Cheat Engine

kokkinogenis

Hello ! I found this valid multi-level pointer on a game that i play:

http://prntscr.com/cjzlhf

I am trying to read the dynamic address with this following C# code:

Dark Byte · Posted: Mon Sep 19, 2016 5:10 pm Post subject:

you're not adding the address of reddot dll to 007afc74

kokkinogenis · Posted: Tue Sep 20, 2016 7:08 am Post subject:

I found a good article in msdn on how to find base address of a module on a process. This is my code now:

kokkinogenis · Posted: Wed Sep 21, 2016 4:10 pm Post subject:

No one can help ?? Sad

Ed1717 · How do I cheat? Reputation: 1 Joined: 20 Sep 2016 Posts: 2

I have very little experience with C# and I do all of my programming for game exploits and such in C++. The general process is to 1.) Get the base address of a module, and a base offset that when added to the address of the module will yield another address 2.) The address from 1 will point to another address of which you add the next offset. 3.) Repeat 2 until last offset added and the address of the value you want is found.

Example C++:

#include <windows.h>

//Data type typedefs incase you aren't familiar with winapi types
typedef unsigned long DWORD;
typedef unsigned long* PDWORD; //DWORD for 32-bit addresses and offsets

typedef unsigned long long DWORD_PTR;
typedef unsigned long long* PDWORD_PTR; //DWORD_PTR for 64-bit addresses

void* GetHealth(void)
{
DWORD base_offset = 0x265A4C;
DWORD offset1 = 0xA4;
DWORD offset2 = 0x58C;
DWORD offset3 = 0x45;

//GetModuleHandle can be cast to void* to get the module address
DWORD_PTR base_module = (DWORD_PTR)((LPVOID)GetModuleHandle("module.dll"));

PDWORD_PTR pAddress1 = (PDWORD_PTR)(base_module+base_offset);
DWORD_PTR dwValue1 = *pAddress1;

PDWORD_PTR pAddress2 = (PDWORD_PTR)(dwValue1+offset1);
DWORD_PTR dwValue2 = *pAddress2;

PDWORD_PTR pAddress3 = (PDWORD_PTR)(dwValue2+offset2);
DWORD_PTR dwValue3 = *pAddress3;

void* pHealth = (void*)(dwValue3+offset3);
return pHealth;
}

Please forgive any format problems in my typing. Doing this on my iPad. Razz

kokkinogenis · Posted: Thu Sep 22, 2016 6:21 pm Post subject:

Ed1717 thank you very much for your reply. Unfortunetely i can understand very little from your code. I cannot uderstand for example what PWDWORD_PTR is(google doesn't seem to find it) and also * thing before the address. But... i can understand the logic of your program and what you do... and the thing is that i am getting always random addresses or zeros.

ParkourPenguin · Posted: Thu Sep 22, 2016 8:00 pm Post subject:

That method is applicable if you've injected a dll into the process and you're working from within the process's virtual address space.

The question of "how to find the base address of a module" is a very frequently asked question in gamehacking. Given the vast amount of information already available, I'm not surprised you're not getting any help.

After spending 10 seconds to google the phrase "C# get module base address", I found this that should help. If you still can't get it to work, you should be capable of debugging your program and finding out exactly where it fails.

kokkinogenis · Posted: Fri Sep 23, 2016 6:05 am Post subject:

ParkourPenguin · Posted: Fri Sep 23, 2016 8:31 am Post subject:

I would like to point out the number you were getting is the exact same number CE was getting. Your output was in base 10, CE's output was in base 16. 122,503,496 == 0x74D4148

kokkinogenis · Posted: Fri Sep 23, 2016 1:09 pm Post subject:

OMG you are right. I tested it. I am so dump. Thank you very much Smile