Solved Base Address and Multi Level Pointer (TrackMania)

[FlexXx1212]

Hello,
i completed my Trackmania Carjump hack in C++ but the problem is that i get in cheatengine the address like this : "TmForever.exe" + 00976A7C
and those are the offsets 0x188,0x58,0x328,0xee i need to use for this address.
First Question... how do i get the base address ( idk if its called like that) i mean the "TmForever.exe" thing so i can add the 976A7C to it....
(Found something like this: GetModuleBase("TmForever.exe",dwProcessID); ) But i dont know how to use it.... need a header file or something
Second : how do i handle a multilevel pointer ?
i mean i cant just ReadProcessMemory(hGameHandle, (PBYTE*)(address + offs1 + offs2 ......), &Ycoordiate, sizeof(int), NULL)
i tried several different methods but i just cant get it to work...
pls help me

 

[Rake]

https://guidedhacking.com/threads/how-to-hack-any-game-tutorial-c-external-trainer-part-2.10897/

https://guidedhacking.com/finddma

https://guidedhacking.com/getmodulebase

 

[Galhali]

Hello , I do not know if I understood you correctly but here is few line of code which could help you:

First u need declared:

DWORD baseAddress = dwGetModuleBaseAddress( dwProcID, _T("TmForever.exe") );
DWORD staticOffset = { 0x976A7C }; 
DWORD TmaniaOffset[] = { 0x188, 0x58, 0x328, 0xEE };
DWORD AddressToWrite = FindDmaAddy(4, hProcHandle, TmaniaOffset, baseAddress );

and here is a function:

DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
    DWORD_PTR dwModuleBaseAddress = 0;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 ModuleEntry32;
        ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
        if (Module32First(hSnapshot, &ModuleEntry32))
        {
            do
            {
                if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
                {
                    dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
                    break;
                }
            }
            while (Module32Next(hSnapshot, &ModuleEntry32));
        }
        CloseHandle(hSnapshot);
    }
    return dwModuleBaseAddress;
}

now we have two option add pointers manual or use function to do it i will wrtie function here:

DWORD FindDmaAddy(int PointerLevel, HANDLE hProcHandle, DWORD Offests[], DWORD BaseAddress)
{
    DWORD pointer = BaseAddress;
    DWORD pTemp;

    DWORD pointerAddr;
    for(int i=0; i< PointerLevel; i++)
    {
        if(i = 0)
        {
            ReadProcessMemory(hProcHandle,(LPCVOID)pointer, &pTemp, sizeof(pTemp), NULL);
        }

        pointerAddr = pTemp + Offests[i];
        ReadProcessMemory(hProcHandle, (LPCVOID)pointerAddr, &pTemp, sizeof(pTemp), NULL);
    }
    return pointerAddr;
}

I din't check it work at Tracmania becouse i dont have it but it should work, if i make some mistake im sorry im beginer to.
I hope i help a bit cheers.

Galhali

 

[FlexXx1212]

well first of all thank you very much for your help ) ... but i have 2 problems now...
1st: How should i use the staticOffset ? you never used it in the code you posted above
2nd: I dont know if this is because im using code::blocks instead of visual studio but im getting trouble with some stuff like "_tcscmp" and the "_T" infront of the TmForever.exe i already solved some problems by #include "tlhelp32.h" so i dont get errors on : TH32CS_SNAPMODULE for example

i will get visual studio anyways but not today and i dont even know its the problem of using the wrong software

 

[NTvalk]

well first of all thank you very much for your help ) ... but i have 2 problems now...
1st: How should i use the staticOffset ? you never used it in the code you posted above
2nd: I dont know if this is because im using code::blocks instead of visual studio but im getting trouble with some stuff like "_tcscmp" and the "_T" infront of the TmForever.exe i already solved some problems by #include "tlhelp32.h" so i dont get errors on : TH32CS_SNAPMODULE for example

i will get visual studio anyways but not today and i dont even know its the problem of using the wrong software

hmm all the _T/_t stuff is created by Microsoft, so i suggest trying visual studio yes. (have you #included "windows.h"?)

 

[FlexXx1212]

okey then i will try tomorrow with visual studio.
yes i included windows.h
but i think there is an error in the FindDmaAddy function... because i used the current baseAdress (typed it by hand, not with getmodulebase because this doesnt work) and the pTemp is always 0000001 and not a pointer.... i already fixed the i == 0 instead of i = 0 mistake that he has done so its definately not that problem

Should i post the complete code or do you know what my problems are just by telling you ?

 

[galaxykiller]

okey then i will try tomorrow with visual studio.
yes i included windows.h
but i think there is an error in the FindDmaAddy function... because i used the current baseAdress (typed it by hand, not with getmodulebase because this doesnt work) and the pTemp is always 0000001 and not a pointer.... i already fixed the i == 0 instead of i = 0 mistake that he has done so its definately not that problem

Should i post the complete code or do you know what my problems are just by telling you ?

Posting the entire code/solution would be a great start.

 

[FlexXx1212]

https://pastebin.com/xcJj6XLb

and i never really understood the difference between LPCVOID PBYTE or whatever you write infront of the pointer or address this may also give me some errors

 

[NTvalk]

https://pastebin.com/xcJj6XLb

and i never really understood the difference between LPCVOID PBYTE or whatever you write infront of the pointer or address this may also give me some errors

look on msdn for the data types, i think it is Long Pointer Constant Void and PBYTE is Pointer unisnged char, but im not sure (this is out of my head).

 

[FlexXx1212]

okey hopefully someone can help me with my hack.... its not that i want to hack in this game i want to understand how to use multilevel pointers and baseaddresses in general and that is the best example...would be awesome if someone could fix the code and tell me what was the problem i will test it with visual studio tomorrow.. maybe something works better there but im pretty sure there is still something wrong

 

[Galhali]

Hello again, and sry about that i have made it in fly from two difrent codes.

Heare are few headers i have used:

#include <iostream>
#include <Windows.h>
#include <string>
#include <ctime>
#include <TlHelp32.h>
#include <tchar.h>

And i think the soulution of that problem will be just put static offset at the first place in normal offsets cuz it need to be add at the first place:
in step by step it should looks like this:

pTemp = staticOffset + baseAddress 
// ReadProcessMemory
pointerAddr  = pTemp + TmaniaOffset [0] 
// ReadProcessMemory from pointAddr and put it in pTemp 
pointerAddr  = pTemp + TmaniaOffset [1]
// ReadProcessMemory from pointAddr and put it in pTemp 
pointerAddr  = pTemp + TmaniaOffset [2] 
// ReadProcessMemory from pointAddr and put it in pTemp 
pointerAddr  = pTemp + TmaniaOffset [3]

DWORD TmaniaOffset[] = { 0x976A7C , 0x188, 0x58, 0x328, 0xEE }; // Static offset at the first place im not sure it will work at 100 %

or you can simply do it using loop:

DWORD pointer = baseAddress;
DWORD pTemp = 0;
DWORD pointerAddr;

 for( int c = 0; c < 4; c++ ) // 4 is number of offsets
        {
            if( c == 0 ) 
            {
                if( !ReadProcessMemory( hProcHandle, (LPCVOID)(pointer+staticOffset ), &pTemp, sizeof(DWORD), NULL ) )//adding Static offset to baseaddress and read proccess memory than put all to pTemp 
                    cout << "ERROR IN ADDING BASE ADDRESS TO STATIC OFFSET" << endl;
            }
            pointerAddr = pTemp + TmaniaOffset[c];  
            if( !ReadProcessMemory( hProcHandle, (LPCVOID)pointerAddr, &pTemp, sizeof(DWORD), NULL ) ) // here we simply adding more offsets in loop 
                cout << "ERROR" << endl;
        }

Try it and tell us if its work. Again sorry for that mistake as i said before im beginner to.

Galhali

 

[c5]

Open process, walk the modules, find "tmforever.exe", get its base address. From there on just dereference the pointers..

UINT address = base + 0x976A7C;
RPM(address, &address);
address += offset1;
RPM(address, &address)
addres += offset2;
RPM(address, &address);
...

 

[Unknown Archetype]

All these answers will help me very much

 

[FlexXx1212]

Thank you very much guys !!!!! Specially Galhali ! i got it to work i will refine it a little bit and add a hotkey function and post it in the forum and here i will give you credits galhali