Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


just for how to writeprocessmemory and cheatengine’s initial

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
bbc9527
How do I cheat?
Reputation: 0

Joined: 16 Dec 2012
Posts: 1
PostPosted: Mon Dec 24, 2012 7:05 am    Post subject: just for how to writeprocessmemory and cheatengine’s initial Reply with quote
I need some help ,just for how to writeprocessmemory and cheatengine’s initialization
I'm trying to make a program, and part of it needs to writeprocessmemory to one of the the running processes(War3.exe in win32 windows7) and this process has been HOOK NTopenprocess .
I test that if formsettings.cbKernelReadWriteProcessMemory.checked and if formsettings.cbKernelOpenProcess.Checked and if TMainForm.Freezealladdresses2Click cheatengine can writeprocessmemory sucessful,
in order to find out how cheatengine (I use cheatengine 5.6 src )works ,I Track The Variable In delphi 7 (Add Breakpoint before writeprocessmemory and Add Watch to the Variable), and after that I found although The Variable usedbkreadwrite is The same value(ture) but writeprocessmemory failured,

my code :

Code:
procedure TForm1.btn1Click(Sender: TObject);
var
DllVersion : String;
begin
    UseDBKOpenProcess;// LoadDBK32;
    UseDBKReadWriteMemory; //  DBKReadWrite:=true;

    pid:=GetProcessID( 'war3.exe');
     if pid<>0 then
    begin
       lbl1.Caption:='pid'+inttostr(pid);

    end;
    game_dll_BaseAddr:=BEnumProcesses(pid,'Game.dll');
   if GetAppVersion(DllfullName)<>'' then
    begin
      DllVersion:=GetAppVersion(DllfullName);
      end;
        lbl4.Caption:=DllVersion;
     if DllVersion='1.24.4.6387'then
     begin
       hProcess := OpenProcess(PROCESS_ALL_ACCESS,false,pid);//
        lbl2.Caption:='hprocess'+inttostr(hProcess);
     if hProcess <> 0 then
      begin
    patch($356D9C, 3677601843,4);

        CloseHandle(hProcess);
      end;
     end;

procedure Patch(Address: Integer; Value, Size: Integer);
begin
  WriteMemory(address +  game_dll_BaseAddr,Value ,size );
end;


procedure WriteMemory(Address: Integer; intValue, size: Integer);
var
  buffer : ^Integer;
  null : THandle;
  original,oldPro : integer;
  mbi: TMemoryBasicInformation;
begin
  New(buffer);
  buffer^ := intValue;
  if hprocess<>0 then
  begin
    queryaddr:=virtualqueryEx(hProcess,pointer(address),mbi,sizeof(mbi));//just watch MemoryBasicInformation;
    memgetsucess:=VirtualProtectEx( hProcess,Pointer(Address),size, PAGE_EXECUTE_READWRITE,integer(mbi.Protect));// return false if NTopenprocess has been HOOK(r0) windows 7 (win32)
    sucess:=WriteProcessMemory(hprocess,Pointer(Address), buffer ,size , null);//
    memsetsucess:=VirtualProtectEx( hProcess,Pointer(Address),size, integer(mbi.Protect),original);  //
  end;
           if queryaddr=sizeof(mbi) then
        begin
           querysuc:=True;
        end else
        begin
           querysuc:=false;
        end;

  Dispose(buffer);
end;




in the delphi7 watch to the Variable ,I find that if HOOK NTopenprocess (ring0) not works,VirtualProtectEx( hProcess,Pointer(Address),size, PAGE_EXECUTE_READWRITE,integer(mbi.Protect)) return success but HOOK NTopenprocess (ring0) works it failured,and I'm sure I got the SeDebugPrivilege;



my Problem is that cheatengine’s initialization or before TMainForm.Freezealladdresses2Click HOW cheatengine get the PAGE_EXECUTE_READWRITE privileges,attach the process or Another method (Inject dll)?
How can I do it?
picture is about cheatengine 5.6 src I Track The Variable In delphi 7 (Add Breakpoint before writeprocessmemory and Add Watch to the Variable),

4.jpg
 Description:
 Filesize:  18.46 KB
 Viewed:  7238 Time(s)

4.jpg
3.jpg
 Description:
 Filesize:  72.83 KB
 Viewed:  7238 Time(s)

3.jpg

_________________
just coding
Back to top
View user's profile Send private message MSN Messenger
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25831
Location: The netherlands
PostPosted: Mon Dec 24, 2012 8:58 am    Post subject: Reply with quote
OpenProces, VirtualQueryEx and Read/WriteProcessMemory are pointers to a function.
Newkernelhandler.pas decides where those pointers point to.

When using kernelmode openprocess, the OpenProcess call will go to the OpenProcess function implemented in dbk32functions.pas (in 5.x that's in dbk32.dll)
That function tells the dbk32.sys driver to obtain a handle to the process and return it to usermode.
If it fails to get a valid handle, dbk32functions will create a shadow handle that is only valid for the functions of dbk32 itself. (It's used to know the EProcess address of the process opened)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites