 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
sgs_
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2014
Posts: 4
|
 Posted: Thu May 29, 2014 6:28 pm Post subject: Help VirtualQueryEx [C#] |
 |
|
(Sorry for my English, Google Translator.)
I am using the following code to get the Address:
| Code: | [DllImport("kernel32.dll")]
private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
protected static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
[StructLayout(LayoutKind.Sequential)]
protected struct MEMORY_BASIC_INFORMATION
{
public IntPtr BaseAddress;
public IntPtr AllocationBase;
public uint AllocationProtect;
public uint RegionSize;
public uint State;
public uint Protect;
public uint Type;
}
List<MEMORY_BASIC_INFORMATION> MemReg { get; set; }
public void MemInfo(IntPtr pHandle)
{
IntPtr Addy = new IntPtr();
while (true)
{
MEMORY_BASIC_INFORMATION MemInfo = new MEMORY_BASIC_INFORMATION();
int MemDump = VirtualQueryEx(pHandle, Addy, out MemInfo, Marshal.SizeOf(MemInfo));
if (MemDump == 0) break;
if ((MemInfo.State & 0x1000) != 0 && (MemInfo.Protect & 0x100) == 0)
MemReg.Add(MemInfo);
Addy = new IntPtr(MemInfo.BaseAddress.ToInt32() + MemInfo.RegionSize);
}
}
public IntPtr _Scan(byte[] sIn, byte[] sFor)
{
int[] sBytes = new int[256]; int Pool = 0;
int End = sFor.Length - 1;
for (int i = 0; i < 256; i++)
sBytes[i] = sFor.Length;
for (int i = 0; i < End; i++)
sBytes[sFor[i]] = End - i;
while (Pool <= sIn.Length - sFor.Length)
{
for (int i = End; sIn[Pool + i] == sFor[i]; i--)
if (i == 0) return new IntPtr(Pool);
Pool += sBytes[sIn[Pool + End]];
}
return IntPtr.Zero;
}
public IntPtr AobScan(string ProcessName, byte[] Pattern)
{
Process[] P = Process.GetProcessesByName(ProcessName);
if (P.Length == 0) return IntPtr.Zero;
MemReg = new List<MEMORY_BASIC_INFORMATION>();
MemInfo(P[0].Handle);
for (int i = 0; i < MemReg.Count; i++)
{
byte[] buff = new byte[MemReg[i].RegionSize];
ReadProcessMemory(P[0].Handle, MemReg[i].BaseAddress, buff, MemReg[i].RegionSize, 0);
IntPtr Result = _Scan(buff, Pattern);
if (Result != IntPtr.Zero)
return new IntPtr(MemReg[i].BaseAddress.ToInt32() + Result.ToInt32());
}
return IntPtr.Zero;
} |
Address picks up everything right.
"004C4FCF | A1 007E3103 | MOV EAX,DWORD PTR DS:[3317E00]"
Wish he'd put the address that is between the "MOV EAX,DWORD PTR DS:[3317E00]"
Address: 0x03317E00 |
|
| Back to top |
|
 |
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 893
|
| Posted: Thu May 29, 2014 6:46 pm Post subject: |
|
|
Then do a ReadProcessMemory(4c4fcf+1,4)? Or a ReadProcessMemory(ReadProcessMemory(4c4fcf+1,4),4)?
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
sgs_
How do I cheat?
![]() Reputation: 0
Joined: 12 Mar 2014
Posts: 4
|
| Posted: Thu May 29, 2014 7:46 pm Post subject: |
|
|
| What I want to do is get virtualqueryex address inside the mov and not the 004 |
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Sun Jun 01, 2014 11:09 am Post subject: |
|
|
If I'm getting it, you try to read the value within the memory address: 3317e00
now, I don't know if it'd change from one execution to another, if it does, what you need to do is to read it's value from the address 004c4fcf first
See the line:
| Code: |
004C4FCF | A1 007E3103 | MOV EAX,DWORD PTR DS:[3317E00]
|
at the second column there are the opcodes for the command and I'm guessing A1 means mov eax,[some memory dword value]
the other 4 bytes is the address you're looking for but backwards 00 7e 31 03 turns to 03 31 7e 00 which is your address
so just read 4 bytes from the address 004C4FCF+1 and then read from that value whatever you want
_________________
Stylo |
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 893
|
| Posted: Sun Jun 01, 2014 11:40 am Post subject: |
|
|
Or use that value you've read in your call to vquery, if that's your goal.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
