• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 2 of 2
    1. #1
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Timori's Avatar
      Join Date
      Feb 2014
      Posts
      3
      Thanks (-->)
      0
      Thanks (<--)
      0

      Finding Baseadress when there is a String in it?

      John Kittz
      Hello, im new to the Forum and new to Trainer programming.

      I have seen all the parts of the "How to make a Trainer / DLL Injector" tutorial but i just dot get 1 Thing.

      My Baseadress is:
      "starbound.exe"+063A5F84 (It is one base adress of many for the Pixel (Cash))
      So how would i get the correct BaseAddress?

      I have changed some code and added following lines:
      GetWindowThreadProcessId(hGameWindow, &dwProcID);
      if (dwProcID != 0)
      {
      hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
      if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
      {
      GameStatus = "Failed to open process";
      /*LINE ADDED ->*/ ExeAdress = (DWORD)GetModuleHandleA("starbound.exe");
      /*LINE ADDED ->*/ BaseAdress = ExeAdress + 0x063A5F84;
      }
      else
      {
      GameStatus = "Ready to Hack!!";
      isGameAvailable = true;
      /*LINE ADDED ->*/ ExeAdress = (DWORD)GetModuleHandleA("starbound.exe");
      /*LINE ADDED ->*/ BaseAdress = ExeAdress + 0x063A5F84;
      }


      My Problem is, that the Console, no matter if starbound is running or not, tells me the ExeAdress Variable is always = 0..
      But when i do open it in Cheat Engine, the Adress of Starbound is clearly not 0.. What am i doing wrong?

      EDIT: I have put the 2 lines in each in if and else because i dont want to open as admin all the time to see it working.

      EDIT2: I did now Change the BaseAdress = dwProcID + 0x063A5F84.
      The value that this is giving seems to be the correct one, as when i calculate the ID + 0x063A5F84 in the Microsoft Calculator, i get the same Decimal Value as shown in my Console for BaseAdress.

      But my Problem remains. The Trainer isn't changing anything in the Game. I already checked the Pointer if it is really the correct one, but it is this one.
      So i post my full source:

      #include <iostream>
      #include <Windows.h>
      #include <string>
      #include <ctime>

      DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress);
      void WriteToMemory(HANDLE hProcHandle);

      std::string GameName = "Starbound";
      LPCSTR LGameName = "Starbound - Beta";
      std::string GameStatus;

      bool isGameAvailable;
      bool updateOnNextRun;

      //Cash set to 909 Hex = 2313 Dec
      bool theStatus;
      BYTE AmmoValue[] = {0x9, 0x9, 0x0, 0x0};
      DWORD ExeAdress;
      DWORD BaseAdress;
      DWORD Offsets[] = {0xe8, 0xd8, 0x84, 0x10};
      //0x10, 0x84, 0xd8, 0xe8
      //0xe8, 0xd8, 0x84, 0x10

      int main()
      {
      HWND hGameWindow = NULL;
      int timeSinceLastUpdate = clock();
      int GameAvail = clock();
      int omePressTMR = clock();
      DWORD dwProcID = NULL;
      HANDLE hProcHandle = NULL;
      updateOnNextRun = true;
      std::string stheStatus = "OFF";

      while(!GetAsyncKeyState(VK_INSERT))
      {
      if (clock() - GameAvail > 100)
      {
      GameAvail = clock();
      isGameAvailable = false;

      hGameWindow = FindWindow(NULL, LGameName);
      if(hGameWindow)
      {
      GetWindowThreadProcessId(hGameWindow, &dwProcID);
      if (dwProcID != 0)
      {
      hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
      if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
      {
      GameStatus = "Failed to open process";
      ExeAdress = (DWORD)GetModuleHandleW(L"starbound.exe");
      BaseAdress = dwProcID + 0x1298CC24;
      }
      else
      {
      GameStatus = "Ready to Hack!!";
      isGameAvailable = true;
      ExeAdress = (DWORD)GetModuleHandleW(L"starbound.exe");
      BaseAdress = dwProcID + 0x1298CC24;
      }
      }
      else
      {
      GameStatus = "Failed to get Process ID";
      }
      }
      else
      {
      GameStatus = "Game not found!!!";
      }

      if (updateOnNextRun || clock() - timeSinceLastUpdate > 5000)
      {
      system("cls");
      std::cout << "----------------------------------------------" << std::endl;
      std::cout << " Hacker for: Starbound - Beta " <<std::endl;
      std::cout << "----------------------------------------------" << std::endl << std::endl;
      std::cout << "Game Status: " << GameStatus << std::endl << std::endl;
      std::cout << "F1 - Item at Cursor = 999: " << stheStatus << std::endl;
      std::cout << "INSERT - EXIT!" << std::endl;
      std::cout << "BaseAdress: " << BaseAdress << std::endl;
      std::cout << "Exe: " << ExeAdress << std::endl;
      std::cout << "dwProcID: " << dwProcID << std::endl;
      updateOnNextRun = false;
      timeSinceLastUpdate = clock();
      }

      if (isGameAvailable)
      {
      WriteToMemory(hProcHandle);
      }
      }

      if(clock() - omePressTMR > 400)
      {
      if (isGameAvailable)
      {
      if (GetAsyncKeyState(VK_F1))
      {
      omePressTMR = clock();
      theStatus = !theStatus;
      updateOnNextRun = true;
      if (theStatus)
      {
      stheStatus = "ON";
      }
      else
      {
      stheStatus = "OFF";
      }
      }
      }
      }
      }
      CloseHandle(hProcHandle);
      CloseHandle(hGameWindow);

      return ERROR_SUCCESS;
      }

      DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress)
      {
      DWORD pointer = BaseAdress;
      DWORD pTemp;

      DWORD pointerAdress;

      for (int i = 0; i < Pointerlevel; i++)
      {
      if (i == 0)
      {
      ReadProcessMemory(hProcHandle, (LPCVOID)pointer, &pTemp, sizeof(pTemp), NULL);
      }
      pointerAdress = pTemp + Offsets[i];
      ReadProcessMemory(hProcHandle, (LPCVOID)pointerAdress, &pTemp, sizeof(pTemp), NULL);
      }
      return pointerAdress;
      }

      void WriteToMemory(HANDLE hProcHandle)
      {
      if (theStatus)
      {
      DWORD ChangeMem = FindDmaAddy(4, hProcHandle, Offsets, BaseAdress);
      WriteProcessMemory(hProcHandle,(BYTE*)ChangeMem,&AmmoValue,sizeof(AmmoValue), NULL);
      }
      }


      I have tried both Offsets but None seems to be working. Do i still do something wrong?
      Last edited by Timori; 02-15-2014 at 03:13 AM.

    2. #2
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Timori's Avatar
      Join Date
      Feb 2014
      Posts
      3
      Thanks (-->)
      0
      Thanks (<--)
      0
      Cheats'n'Trainers
      Hey, i just got it working.

      What i did was actually add a function posted by Galhali:
      DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
      {
      DWORD_PTR dwModuleBaseAddress = 0;
      HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
      if (hSnapshot != INVALID_HANDLE_VALUE)
      {
      MODULEENTRY32 ModuleEntry32;
      ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
      if (Module32First(hSnapshot, &ModuleEntry32))
      {
      do
      {
      if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
      {
      dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
      break;
      }
      }
      while (Module32Next(hSnapshot, &ModuleEntry32));
      }
      CloseHandle(hSnapshot);
      }
      return dwModuleBaseAddress;
      }


      With this one i just got it working.

      Here is my final Code: The Trainer changes the Money Value of Starbound to 2313, because of testing purposes:
      All in Main.cpp:
      #include <iostream>
      #include <Windows.h>
      #include <string>
      #include <ctime>
      #include <TlHelp32.h>
      #include <tchar.h>

      //Declaration of Functions
      DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName);
      DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress);
      void WriteToMemory(HANDLE hProcHandle);

      //LGameName has to be the exact Window's Name! String GameName is not needed
      std::string GameName = "Starbound";
      LPCSTR LGameName = "Starbound - Beta";
      std::string GameStatus;

      bool isGameAvailable;
      bool updateOnNextRun;

      //Cash to 2313, Because Hex = 909;
      bool StarboundCashStatus;
      BYTE CashValue[] = {0x9, 0x9, 0x0, 0x0};
      DWORD StaticOffset = {0x1298CC24};
      DWORD BaseAdress;
      DWORD Offsets[] = {0xe8, 0xd8, 0x84, 0x10};

      int main()
      {
      HWND hGameWindow = NULL;
      int timeSinceLastUpdate = clock();
      int GameAvail = clock();
      int onePressTMR = clock();
      DWORD dwProcID = NULL;
      HANDLE hProcHandle = NULL;
      updateOnNextRun = true;
      std::string sStarboundCashStatus = "OFF";

      //Checks for Key Insertion every 100 MS
      while(!GetAsyncKeyState(VK_INSERT))
      {
      if (clock() - GameAvail > 100)
      {
      GameAvail = clock();
      isGameAvailable = false;

      hGameWindow = FindWindow(NULL, LGameName);
      if(hGameWindow)
      {
      GetWindowThreadProcessId(hGameWindow, &dwProcID);
      if (dwProcID != 0)
      {
      BaseAdress = dwGetModuleBaseAddress( dwProcID, _T("starbound.exe") );
      hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
      if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
      {
      GameStatus = "Failed to open process";
      }
      else
      {
      GameStatus = "Ready to Hack!!";
      isGameAvailable = true;
      }
      }
      else
      {
      GameStatus = "Failed to get Process ID";
      }
      }
      else
      {
      GameStatus = "Game not found!!!";
      }

      // Console Window gets updated every 5000 MS = 5 seconds.
      if (updateOnNextRun || clock() - timeSinceLastUpdate > 5000)
      {
      system("cls");
      std::cout << "----------------------------------------------" << std::endl;
      std::cout << " Hacker for: Starbound - Beta " <<std::endl;
      std::cout << "----------------------------------------------" << std::endl << std::endl;
      std::cout << "Game Status: " << GameStatus << std::endl << std::endl;
      std::cout << "F1 - Set Money to 2313: " << sStarboundCashStatus << std::endl;
      std::cout << "INSERT - EXIT!" << std::endl;
      std::cout << "BaseAdress: " << BaseAdress << std::endl; //Debug-Info only, can be removed
      std::cout << "dwProcID: " << dwProcID << std::endl; //Debug-Info only, can be removed
      updateOnNextRun = false;
      timeSinceLastUpdate = clock();
      }

      if (isGameAvailable)
      {
      WriteToMemory(hProcHandle);
      }
      }

      // Every 400 MS, you can Press a Key, which actually activates the Hack. Otherwise it would turn on and off rapidly
      if(clock() - onePressTMR > 400)
      {
      if (isGameAvailable)
      {
      if (GetAsyncKeyState(VK_F1))
      {
      onePressTMR = clock();
      StarboundCashStatus = !StarboundCashStatus;
      updateOnNextRun = true;
      if (StarboundCashStatus)
      {
      sStarboundCashStatus = "ON";
      }
      else
      {
      sStarboundCashStatus = "OFF";
      }
      }
      }
      }
      }
      CloseHandle(hProcHandle);
      CloseHandle(hGameWindow);

      return ERROR_SUCCESS;
      }


      DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
      {
      DWORD_PTR dwModuleBaseAddress = 0;
      HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
      if (hSnapshot != INVALID_HANDLE_VALUE)
      {
      MODULEENTRY32 ModuleEntry32;
      ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
      if (Module32First(hSnapshot, &ModuleEntry32))
      {
      do
      {
      if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
      {
      dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
      break;
      }
      }
      while (Module32Next(hSnapshot, &ModuleEntry32));
      }
      CloseHandle(hSnapshot);
      }
      return dwModuleBaseAddress;
      }

      //Note, the Pointerlevel is hardcoded to 4, so if you have a higher Pointerlevel, change the c < 4 to c < Pointerlevel
      DWORD FindDmaAddy(HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress)
      {
      DWORD pointer = BaseAdress;
      DWORD pTemp = 0;
      DWORD pointerAddr;

      for( int c = 0; c < 4; c++ ) // 4 is number of offsets
      {
      if( c == 0 )
      {
      if( !ReadProcessMemory( hProcHandle, (LPCVOID)(pointer+StaticOffset ), &pTemp, sizeof(DWORD), NULL ) )//adding Static offset to baseaddress and read proccess memory than put all to pTemp
      std::cout << "ERROR IN ADDING BASE ADDRESS TO STATIC OFFSET" << std::endl;
      }
      pointerAddr = pTemp + Offsets[c];
      if( !ReadProcessMemory( hProcHandle, (LPCVOID)pointerAddr, &pTemp, sizeof(DWORD), NULL ) ) // here we simply adding more offsets in loop
      std::cout << "ERROR" << std::endl;
      }

      return pointerAddr;

      }

      void WriteToMemory(HANDLE hProcHandle)
      {
      if (StarboundCashStatus)
      {
      DWORD ChangeMem = FindDmaAddy(hProcHandle, Offsets, BaseAdress);
      WriteProcessMemory(hProcHandle,(BYTE*)ChangeMem,&CashValue,sizeof(CashValue), NULL);
      }
      }


      To have a non hardcoded Pointerlevel in the FindDmaAddy function, add this to the for:
      for( int c = 0; c < sizeof(Offsets); c++ )
      Last edited by Timori; 02-15-2014 at 05:19 AM. Reason: Updated Code with some Comments. + Added the dynamic Pointerlevel

    Similar Game Hacker Threads

    1. [Help] Getting String Data from a Window
      By zero462usa in forum Hacking Help
      Replies: 2
      Last Post: 03-14-2016, 03:59 PM
    2. [Help] C# Streamwrite - Huge String
      By GAFO666 in forum C#
      Replies: 2
      Last Post: 02-15-2016, 02:45 PM
    3. [Help] Insert String Into Vector?
      By TheGreatUnknown in forum Hacking Help
      Replies: 7
      Last Post: 11-11-2014, 06:47 PM
    4. char* or std::string in my hacks
      By steve612 in forum Hacking Help
      Replies: 6
      Last Post: 09-08-2014, 11:59 AM
    5. [C#] Convert String to MD5 Hash
      By NubTIK in forum C#
      Replies: 1
      Last Post: 12-17-2012, 07:54 AM

    Tags for this Thread