Source Code Broihon's Memory Stuff

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Hello GH,

here are just some neat headers/libs I created over the time which are making my life and maybe yours a lot easier.

MemoryInt - for internal memory editing
MemoryExt - for external memory editing
Scan - for scanning and patterns (internal and external)
Detour - for trampoline hooks

Everything should is x86 and x64 compatible.

Functions:
  • GetDMA - reads the dynamic address from a pointer (unsafe, only basic checks, fast)
  • GetDMA_s - reads the dynamic address from a pointer (safe, many checks, slow)
  • IsValidWritePtr - verifies if a pointer is writeable
  • IsValidReadPtr - verifies if a pointer is readable
  • CreateThreadAtAddress - creates a thread with a specific start address (eg. in a game's module, can lower the detection rate)
  • CreateFunctionTrp - creates a trampoline to a function (eg. in a game's module) in case an anti cheat hooks the original function and checks the return address
  • Read - reads any datatype from the address or pointer (unsafe, only basic checks, fast)
  • Read_s - reads any datatype from the address or pointer (safe, many checks, slow)
  • Write - writes any datatype to the address or pointer (unsafe, only basic checks, fast)
  • Write_s - writes any datatype to the address or pointer (safe, many checks, slow)
MemoryInt.h MemoryInt.cpp

Functions:
  • GetDMA - reads the dynamic address from a pointer
  • SetDebugPrivilege - enables/disable SeDebugPrivilege (you should basically always enable it)
  • IsValidHandle - verifies if a handle is valid
  • GetProcessByNameA/W - gets the handle to a process by the .exe name
  • GetModuleBaseA - gets the module base of a module like client.dll
  • NopCode - nops code
  • GetThreadStartAddress - retrieves the start address of a thread
  • ReadMemory - reads any datatype (or an array) from the address - depending on which function you use the value is either returned or passed by reference
  • ReadDMA - same as ReadMemory but for pointers
  • WriteMemory - writes any datatype (or an array) to the address
  • WriteDMA - same as WriteMemory but for pointers
MemoryExt.h MemoryExt.cpp

Functions:
  • PatternScan - internal pattern scan
    pStart = starting point of the address
    RegionSize = size of the region to scan in bytes
    szPattern = pattern in c-style ("\xAB\xCD\xEF") or a BYTE array
    szMask = zero-terminated string ("xx?x")
    Len = length of the pattern/mask. should be equal to strlen(szMask)
  • PatternScanEx - external pattern scan
    hProc = handle to the target process with atleas PROCESS_QUERY_INFORMATION an PROCESS_QUERY_READ
    arguments same as above
  • ScanMemory - internal memory scan for any datatype (like cheat engine scan but internally)
    pData = data to scan / starting point of the scan
    RegionSize = size of the region to scan in bytes
    Val = value to find (can be a float/dword/byte/...)
    pOut = an array of pointers to store the results in
    MaxCount = max amount of address to be stored in the array
    Alignment = alignment of the data (normally set to the size of the datatype)
  • ScanMemoryEx - external memory scan for any dataype (like cheat engine)
    hProc = handle to the target process with atleas PROCESS_QUERY_INFORMATION an PROCESS_QUERY_READ
    arguments same as above
Scan.h Scan.cpp

Functions:
  • CreateDetour - creates a new trampoline hook
  • Activate - activates the hook (does nothing if the hook was already active)
  • Deactivate - deactivates the hook (does nothing if the hook was already disabled)
  • Remove - completely removes the hook, reactivating won't work
Detour.h Detour.cpp

I hope it's useful at least for learning purposes. Sadly pastebin screws up a lot of the formatting (especially the assembler comments).
If you encouter bugs or worse tell me. I didn't touch some of this code for months now.
No credits to anyone except to my google skills :^)

Todo: I'm planning on adding more code to this. Also I want to post some examples for the more advanced functions since there are almost no comments in the source code.

Edit1: I just realized that MemoryExt includes "NT Func.h". That is because I'm using NtQueryInformationThread for the GetThreadStartAddress function. If you don't need that just remove the include and uncomment the line or remove the function.
If you want to use it though use these definitions:
C++:
enum _THREADINFOCLASS
{
    ThreadQuerySetWin32StartAddress = 9
};
typedef _THREADINFOCLASS THREADINFOCLASS;
typedef NTSTATUS(__stdcall * f_NtQueryInformationThread) (HANDLE hThread, THREADINFOCLASS TIC, void * pBuffer, ULONG BufferSize, ULONG * SizeOut);
And then import the function from the ntdll using GetProcAddress.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
hot stuff! Always interesting to see your methods
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Rake;46817 said:
hot stuff! Always interesting to see your methods
Nothing new or revolutionary here today. But I'm planning on a more interesting thread the next days :^)
 

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
I would have liked if you made this into a class :) so i could do Bro:: and get all the options at the top of my fingers ;)
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
I would have liked if you made this into a class :) so i could do Bro:: and get all the options at the top of my fingers ;)
Wrap a namespace around it ;) I actually thought about using a namespace for all that stuff but then I thought that it's retarded to write BlaBla:: for any Read/Write call.
That's why only the Detour has a class wrapper.
 

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
Вroihon;46820 said:
Wrap a namespace around it ;) I actually thought about using a namespace for all that stuff but then I thought that it's retarded to write BlaBla:: for any Read/Write call.
That's why only the Detour has a class wrapper.
HAHHA im to fresh in the c++ codenz to know that you could use namespace like that. can you show an example how to do it? Edit: i figured it out ;)
 
Last edited:

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
C++:
#include <iostream>

namespace Traxo
{
	void PrintBlah()
	{
		std::cout << "Whatever" << std::endl;
	}
}

int main()
{
	Traxo::PrintBlah();
	return 0;
}
 

Oneshot

Meme Tier VIP
Apr 4, 2015
232
190
13
C++:
#include <iostream>

namespace Traxo
{
	void PrintBlah()
	{
		std::cout << "Whatever" << std::endl;
	}
}

int main()
{
	Traxo::PrintBlah();
	return 0;
}
i could just do like this

C++:
namespace Bro {
#include "Scan.h"
};

Bro::PatternScanEX();
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
And you learn something new every day! lol I didn't know you could do it like that Oneshot xD

But man, always nice to see how the pros do it. I see a couple nuggets I might have to implement into my framework already :)
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
Вroihon;46869 said:
That's way too fancy for my shitcode
Pft, nonsense. Besides fuck that pastebin bull shit... shit was annoying pulling all the files >.>
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
For ScanMemory, waht is pData and alignment
pData = pointer to the address you want to start scanning
alignment? that is not even in this source code
 

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
Rake;50983 said:
pData = pointer to the address you want to start scanning
alignment? that is not even in this source code

:facepalm:
lol

For ScanMemory, waht is pData and alignment
And Alignment is basically the amount of bytes you want to read per iteration. You can use the sizeof function to return the size of whatever type you're scanning for.
As long as you feed it normal pointer types and not a pointer to a object that doesn't have an overload for the == operator, otherwise you'd also have to make that :)
 

steb

Jr.Coder
Full Member
Nobleman
Aug 16, 2016
63
383
1
Rake;50996 said:
what file is that in? Seriously just checked again and can't find it :kilo:
C++:
#pragma once

#include <Windows.h>

char * PatternScan(char * pStart, UINT_PTR RegionSize, const char * szPattern, const char * szMask, int Len);
char * PatternScanEx(HANDLE hProc, char * pStart, UINT_PTR RegionSize, const char * szPattern, const char * szMask);

template <class T>
UINT_PTR ScanMemory(BYTE * pData, UINT_PTR RegionSize, T Val, T ** pOut, int MaxCount, BYTE Alignment, BYTE * OriginalBase = nullptr)
{
    int Count = 0;
    for (ULONG i = 0; i < (RegionSize - sizeof(T)); i += Alignment, pData += Alignment)
        if (*reinterpret_cast<T*>(pData) == Val)
        {
            if(MaxCount > 0 && Count < MaxCount)
                if (OriginalBase)
                    pOut[Count] = reinterpret_cast<T*>(OriginalBase + i);
                else
                    pOut[Count] = reinterpret_cast<T*>(pData);
            Count++;
        }
    return Count;
}

template <class T>
UINT_PTR ScanMemoryEx(HANDLE hProc, BYTE * pStart, UINT_PTR RegionSize, T Val, T ** pOut, int MaxCount, BYTE Alignment)
{
    int    Count        = 0;
    DWORD Buffer    = 0;
    if (!GetHandleInformation(hProc, &Buffer) || !Alignment || !RegionSize || !pOut || MaxCount < 0)
        return 0;
    
    BYTE * pCurrent        = pStart;
    SIZE_T OldPageSize    = 0;
    BYTE * Data            = nullptr;


    while (pCurrent <= pStart + RegionSize - Alignment)
    {
        MEMORY_BASIC_INFORMATION MBI{ 0 };
        if (!VirtualQueryEx(hProc, pCurrent, &MBI, sizeof(MEMORY_BASIC_INFORMATION)))
            break;
        
        if (MBI.State == MEM_COMMIT && !(MBI.Protect & PAGE_NOACCESS || MBI.Protect & PAGE_GUARD))
        {
            if (pCurrent + MBI.RegionSize > pStart + RegionSize)
                MBI.RegionSize = pStart + RegionSize - pCurrent;

            if (OldPageSize < MBI.RegionSize)
            {

                OldPageSize = MBI.RegionSize;
                Data = new BYTE[MBI.RegionSize];
                if (!Data)
                    break;
            }

            if (ReadProcessMemory(hProc, pCurrent, Data, MBI.RegionSize, nullptr))
                Count += ScanMemory<T>(Data, MBI.RegionSize, Val, &pOut[Count], MaxCount - Count, Alignment, pCurrent);
        }
        pCurrent += MBI.RegionSize;
    }
            
    if (Data)
        delete[] Data;
            
    return Count;
}
 
Last edited by a moderator:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods