 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
92Garfield
I'm a spammer
 Reputation: 57
Joined: 20 Dec 2007
Posts: 5871
Location: Banana Republic Germany
|
 Posted: Mon Jul 21, 2014 1:42 pm Post subject: [C++] Memory Scanner, can't find the base address |
 |
|
I started to make a console memory scanner in C++, not because I want to, but I need one.
To test I made a small C++ program with a single variable of which the value and address and printed using cout.
I managed to find and edit the value, but only by scanning my entire RAM (?).
Here is the code for my scanner so far
| Code: | #include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <TlHelp32.h>
#include <psapi.h>
using namespace std;
DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
int _tmain(int argc, _TCHAR* argv[])
{
int a;
HWND handle = FindWindow(0 ,TEXT("D:\\Dropbox\\0.9 C++\\justAValue\\Release\\justAValue.exe"));
if(handle == 0) {
cout<<"Failed to find window";
cin>>a;
} else {
DWORD ID;
GetWindowThreadProcessId(handle,&ID);
HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION, FALSE, ID);
int buffer;
DWORD baseAddr = 0;
int adress = 0;
BOOL check = ReadProcessMemory(hProcess, (void *)((int)baseAddr + adress), &buffer, 4, NULL);
while (buffer != 330880257 || true) {
adress += 4;
check = ReadProcessMemory(hProcess, (void *)((int)baseAddr + adress), &buffer, 4, NULL);
if (adress % 10000000 == 0) cout<<">>"<<buffer<<" at "<<adress<<": "<<check<<endl;
if (buffer == 330880257 && check > 0) cout<<">"<<buffer<<" at "<<adress<<": "<<check<<endl;
}
cout<<"something: "<<buffer<<"; "<<adress;
cin>>a;
}
} |
330880257 is just the value of the variable in my test application.
May anyone show me how to find the base address or the area in my RAM where a process memory is?
Alternatively, I'd be happy to just get a working console memory scanner (input values to search until 1 address is found, then just check that address when asked)
_________________
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Jul 21, 2014 2:48 pm Post subject: |
|
|
Your given code never touches 'dwGetModuleBaseAddress'.
Instead of using _tcscmp also, do a lower-case compare on both names:
_tcsicmp
This way the compare is not case sensitive if the module has a funky name like ThIsIsMyProCESSnamE.exe
For scanning, use VirtualQueryEx it iterate the pages that you can access as well.
_________________
- Retired. |
|
| Back to top |
|
|
92Garfield
I'm a spammer
Reputation: 57
Joined: 20 Dec 2007
Posts: 5871
Location: Banana Republic Germany
|
| Posted: Mon Jul 21, 2014 3:18 pm Post subject: |
|
|
Oh right, I copied that function, but I didn't manage to use it.
Can you give me an example usage for it and VirtualQueryEx ?
I don't see any problem with reading memory using ReadProcessMemory
_________________
|
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Mon Jul 21, 2014 3:21 pm Post subject: |
|
|
| Code: |
while (buffer != 330880257 || true)
|
I don't think that does what you think it does.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
|
| Back to top |
|
|
92Garfield
I'm a spammer
Reputation: 57
Joined: 20 Dec 2007
Posts: 5871
Location: Banana Republic Germany
|
| Posted: Tue Jul 22, 2014 4:37 am Post subject: |
|
|
I think I got it, but as my assumption is based on testing rather than knowledge I'd like to hear your opinion.
| Code: |
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <TlHelp32.h>
#include <psapi.h>
using namespace std;
LPVOID* bufferLarge = new LPVOID[1024 * 1024 * 100];
void scanMemQuick(DWORD start, DWORD end, int value, HANDLE target) {
DWORD read = 0;
TCHAR foundet[200];
DWORD len = end - start;
BOOL check;
check = ReadProcessMemory(target, (void*)start, bufferLarge, len, &read);
for (int i = 0; i < len; i++) {
if ((int)bufferLarge[i] == value) cout<<"Found: "<<start+(i*4)<<": "<<value<<endl;
}
}
void search(int value, HANDLE target, int fromAddress, int endAdress) {
cout<<"Searching: "<<value<<endl;
MEMORY_BASIC_INFORMATION mbi;
unsigned int start, end;
unsigned int first = 0;
do {
VirtualQueryEx(target, (void*)fromAddress, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
if((mbi.State == MEM_COMMIT) && (mbi.Protect == PAGE_READWRITE) && (mbi.Type == MEM_PRIVATE)) {
start = (unsigned)mbi.BaseAddress;
end = (unsigned)mbi.BaseAddress+mbi.RegionSize;
//scanMem(start, end, value, target);
scanMemQuick(start, end, value, target);
if (first < 1) {first = start;} else if (first == start) break;
}
fromAddress += mbi.RegionSize;
} while(start < endAdress);
}
int _tmain(int argc, _TCHAR* argv[]) {
int a;
HWND handle = FindWindow(0 ,TEXT("D:\\Dropbox\\0.9 C++\\justAValue\\Release\\justAValue.exe"));
if(handle == 0) {
cout<<"Failed to find window";
cin>>a;
} else {
DWORD ID;
GetWindowThreadProcessId(handle,&ID);
HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION|PROCESS_QUERY_INFORMATION, FALSE, ID);
//330880266
search(330880266, hProcess, 0, 0xFFFFFFFF);
cout<<"DONE"<<endl;
cin>>a;
}
}
|
_________________
|
|
| Back to top |
|
|
sullx
Cheater
![]() Reputation: 0
Joined: 03 Jan 2013
Posts: 37
|
| Posted: Mon Jul 28, 2014 9:34 pm Post subject: |
|
|
An easy way to get the base address of a process is to inject a dll and then call GetModuleHandleW(0).
Example:
| Code: |
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
int base;
base = (ULONG)GetModuleHandleW(0);
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
Avoids the headache it can be to do it externally. If you are stuck on doing it from outside the memory space, make sure to take a look at this related thread http://forum.cheatengine.org/viewtopic.php?t=563414
Cheers,
SullX
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
