 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
penpenpen
Cheater
![]() Reputation: 0
Joined: 23 Feb 2014
Posts: 39
|
 Posted: Sun Feb 23, 2014 10:08 am Post subject: [Delphi(+FPC)] Access Pointer Data |
 |
|
Hey everyone,
Really simple question, since I'm confused by the mass of information google delivers here  ...
The adress I need is | Code: | | minesweeper.exe+AAA38 + 18 + 14 |
how do I find the memory adress of a process in delphi or fpc and add offsets to it so that I can use a Pointer I found in CE ?
Here's the code I have and understand:
| Code: | Address := $0027FA24;
NewValue := 1;
Data := 4; //Means 4 Byte right ?
WndHandle := FindWindow(nil,'Minesweeper');
if WndHandle <> 0 then
begin
GetWindowThreadProcessId(WndHandle,@Pid);
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
// The adress I need is minesweeper.exe+AAA38 + 18 + 14
// How do i get there ?
ReadProcessMemory(Pidhandle, pointer(Address), @NewValue, Data, nil);
closehandle(Pidhandle);
end;
edit1.Text := inttostr(NewValue); |
I googled and found
"GetModuleHandle" which always returns 0 though. I've also red the MSDN article and am not even sure if thats what I need to use. What about GetProcAddress ? Will that work to find an adress. Do i need to use a dword to add the offsets ?
A sample code would be awesome 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25823
Location: The netherlands
|
| Posted: Sun Feb 23, 2014 11:09 am Post subject: |
|
|
it's [[minesweeper.exe+AAA38] + 18] + 14
and keep in mind that every [xxx] means to read the pointer stored at xxx and replace [xxx] with that value
so, :
you have [[minesweeper.exe+AAA38] + 18] + 14
read the pointer stored at
minesweeper.exe+AAA38 (call it x)
that gives:
[x + 18] + 14
now read the pointer stored at x+18 (call it y)
And that gets you the final address: y+14=address
keep in mind, In 32-bit a pointer is a 4 byte value , in 64-bit it's a 8 byte value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
penpenpen
Cheater
![]() Reputation: 0
Joined: 23 Feb 2014
Posts: 39
|
| Posted: Sun Feb 23, 2014 11:32 am Post subject: |
|
|
Thanks for your reply 
I changed my programm like this:
| Code: | WndHandle, Pid, Pidhandle,NewValue, Data : integer;
Address: DWord;
Wert:Dword;
ModuleHandle: HMODULE;
begin
Address := $0027FA24;
NewValue := 1;
Data := 4; //Means 4 Byte right ?
WndHandle := FindWindow(nil,'Minesweeper');
if WndHandle <> 0 then
begin
GetWindowThreadProcessId(WndHandle,@Pid);
Pidhandle := OpenProcess(PROCESS_ALL_ACCESS,False,Pid);
// The adress I need is minesweeper.exe+AAA38 + 18 + 14
// How do i get there ?
ReadProcessMemory(Pidhandle, pointer($AAA38), @NewValue, Data, nil);
@NewValue := @NewValue+ $18;
ReadProcessMemory(Pidhandle, pointer(NewValue), @NewValue, Data, nil);
@NewValue := @NewValue+ $14;
ReadProcessMemory(Pidhandle, pointer(NewValue), @NewValue, Data, nil);
closehandle(Pidhandle);
end;
edit1.Text := inttostr(NewValue); |
Now I'm getting the error "Can't Assign values to an address".
Does the code even make sense :X ? How do I add the offset to NewValue ?
//edit:
Guess I still need the address of minesweeper.exe to start with :X .. GetModuleHandle only results 0. This is all so confusing D:...
Anyone any idea ?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25823
Location: The netherlands
|
| Posted: Sun Feb 23, 2014 4:02 pm Post subject: |
|
|
Look up the api's Toolhelp32snaphot and module32first/module32next to find the base address of modules
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
penpenpen
Cheater
![]() Reputation: 0
Joined: 23 Feb 2014
Posts: 39
|
| Posted: Mon Feb 24, 2014 6:40 am Post subject: |
|
|
Thank you =).
I've been searching for those and found a thread in this Forum where someone posted this function:
| Code: | function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
Modules : Array of HMODULE;
cbNeeded, i : Cardinal;
ModuleInfo : TModuleInfo;
ModuleName : Array[0..MAX_PATH] of Char;
PHandle : THandle;
begin
Result := nil;
SetLength(Modules, 1024);
PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
if (PHandle <> 0) then
begin
EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded); //Getting the enumeration of modules
SetLength(Modules, cbNeeded div SizeOf(HMODULE)); //Setting the number of modules
for i := 0 to Length(Modules) - 1 do //Start the loop
begin
GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName)); //Getting the name of module
if AnsiCompareText(MName, ModuleName) = 0 then //If the module name matches with the name of module we are looking for...
begin
GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo)); //Get the information of module
Result := ModuleInfo.lpBaseOfDll; //Return the information we want (The image base address)
CloseHandle(PHandle);
Exit;
end;
end;
end;
end; |
After i got it running in FPC the problem is that it only returns 0 for 64 bit applications.
for example:
| Code: | | Label1.Caption := IntToHex(Ulong(GetModuleBaseAddress(StrToInt('132400'), 'MineSweeper.exe')), 8); |
Returns: 0
What can I do to fix that ?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25823
Location: The netherlands
|
| Posted: Mon Feb 24, 2014 6:48 am Post subject: |
|
|
Compile your program to 64-bit using a 64-bit version of FPC
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
penpenpen
Cheater
![]() Reputation: 0
Joined: 23 Feb 2014
Posts: 39
|
| Posted: Mon Feb 24, 2014 9:05 am Post subject: |
|
|
Thanks again
I did that, now I got another weird Problem:
| Code: | var
InitialAddress : DWord;
begin
InitialAddress := dword(GetModuleBaseAddress(134648, 'MineSweeper.exe')) ;
Label1.Caption := IntToHex(InitialAddress, 8);
Label2.Caption := IntToHex(dword(GetModuleBaseAddress(134648, 'MineSweeper.exe') ),8); |
A) Label1 is different from Label 2 !?
B) Both dont show the right base address. It's FF090000 in CE and the Labels show: Label1: 771A9AA6 Label2: 0102DE00
How can that happen ?
How do i get the right address ?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25823
Location: The netherlands
|
| Posted: Mon Feb 24, 2014 9:21 am Post subject: |
|
|
Not sure, perhaps you set the captions somewhere else as well. Try stepping through the code with the debugger
Also, if the target is 64 bit then the module base is a qword, not dword.
I recommend ptruint as that's easier to deal with
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
penpenpen
Cheater
![]() Reputation: 0
Joined: 23 Feb 2014
Posts: 39
|
| Posted: Mon Feb 24, 2014 10:19 am Post subject: |
|
|
With this code both labels show the same:
| Code: | Label1.Caption := IntToHex(InitialAddress, 8);
InitialAddress := qword(GetModuleBaseAddress(134648, 'MineSweeper.exe')) +$AAA38 ;
Label1.Caption := IntToHex(InitialAddress, 8);
Label2.Caption := IntToHex(qword(GetModuleBaseAddress(134648, 'MineSweeper.exe')+$AAA38 ),8); |
with this, they dont:
| Code: |
InitialAddress := qword(GetModuleBaseAddress(134648, 'MineSweeper.exe')) +$AAA38 ;
Label1.Caption := IntToHex(InitialAddress, 8);
Label2.Caption := IntToHex(qword(GetModuleBaseAddress(134648, 'MineSweeper.exe')+$AAA38 ),8); |
The code is really small so there is nothing else writing to the labels. Kinda weird.
Anyways "GetModuleBaseAddress" still does not return the same address as CE.
You've been really helpful this far. Any input is still appreciated. gotta try to find out whats going wrong.
If you want I can post the whole project file.
//EDIT:
Wooohow.. Finally got it to find the right address with this function:
| Code: | Function GetModuleBaseAddress(dwProcID: DWord; szModule: pChar): Cardinal;
var
xModule: TMODULEENTRY32;
hSnap: THandle;
begin
hSnap := CreateToolHelp32SnapShot(TH32CS_SNAPMODULE, dwProcID);
xModule.dwSize := SizeOf(MODULEENTRY32);
Module32First(hSnap, xModule);
repeat
if LowerCase(xModule.szModule) = LowerCase(szModule) then
begin
result := Cardinal(xModule.modBaseAddr);
break;
end;
until (not(Module32Next(hSnap, xModule)));
CloseHandle(hSnap);
end; |
Thanks alot for all the help *---*
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
