some CPU relief
Sleep(0);
return 0;
}
BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
{
if (dwAttached == DLL_PROCESS_ATTACH) {
CreateThread(NULL,0,&LoopFunction,NULL,0,NULL);
}
return 1;
}
|
Am I using readprocessmemory for dll correctly?
IS DWORD pointer = 0x00EE43A8; supposed to be the base+module address in memory? Since we are already inside the game its safe to assume it is the module location right? is everything else correct? because I cant get this to work
Am I supposed to include soemthing in the header file? I have none for my dll
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Nov 05, 2013 5:01 am Post subject: |
|
|
What is the original address ?
e.g if it's something.xxx+EE43A8 then you first need to add the base address of something.xxx to EE43A8
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Tue Nov 05, 2013 3:40 pm Post subject: |
|
|
Since you're running at the same memory space of the process you can directly read it's memory, instead of using Read/Write ProcessMemory
example:
| Code: |
DWORD dwAddress = 0x12345678;
DWORD dwValue;
dwValue = *(DWORD*)dwAddress;
|
_________________
Stylo |
|
| Back to top |
|
|
shakib187
Expert Cheater
Reputation: 0
Joined: 24 May 2007
Posts: 215
|
| Posted: Tue Nov 05, 2013 8:10 pm Post subject: |
|
|
| Dark Byte wrote: | What is the original address ?
e.g if it's something.xxx+EE43A8 then you first need to add the base address of something.xxx to EE43A8 |
I did that using tlhelp32snapshot in my original application but I didnt think it was needed since you are reading its own process memory.
So I did what stylo suggested but the dll injected (using cheat engine) does not have the same effects it did of the original application which just reads memory and left clicks if pointed is 1
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Nov 05, 2013 8:20 pm Post subject: |
|
|
that modulename+offset thing has nothing to do with being inside the process memory or not
When a program loads, the game's .exe loads at a random location (most of the time)
So to get to the exact location,you need to know where it has been loaded
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
shakib187
Expert Cheater
Reputation: 0
Joined: 24 May 2007
Posts: 215
|
| Posted: Tue Nov 05, 2013 8:32 pm Post subject: |
|
|
| Dark Byte wrote: | that modulename+offset thing has nothing to do with being inside the process memory or not
When a program loads, the game's .exe loads at a random location (most of the time)
So to get to the exact location,you need to know where it has been loaded |
AHHHH this is so confusing.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Nov 05, 2013 8:38 pm Post subject: |
|
|
It's pretty simple really.
For example:
First time:
mygame.exe loads at address 00000000
The code to decrease health is at address 00001234
Next time:
mygame.exe loads at address 1000000
The code to decrease health is then at offset 1000000+00001234=10001234
And another time mygame.exe loads at 20002000
The code to decrease health it then at offset 20002000+00001234=200031234
You can use CreateToolhelpSnapshot to get the module list, but since you are inside the same process, you can also choose to use GetModuleHandle("something.xxx") to get the base address (the module handle is actually the base address )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
shakib187
Expert Cheater
Reputation: 0
Joined: 24 May 2007
Posts: 215
|
| Posted: Tue Nov 05, 2013 8:42 pm Post subject: |
|
|
| Code: |
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <conio.h>
#include <string>
#include <fstream>
#include <float.h>
using namespace std;
void shoot()
{
mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0);
Sleep(1);
mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0);
}
DWORD WINAPI LoopFunction( LPVOID lpParam )
{
HANDLE phandle = GetCurrentProcess();
DWORD BaseAddr = (DWORD)GetModuleHandleA("Aether.exe");
DWORD painted = 0x00AE43A8;
DWORD pointer = BaseAddr+painted;
DWORD pointed;
pointed = *(DWORD*)pointer;
while(1) {
if (GetAsyncKeyState(VK_HOME)&1)
if (pointed == 1)
{
(shoot());
}
}
//some CPU relief
Sleep(0);
return 0;
}
BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
{
if (dwAttached == DLL_PROCESS_ATTACH) {
CreateThread(NULL,0,&LoopFunction,NULL,0,NULL);
}
return 1;
}
|
Okay I have that right now, but it does not work, the left click does not occur when pointed is 1 and home is held down
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Nov 05, 2013 8:48 pm Post subject: |
|
|
That is because you are not reading the address afterwards
instead of
do
| Code: |
if ((*(DWORD*)pointer) == 1)
|
Also, you're sure that Aether.exe+00AE43A8 is a 4 byte static address that holds the value 1 when pointed at ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
shakib187
Expert Cheater
Reputation: 0
Joined: 24 May 2007
Posts: 215
|
| Posted: Tue Nov 05, 2013 8:51 pm Post subject: |
|
|
| Dark Byte wrote: | That is because you are not reading the address afterwards
instead of
do
| Code: |
if ((*(DWORD*)pointer) == 1)
|
Also, you're sure that Aether.exe+00AE43A8 is a 4 byte static address that holds the value 1 when pointed at ? |
Cheers DB, it works!
Can you just answer a quick question why do we have to write if ((*(DWORD*)pointer) == 1) instead of (pointed == 1)? inside a dll
And yes it is a 4 byte static 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25824
Location: The netherlands
|
| Posted: Tue Nov 05, 2013 9:09 pm Post subject: |
|
|
that is because you never update pointed.
After
| Code: |
pointed = *(DWORD*)pointer;
|
you never write to it ever again. So it will stay 0
you could also do:
| Code: |
while(1)
{
if (GetAsyncKeyState(VK_HOME)&1)
{
pointed=*(DWORD*)pointer;
if (pointed == 1)
{
shoot();
}
}
}
|
(Also, that sleep of yours is never called, and I do recommend at least a sleep of 1)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
