Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Imagebase not even close to addresses

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
KianBrose
Newbie cheater
Reputation: 0

Joined: 14 May 2021
Posts: 14
Location: Sweden
PostPosted: Tue Sep 28, 2021 11:15 am    Post subject: Imagebase not even close to addresses Reply with quote
I'm having an issue where the preferred imagebase of a process is in the 7FF661920000 while the addresses are in the 201012A1408 range. I am trying to make a trainer that uses AoB ( Array of Bytes ) to find the addresses I am looking for, and for that I need to have a start and end address to scan. How exactly does cheat engine set start and end addresses for any given processes?

I have attempted using EntryPointAddress and BaseAddress, but neither of them are close to the 201012A1408. Any clues?
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334
PostPosted: Tue Sep 28, 2021 3:12 pm    Post subject: Reply with quote
0x7FF661920000 is a memory address too high to be an exe image, it must be a dll, consequently I assume that the program you're trying to manipulate is written in C#.

What language are you writing the trainer? Lua? C++? But since you mentioned the "EntryPointAddress" and "BaseAddress" members I assume you are doing this in C# since they are "Module" class members.

If this is the case the problem is:
C# is an interpreted language, most likely the address 0x201012A1408 on which you found the code is a dynamically allocated memory region, so the location of that code vary regardless of the base address of any loaded modules, Cheat Engine to find that code enumerates all the memory portions of the program using VirtualQueryEx, after this, it look for the code into these portions.

In case I have made some wrong assumptions, I apologize and ask you to be more specific.
Back to top
View user's profile Send private message
KianBrose
Newbie cheater
Reputation: 0

Joined: 14 May 2021
Posts: 14
Location: Sweden
PostPosted: Tue Sep 28, 2021 3:50 pm    Post subject: Reply with quote
DanyDollaro wrote:
I assume that the program you're trying to manipulate is written in C#.

Yes the trainer is planned to be written in C#, I apologize for the lack of details.
The "game" itself I am trying to make a trainer for is the Bluestacks android emulator, and the process I am using as a target is the "HD-Player.exe" which is the only way I have found to interface cheat engine with the actual android game being played.

Could you elaborate on what VirtualQueryEx is and how it can be used in this scenario in a bit more detail? Any articles, guides or github repositories that I could use as resources to fix the issue would be incredibly helpful
Back to top
View user's profile Send private message
DanyDollaro
Master Cheater
Reputation: 3

Joined: 01 Aug 2019
Posts: 334
PostPosted: Wed Sep 29, 2021 7:27 am    Post subject: Reply with quote
VirtualQueryEx: https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualqueryex
Is a windows api used to retrive information about a range of page, I have never used this api in C#, only C/C++, so I can give you this example:
Code:
#include <iostream>
#include <Windows.h>

int main()
{
    // Get a handle to the process
    HWND hWnd = FindWindowA(NULL, "Calculator");

    DWORD pid = 0;
    GetWindowThreadProcessId(hWnd, &pid);

    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    // Declaration of some variables
    MEMORY_BASIC_INFORMATION mbi;
    PCHAR ptr = nullptr;

    // Start querying
    SIZE_T i = 0;
    while (VirtualQueryEx(hProcess, ptr, &mbi, sizeof(mbi)))
    {
        if (mbi.State == MEM_COMMIT && mbi.Protect != PAGE_NOACCESS)
        {
            std::cout << std::dec << i++ << ") Base: " << std::hex << mbi.BaseAddress << " | Size: " << mbi.RegionSize << std::endl;
        }

        ptr += mbi.RegionSize;
    }

    // getchar(); // Used as pause
    CloseHandle(hProcess);
    return 0;
}


The following code should enumerate the page where the code you're looking for is located, after that you have to call ReadProcessMemory for each chunk you founded and look for the AOB, it may be difficult to do for someone new to programming.
Back to top
View user's profile Send private message
KianBrose
Newbie cheater
Reputation: 0

Joined: 14 May 2021
Posts: 14
Location: Sweden
PostPosted: Wed Sep 29, 2021 11:44 am    Post subject: Reply with quote
Tysm! Had to some a lot of adjusting on the scanning section but it works flawlessly now!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites