| View previous topic :: View next topic |
| Author |
Message |
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
 Posted: Fri Mar 08, 2013 9:13 pm Post subject: |
 |
|
| Wiccaan wrote: | | Change the _tcscmp to _tcsicmp to perform a lower-case compare on the strings so that the compare is not case-sensitive. |
Thanks, edited the original post. |
|
| Back to top |
|
 |
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Fri Mar 08, 2013 9:43 pm Post subject: |
|
|
| I changed the _tcscmp to _tcsicmp, and added a closeHandle (closeHandle wouldn't affect it.), but it didn't change the output (0). |
|
| Back to top |
|
|
DDS
Expert Cheater
 Reputation: 3
Joined: 10 Feb 2011
Posts: 112
Location: Bill's Planet
|
| Posted: Sat Mar 09, 2013 9:00 am Post subject: |
|
|
Make Sure that you are Getting the Right ProcId and Also Make Sure that the Module jvm.dll is the Right one - it Could be minecraft.exe
_________________
elDarkDragonSlayer |
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Sat Mar 09, 2013 6:43 pm Post subject: |
|
|
| The address is: ""jvm.dll"+0066ED50" |
|
| Back to top |
|
|
Acubra
Advanced Cheater
![]() Reputation: 0
Joined: 19 Jun 2011
Posts: 64
Location: C:\Windows\System32\HoG
|
| Posted: Fri Mar 15, 2013 9:24 am Post subject: |
|
|
| You may have insufficient rights. Try to start your program as administrator and make sure it's a 32-bit application(not sure if the provided function works with 64-bit applications too). |
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
|
| Back to top |
|
|
Acubra
Advanced Cheater
![]() Reputation: 0
Joined: 19 Jun 2011
Posts: 64
Location: C:\Windows\System32\HoG
|
| Posted: Mon Mar 18, 2013 11:58 am Post subject: |
|
|
Hey,
sorry for my late answer.
If you are under windows 7, open your taskmanager and got to the "process" tab. If your game is a 32 bit application you will see a " *32" behind the process name. |
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Mon Mar 18, 2013 12:22 pm Post subject: |
|
|
| Acubra wrote: |
Hey,
sorry for my late answer.
If you are under windows 7, open your taskmanager and got to the "process" tab. If your game is a 32 bit application you will see a " *32" behind the process name. |
I checked it and it does run as a 32 bit application. |
|
| Back to top |
|
|
Acubra
Advanced Cheater
![]() Reputation: 0
Joined: 19 Jun 2011
Posts: 64
Location: C:\Windows\System32\HoG
|
| Posted: Mon Mar 18, 2013 1:30 pm Post subject: |
|
|
Hey,
try to call this function once, before you try to read the values.
| Code: |
void ActivateSeDebugPrivilege(void)
{
HANDLE hToken;
LUID Val;
TOKEN_PRIVILEGES tp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
MessageBoxW(NULL, L"Failed to OpenProcessToken!", L"Error!", MB_OK);
//return(GetLastError());
return;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Val))
{
MessageBoxW(NULL, L"Failed to LookupPrivilegeValue!", L"Error!", MB_OK);
return;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = Val;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
{
MessageBoxW(NULL, L"Failed to AdjustTokenPrivileges!", L"Error!", MB_OK);
return;
}
CloseHandle(hToken);
return;
}
|
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Mon Mar 18, 2013 1:40 pm Post subject: |
|
|
All I need to do is read the variable from this address: "jvm.dll"+0066ED50
offsets (hex, in order from base address to the last pointer): 1A0, 1A8, 68, 70, 68, 1A8.
But it's got rather confusing. |
|
| Back to top |
|
|
Acubra
Advanced Cheater
![]() Reputation: 0
Joined: 19 Jun 2011
Posts: 64
Location: C:\Windows\System32\HoG
|
| Posted: Mon Mar 18, 2013 3:30 pm Post subject: |
|
|
Hey,
in theory you should obtain the base address of the module (jvm.dll) and call ReadProcessMemory with BaseAddress+0066ED50 as address. I don't know what is going wrong on your side. |
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Mon Mar 18, 2013 3:47 pm Post subject: |
|
|
| Acubra wrote: | Hey,
in theory you should obtain the base address of the module (jvm.dll) and call ReadProcessMemory with BaseAddress+0066ED50 as address. I don't know what is going wrong on your side. |
I am trying to get the base address using this: http://forum.cheatengine.org/viewtopic.php?p=5240405#5240405
function, but it always returns 0. |
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Mon Mar 18, 2013 7:14 pm Post subject: |
 |
|
Acruba what you posted 'void ActivateSeDebugPrivilege(void)' that's only for Windows XP, unless he's running windows XP then that isn't the problem... (OpenProcess fails on XP if you don't request those token privileges [they didn't have 'Run as administrator' back then so that was the only safeguard (not much of one though haha as anyone could just get them, it was mainly just an extra step...])
Are you sure that's what's returning zero? debug print out everything! if something else is failing before that, then of course that's going to fail too! Make sure that's where the problem actually is.
If you still can't get the base address of 'jvm.dll' of whatever exe that is, then try one of my functions instead posted here: http://forum.cheatengine.org/viewtopic.php?t=563414
GetModuleBaseEx is more complicated and needs a bit of setup... So try the other one first 'GetModuleBase' but like I said make sure you're even getting a valid handle to the exe too!
Note: I use unicode strings so call them with an L in front of your string like this (also neither of my functions are case sensitive):
| Code: |
ULONG RemoteProcessId = 0;
HANDLE RemoteProcessHandle = GetProcessHandle(L"whateveryourexeiscalled.exe", &RemoteProcessId);
if(RemoteProcessHandle == 0 && RemoteProcessId == 0)
{
OutputDebugStringW(L"Didn't get neither process handle nor process id");
}
//then:
ULONG DLLModuleBase = GetModuleBase(L"jvc.dll", RemoteProcessId);
if(DLLModuleBase == 0)
{
OutputDebugStringW(L"Failed getting module base :( Still?");
}
|
| Code: |
#include <tlhelp32.h>
//Get process ids/handles/modules functions
ULONG GetModuleBase(wchar_t *ModuleName, ULONG ProcessId)
{
MODULEENTRY32W *me = new MODULEENTRY32W;
HANDLE Snap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
me->dwSize = sizeof(MODULEENTRY32W);
if(Snap == INVALID_HANDLE_VALUE)
{
delete me;
return 0;
}
BOOL bModule = Module32First(Snap, me);
while(bModule)
{
if(!ModuleName|| _wcsicmp(me->szModule, ModuleName) == 0)
{
CloseHandle(Snap);
return (ULONG)me->modBaseAddr;
}
bModule = Module32Next(Snap, me);
}
CloseHandle(Snap);
delete me;
return 0;
}
HANDLE GetProcessHandle(wchar_t *ProcessName, ULONG *ReturnedProcessId)
{
PROCESSENTRY32W *pe = new PROCESSENTRY32W;
HANDLE Snap;
pe->dwSize = sizeof(PROCESSENTRY32W);
Snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(Snap == INVALID_HANDLE_VALUE)
{
delete pe;
return 0;
}
BOOL bProcess = Process32FirstW(Snap, pe);
while(bProcess)
{
if(_wcsicmp(pe->szExeFile, ProcessName) == 0)
{
HANDLE ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pe->th32ProcessID);
if(ReturnedProcessId)
*ReturnedProcessId = pe->th32ProcessID;
CloseHandle(Snap);
delete pe;
return ProcessHandle;
}
bProcess = Process32NextW(Snap, pe);
}
CloseHandle(Snap);
delete pe;
return 0;
}
|
Now it's got to work! And like I said if you are actually using XP, then do actually call that function that Acruba posted! Seriously there's been countless times when I've released trainers and things where I forgot to include activating those SE_DEBUG_NAME token privileges and all XP users complain! lol
| Acubra wrote: | Hey,
try to call this function once, before you try to read the values.
|
No! Not before you try to read the values! before you even call OpenProcess!
_________________
|
|
| Back to top |
|
|
deleted user 343211
Cheater
![]() Reputation: 0
Joined: 09 Feb 2013
Posts: 29
|
| Posted: Mon Mar 18, 2013 8:18 pm Post subject: |
|
|
| SteveAndrew wrote: |
-snip-
|
I get this error from your "GetModuleBase" function: "MODULEENTRY32W *" is incompatible with parameter of type "LPMODULEENTRY32".
How can I fix that without using unicode character set?. |
|
| Back to top |
|
|
SteveAndrew
Master Cheater
Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Mon Mar 18, 2013 9:47 pm Post subject: |
|
|
Oh that's silly of me! See I have unicode defined so sometimes I don't catch all the places I should use manually force using the 'W' version...
Change 2 lines:
'BOOL bModule = Module32First(Snap, me);'
to:
BOOL bModule = Module32FirstW(Snap, me);
and:
'bModule = Module32Next(Snap, me);'
to:
'bModule = Module32NextW(Snap, me);'
You could see in the other function I didn't make the same error, and I do actually have the 'W' in Process32FirstW and Process32NextW calls...
Or since you wanted a non-unicode version of it, with that function it's not much to change...
W's replaced with A's, wchar_t's replaced with chars and _wcsicmp/_wcscmpi (case insensitive wide char compare) replaced with stricmp/strcmpi (case insensitive ansi string compare)
| Code: |
ULONG GetModuleBase(char *ModuleName, ULONG ProcessId)
{
MODULEENTRY32A *me = new MODULEENTRY32A;
HANDLE Snap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
me->dwSize = sizeof(MODULEENTRY32A);
if(Snap == INVALID_HANDLE_VALUE)
{
delete me;
return 0;
}
BOOL bModule = Module32FirstA(Snap, me);
while(bModule)
{
if(stricmp(me->szModule, ModuleName) == 0)
{
CloseHandle(Snap);
delete me; //also I forgot this! lol memory leak no more!
return (ULONG)me->modBaseAddr;
}
bModule = Module32NextA(Snap, me);
}
CloseHandle(Snap);
delete me;
return 0;
}
|
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
