Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Memory scan

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
programme-zero
How do I cheat?
Reputation: 0

Joined: 05 May 2014
Posts: 1
PostPosted: Mon May 05, 2014 4:17 pm    Post subject: Memory scan Reply with quote
Hi everyone,
Cheat Engine is detected by all the anti cheat in the world so i'm writing my own memory scanner but I get some problems...
My memory scanner don't found my variable in my test application and I don't understand why (but it found correct variable that I can find with cheat engine).
My code :
Code:
#include <windows.h>
#include <stdio.h>
#include <iostream>

int founded = 0;
int total = 0;

// Below are helper functions
BOOL DoRtlAdjustPrivilege()
{
   #define SE_DEBUG_PRIVILEGE   20L
   #define AdjustCurrentProcess   0
   BOOL bPrev = FALSE;
   LONG (WINAPI *RtlAdjustPrivilege)(DWORD, BOOL, INT, PBOOL);
   *(FARPROC *)&RtlAdjustPrivilege = GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlAdjustPrivilege");
   if(!RtlAdjustPrivilege) return FALSE;
   RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, AdjustCurrentProcess, &bPrev);
   return TRUE;
}

typedef BOOL (CALLBACK *LPENUMADDRESSES)(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect);
BOOL EnumProcessAddresses(HANDLE hProcess, LPENUMADDRESSES lpCallback)
{
   MEMORY_BASIC_INFORMATION mbi;
   SYSTEM_INFO msi;
   ZeroMemory(&mbi, sizeof(mbi));
   GetSystemInfo(&msi);
   for(LPBYTE lpAddress = (LPBYTE)msi.lpMinimumApplicationAddress;
      lpAddress <= (LPBYTE)msi.lpMaximumApplicationAddress;
      lpAddress += mbi.RegionSize){
      if(VirtualQueryEx(hProcess, lpAddress, &mbi, sizeof(mbi))){
         if(lpCallback && !lpCallback((LPBYTE)mbi.BaseAddress, mbi.RegionSize,
            mbi.State, mbi.Type, mbi.Protect)) return FALSE;
      } else break;
   }
   return TRUE;
}

// Below is actual code --
BOOL CALLBACK DoSomethingForAddress(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect)
{
    int value = 0;
    HWND hWnd = FindWindow(0, "Sandbox 2");
    DWORD proccess_ID;
    GetWindowThreadProcessId(hWnd, &proccess_ID);
   HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,proccess_ID);
    ReadProcessMemory(phandle,(void*)lpAddress,&value,sizeof(value),0);
   printf("0x%08X - 0x%08X (0x%08X) : ", lpAddress, (lpAddress + dwSize), dwSize);
   printf("(%d)", value);
   if (value == 5462)
        {
            founded += 1;
           printf(" FOUND !");
    }
    total += 1;
   printf("\n");
   return TRUE;
}

int main(int argc, char **argv)
{
   if(!DoRtlAdjustPrivilege()) return 1;// Error 1
   HWND hWnd = FindWindow(0, "Sandbox 2");
   DWORD proccess_ID;
    GetWindowThreadProcessId(hWnd, &proccess_ID);
   HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proccess_ID);
   if(hProcess == NULL) return 2; // Error 2
   printf("=====SCAN BEGIN===== \n");
   EnumProcessAddresses(hProcess, DoSomethingForAddress);
   CloseHandle(hProcess);
   printf("=====END OF THE SCAN===== \n");
   printf("Found : %d\n", founded);
   printf("Total : %d", total);

   return 0;
}
[/code]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites