• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 1 of 2 12 LastLast
    Results 1 to 10 of 14
    1. #1
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      real_fff's Avatar
      Join Date
      Aug 2017
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0

      ReadProcessMemory not returning to var

      How to Call Game Functions
      I'm trying to read an address to another var (eventually to work with multi threaded pointers), but ReadProcessMemory will not output anything.
      https://pastebin.com/LxJytyRX
      This is an external hack.
      Thanks,
      Real


      EDIT: New Paste(added module base function and readded checks and comments): https://pastebin.com/STe6nCVT

      I'd really like to solve the problems one problem at a time. I guess if you see later issues go ahead and point them out, but I am aware of the method to add offsets (I could be wrong), but I can't implement that until I have the first couple steps working. (getting module base address and getting it to read to another buffer dword)
      I am building the application in Visual Studio 2017 Community Debug, and it compiles correctly.
      I am running it with admin rights.
      Possible immediate errors:
      -calling of dwGetModuleBase function or code itself
      -calling of ReadProcessMemory function (specifically the type LPCVOID*/etc)
      Last edited by real_fff; 08-12-2017 at 03:00 PM.

    2. #2
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Paga's Avatar
      Join Date
      Jul 2017
      Posts
      11
      Thanks (-->)
      3
      Thanks (<--)
      0
      Are you sure your address is static? And if it's not and that's what the offsets are for then why aren't you using them?

      For a basic ReadProcessMemory what you did was alright, the problem isn't there most likely. You should add some checks to everything firstly though, like for RPM:
      	if (!ReadProcessMemory(pHandle, reinterpret_cast<void*>(localHealthBase), &localHealth, sizeof(localHealth), nullptr))
      {
      std::cout << "There was an error while trying to read the value of the address " << std::hex << localHealthBase;
      getchar();
      return false;
      }


      And if you're staying external, you may need to get debug privileges for your console program in order to open a handle:
      bool SeDebugPrivilege(bool IsOn) {
      unsigned int zCheck = NULL;
      HANDLE hToken;
      if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
      return false;

      TOKEN_PRIVILEGES tPriv;
      tPriv.PrivilegeCount = { 1 };
      if (tPriv.Privileges[0].Attributes == IsOn)
      SE_PRIVILEGE_ENABLED;
      else
      return false;

      if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &tPriv.Privileges[0].Luid)) {
      CloseHandle(hToken);
      return false;
      }
      if (!AdjustTokenPrivileges(hToken, FALSE, &tPriv, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr)) {
      CloseHandle(hToken);
      return false;
      }
      CloseHandle(hToken);
      return true;
      }


      And if you want to add the offsets to the address you could use a GetDMAAddy function from this forum. You place your offsets in a reversed order at the end of the function, after the numOffsets var. Credits to R A K E *for the bad code, this nibba use "..." lmfao

      uintptr_t EvaluatePointerVA(HANDLE hProcHandle, uintptr_t pointer, size_t numOffsets, ...)
      {
      va_list args;
      va_start(args, numOffsets);
      if (!ReadProcessMemory(hProcHandle, (LPCVOID)pointer, &pointer, sizeof(pointer), NULL))
      return false;
      for (size_t i = 0; i < numOffsets; i++)
      {
      uintptr_t offset = va_arg(args, uintptr_t);
      if (!ReadProcessMemory(hProcHandle, (LPVOID)(pointer + offset), &pointer, sizeof(pointer), nullptr))
      return false;
      }
      va_end(args);
      return pointer;
      }


      	UINT_PTR localHealthADDY = EvaluatePointerVA(pHandle, localHealthBase, 5, 0x2B0, 0x6A0, 0x500, 0x10, 0x24);



      Hope this mess helped, it took like 1 hour to write with a 50 minute break in-between

    3. #3
      Global Moderator
      Beware the dragonborn
       
      Coding
       
      Teuvin's Avatar
      Join Date
      Dec 2016
      Location
      Brazil
      Posts
      182
      Thanks (-->)
      41
      Thanks (<--)
      67
      Are youn sure LocalHealth(0x1295540) is a addy and not an offset?
      Because you would need to sum it with the .exe base
      Last edited by Teuvin; 08-11-2017 at 08:37 AM.
      ReadProcessMemory not returning to var

    4. #4
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      3,677
      Thanks (-->)
      893
      Thanks (<--)
      1094
      Your address is a dynamic address, it will change everytime. You must use a pointer.

    5. #5
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      real_fff's Avatar
      Join Date
      Aug 2017
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      Quote Originally Posted by Paga View Post
      Are you sure your address is static? And if it's not and that's what the offsets are for then why aren't you using them?

      For a basic ReadProcessMemory what you did was alright, the problem isn't there most likely. You should add some checks to everything firstly though, like for RPM:
      -snip-

      And if you're staying external, you may need to get debug privileges for your console program in order to open a handle:
      -snip-

      And if you want to add the offsets to the address you could use a GetDMAAddy function from this forum. You place your offsets in a reversed order at the end of the function, after the numOffsets var. Credits to R A K E *for the bad code, this nibba use "..." lmfao

      -snip-

      Hope this mess helped, it took like 1 hour to write with a 50 minute break in-between
      The address is the base address before adding offsets, but I have not exited the process through this progress. I have 5 offsets to add, but I need to be able to read something to add the offsets. To my knowledge, whether the address is dynamic or not shouldn't have anything to do with whether or not I can read it at all. I have been using checks, but I have been messing with them and switched out in this version, sorry.

      As far as debug, I'll consider doing that, but I have been running it as administrator to no avail.

      Also, I have considered using the function, but it wouldn't work either if I can't read the address.
      Quote Originally Posted by Teuvin View Post
      Are youn sure LocalHealth(0x1295540) is a addy and not an offset?
      Because you would need to sum it with the .exe base
      I do need to sum it with the .exe, the function doesn't sum it by default?

      Quote Originally Posted by [GH]Rake View Post
      Your address is a dynamic address, it will change everytime. You must use a pointer.
      (from above) The address is the base address before adding offsets, but I have not exited the process through this progress. I have 5 offsets to add, but I need to be able to read something to add the offsets. To my knowledge, whether the address is dynamic or not shouldn't have anything to do with whether or not I can read it at all.


      EDIT: Also thank you guys for the help. I'm somewhat new, and I appreciate it.
      Last edited by real_fff; 08-12-2017 at 02:53 PM.

    6. #6
      Global Moderator
      Certified Asshole
       
      CodenzHub
       
      Traxin's Avatar
      Join Date
      Aug 2015
      Posts
      679
      Thanks (-->)
      139
      Thanks (<--)
      209
      Also have you tried calling GetLastError after the call to RPM and if so then what's the error?
      I don't see anything wrong with the call to RPM though, looks like it should succeed.

      What I believe is going on here is that 0x01295540 is an offset from the base address of the .exe and the call to RPM is succeeding, and returning the correct value.
      It's just reading from a location you didn't intend, and returning a value you didn't expect :P
      Use this tutorial to learn how to get the base of a module so that you can add it to your offsets

      Good luck homie!

    7. #7
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      real_fff's Avatar
      Join Date
      Aug 2017
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      I did use GetLastError(), but it didn't return anything.
      Quote Originally Posted by Traxin View Post
      Also have you tried calling GetLastError after the call to RPM and if so then what's the error?
      I don't see anything wrong with the call to RPM though, looks like it should succeed.

      What I believe is going on here is that 0x01295540 is an offset from the base address of the .exe and the call to RPM is succeeding, and returning the correct value.
      It's just reading from a location you didn't intend, and returning a value you didn't expect :P
      Use this tutorial to learn how to get the base of a module so that you can add it to your offsets

      Good luck homie!
      I did use GetLastError(), but it didn't return anything.
      I think you're right, but there's still something else.
      I quickly skidded the function from the tutorial, but it isn't returning a module address.

      New Paste: https://pastebin.com/STe6nCVT

      EDIT: Thanks for the suggestion.
      Last edited by real_fff; 08-12-2017 at 02:54 PM.

    8. #8
      Global Moderator
      Beware the dragonborn
       
      Coding
       
      Teuvin's Avatar
      Join Date
      Dec 2016
      Location
      Brazil
      Posts
      182
      Thanks (-->)
      41
      Thanks (<--)
      67
      Quote Originally Posted by real_fff View Post
      I did use GetLastError(), but it didn't return anything.

      I did use GetLastError(), but it didn't return anything.
      I think you're right, but there's still something else.
      I quickly skidded the function from the tutorial, but it isn't returning a module address.

      New Paste: https://pastebin.com/STe6nCVT
      So whats happens here is you are getting the addy of the .exe then you need to SUM it with the health addy;
      Instead of

      ReadProcessMemory(pHandle,(LPCVOID*)moduleBase,&localHealth,sizeof(localHealth),NULL);


      You should be doing

      ReadProcessMemory(pHandle,(LPVOID)moduleBase+localHealthBase ,&localHealth,sizeof(localHealth),NULL);


      About the module error, try executing your program as admin, if you don't have admin rights you can't open a handle most of the times.
      ReadProcessMemory not returning to var

    9. #9
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      real_fff's Avatar
      Join Date
      Aug 2017
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      0
      Quote Originally Posted by Teuvin View Post
      So whats happens here is you are getting the addy of the .exe then you need to SUM it with the health addy;
      Instead of
      -snip-

      About the module error, try executing your program as admin, if you don't have admin rights you can't open a handle most of the times.
      I can't sum the module base with anything if the module base does not return anything. I want to solve one issue at a time to avoid unnecessary work. I could go ahead and uncomment all of the offset code and add that, but the program still won't work because the dwGetModuleBase func isn't working and possibly neither is the RPM func. I have been running the program as an admin.
      Thanks for the suggestion though.
      Last edited by real_fff; 08-12-2017 at 02:54 PM.

    10. #10
      Global Moderator
      Beware the dragonborn
       
      Coding
       
      Teuvin's Avatar
      Join Date
      Dec 2016
      Location
      Brazil
      Posts
      182
      Thanks (-->)
      41
      Thanks (<--)
      67
      Advertise on GuidedHacking
      We are all supposing that the game doesn't have any anti-hacking measures.
      But you do know that 7 Days to Die uses EAC right? Are you even bypassing it?
      If not, that's the problem, it's for sure stripping your handle.
      ReadProcessMemory not returning to var

    11. Thanks [GH]Rake, Traxin thanked for this post
    Page 1 of 2 12 LastLast

    Similar Game Hacker Threads

    1. [Help] ReadProcessMemory please
      By brunob2 in forum Hacking Help
      Replies: 1
      Last Post: 09-25-2016, 07:27 PM
    2. [Help] RPM 64 Bit - Trouble Returning Value
      By dexmox in forum C/C++
      Replies: 3
      Last Post: 07-10-2016, 02:29 AM
    3. ReadProcessMemory - 2nd try.
      By jeneves in forum C/C++
      Replies: 16
      Last Post: 09-19-2015, 09:46 PM
    4. ReadProcessMemory
      By jeneves in forum C/C++
      Replies: 17
      Last Post: 08-28-2015, 09:24 PM
    5. ReadProcessMemory Help!
      By Coco Pommel in forum Hacking Help
      Replies: 3
      Last Post: 04-19-2014, 08:42 PM