• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 1 of 2 12 LastLast
    Results 1 to 10 of 11
    1. #1
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      zeion's Avatar
      Join Date
      Aug 2013
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0

      How to access this multi-level pointer address value in DLL injection?

      John Kittz
      Hi there,

      So I've successfully found the static address I want to write to after doing a pointer scan on CE.
      I end up with something like "game.exe" + offset 1 (long) + offset 2 + offset 3 + offset 4 + offset 5.

      My question is, how can I find the address to write to in c++ after dll injection? Do I need to find the address for "game.exe" somehow? Or is the base address the first long offset? (offset1)?

      Right now I'm trying to get "game.exe" 's address by GetModuleHandle(0) but it seems to give me the same address (0x400000) each time, which shouldn't be right. Since, if I try to calculate the address for "game.exe" manually by subtracting the first offset in CE I get a different value for "game.exe" each time.

      I hope I've explained clearly, please help me if you can, thanks.

    2. #2
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      0x400000 is perfectly fine, thats where it's mapped on virtual memory space by windows. If you want to get an address of another module though, call GetModuleHandle
      How to access this multi-level pointer address value in DLL injection?

    3. #3
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      zeion's Avatar
      Join Date
      Aug 2013
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      Okay, maybe I'm not understanding this completely but, I thought the point of the offsets was so that we could locate the dynamic address that changes each time because the base address changes each time?

      This is what CE is telling me:

      Click image for larger version. 

Name:	ce_ss.png 
Views:	7 
Size:	27.5 KB 
ID:	2009

      Which would mean that "game.exe" = E13E070 - 12D90D4 = CE64F9C?

      Now when I restart the game I get this:

      Click image for larger version. 

Name:	ce_ss2.png 
Views:	2 
Size:	45.0 KB 
ID:	2010

      Which would mean that "game.exe = E189660 - 12D90D4 = CEB058C correct?

      So I am just confused as to how to get this value of "game.exe"? Or am I going about this the wrong way?

    4. #4
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      "Value" of game.exe would be 0x400000 , ie. (UINT)GetModuleHandleA("game.exe");
      How to access this multi-level pointer address value in DLL injection?

    5. #5
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      zeion's Avatar
      Join Date
      Aug 2013
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      Okay so, based on what CE is telling me, how would I write to the final pointer address shown there in my injected c++ dll?

      Right now I'm trying this:

      Code:
              DWORD gameBase = GetModuleHandleA("game.exe");
      	DWORD pdwAddress = (DWORD)(*(DWORD*) gameBase + 0x12D90D4);
      	DWORD pdw2ndAddress = (DWORD)(*(DWORD*) pdwAddress + 0x44 );
      	DWORD pdw3rdAddress = (DWORD)(*(DWORD*) pdw2ndAddress + 0x1C );
      	DWORD pdw4thAddress = (DWORD)(*(DWORD*) pdw3rdAddress + 0x64 );
      	DWORD AddressToWrite = (DWORD)(*(DWORD*) pdw4thAddress + 0x10C );
      Would that give me the proper final address?

    6. #6
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      Quote Originally Posted by zeion View Post
      Would that give me the proper final address?
      Yes. Try it
      How to access this multi-level pointer address value in DLL injection?

    7. #7
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      zeion's Avatar
      Join Date
      Aug 2013
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      My game crashes whenever I try to tell the DLL to calculate the address for some reason.. I've also tried to use the FindDmaAddy function from fleep's tutorial but that gives me a weird address of 9, which I don't think is right. I'm not actually writing to memory yet so it seems to crash even just by calculating address. Any ideas why? The game gives me an exception saying that the memory at address 0x_____ could not be read.

    8. #8
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      Attach a debugger and step through or catch the exception. Probably your first address where it goes wrong
      How to access this multi-level pointer address value in DLL injection?

    9. #9
      Coder
      Kappa
       
      Hacking
       
      Szaka's Avatar
      Join Date
      Mar 2013
      Posts
      168
      Thanks (-->)
      1
      Thanks (<--)
      6
      or maybe u coded app with 400000 address and not 0x400000. CE shows every offset in hex, this mistke is common

    10. #10
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      zeion's Avatar
      Join Date
      Aug 2013
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      Cheats'n'Trainers
      If I do this it should work right?

      Code:
      DWORD pdwAddress = (DWORD)(*(DWORD*) 0x400000 + 0x12D90D4);
      DWORD pdw2ndAddress = (DWORD)(*(DWORD*) pdwAddress + 0x44 );
      DWORD pdw3rdAddress = (DWORD)(*(DWORD*) pdw2ndAddress + 0x1C );
      DWORD pdw4thAddress = (DWORD)(*(DWORD*) pdw3rdAddress + 0x64 );
      AddressToWrite = (DWORD)(*(DWORD*) pdw4thAddress + 0x10C );
      Although it still gives me error: memory could not be "read"... would that mean that one of the offsets is wrong? Or the way I de-reference the poitners?

      Also I don't need to include the 0x0 offset right?
      Last edited by zeion; 09-02-2013 at 11:34 AM.

    Page 1 of 2 12 LastLast

    Similar Game Hacker Threads

    1. Replies: 8
      Last Post: 03-24-2015, 07:54 AM
    2. [Help] Pointer / Multi-Level Pointer in VB.NET
      By Vultrax in forum Visual Basic
      Replies: 1
      Last Post: 10-30-2014, 03:23 AM
    3. [Help] Base Address and Multi Level Pointer (TrackMania)
      By FlexXx1212 in forum GH Tutorials Help
      Replies: 12
      Last Post: 11-27-2013, 12:53 PM
    4. [TuT]BlackPitchPL - Multi Level pointer and reclass
      By BlackPitchPL in forum Tutorials and Snippets
      Replies: 4
      Last Post: 01-22-2013, 04:16 AM
    5. C++ Writing Multi Level Pointer?
      By baseball435 in forum C/C++
      Replies: 4
      Last Post: 09-20-2012, 10:52 AM

    Tags for this Thread