Solved Finding Baseadress when there is a String in it?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Timori

Newbie
Feb 14, 2014
3
102
0
Hello, im new to the Forum and new to Trainer programming.

I have seen all the parts of the "How to make a Trainer / DLL Injector" tutorial but i just dot get 1 Thing.

My Baseadress is:
"starbound.exe"+063A5F84 (It is one base adress of many for the Pixel (Cash))
So how would i get the correct BaseAddress?

I have changed some code and added following lines:
C++:
GetWindowThreadProcessId(hGameWindow, &dwProcID);
				if (dwProcID != 0)
				{
					hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
					if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
					{
						GameStatus = "Failed to open process";
						/*LINE ADDED ->*/ ExeAdress = (DWORD)GetModuleHandleA("starbound.exe");
						/*LINE ADDED ->*/ BaseAdress = ExeAdress + 0x063A5F84;
					}
					else
					{
						GameStatus = "Ready to Hack!!";
						isGameAvailable = true;
						/*LINE ADDED ->*/ ExeAdress = (DWORD)GetModuleHandleA("starbound.exe");
						/*LINE ADDED ->*/ BaseAdress = ExeAdress + 0x063A5F84;
					}
My Problem is, that the Console, no matter if starbound is running or not, tells me the ExeAdress Variable is always = 0..
But when i do open it in Cheat Engine, the Adress of Starbound is clearly not 0.. What am i doing wrong?

EDIT: I have put the 2 lines in each in if and else because i dont want to open as admin all the time to see it working.

EDIT2: I did now Change the BaseAdress = dwProcID + 0x063A5F84.
The value that this is giving seems to be the correct one, as when i calculate the ID + 0x063A5F84 in the Microsoft Calculator, i get the same Decimal Value as shown in my Console for BaseAdress.

But my Problem remains. The Trainer isn't changing anything in the Game. I already checked the Pointer if it is really the correct one, but it is this one.
So i post my full source:

C++:
#include <iostream>
#include <Windows.h>
#include <string>
#include <ctime>

DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress);
void WriteToMemory(HANDLE hProcHandle);

std::string GameName = "Starbound";
LPCSTR LGameName = "Starbound - Beta";
std::string GameStatus;

bool isGameAvailable;
bool updateOnNextRun;

//Cash set to 909 Hex = 2313 Dec
bool theStatus;
BYTE AmmoValue[] = {0x9, 0x9, 0x0, 0x0};
DWORD ExeAdress;
DWORD BaseAdress;
DWORD Offsets[] = {0xe8, 0xd8, 0x84, 0x10};
//0x10, 0x84, 0xd8, 0xe8
//0xe8, 0xd8, 0x84, 0x10

int main()
{
	HWND hGameWindow = NULL;
	int timeSinceLastUpdate = clock();
	int GameAvail = clock();
	int omePressTMR = clock();
	DWORD dwProcID = NULL;
	HANDLE hProcHandle = NULL;
	updateOnNextRun = true;
	std::string stheStatus = "OFF";

	while(!GetAsyncKeyState(VK_INSERT))
	{
		if (clock() - GameAvail > 100)
		{
			GameAvail = clock();
			isGameAvailable = false;

			hGameWindow = FindWindow(NULL, LGameName);
			if(hGameWindow)
			{
				GetWindowThreadProcessId(hGameWindow, &dwProcID);
				if (dwProcID != 0)
				{
					hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
					if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
					{
						GameStatus = "Failed to open process";
						ExeAdress = (DWORD)GetModuleHandleW(L"starbound.exe");
						BaseAdress = dwProcID + 0x1298CC24;
					}
					else
					{
						GameStatus = "Ready to Hack!!";
						isGameAvailable = true;
						ExeAdress = (DWORD)GetModuleHandleW(L"starbound.exe");
						BaseAdress = dwProcID + 0x1298CC24;
					}
				}
				else
				{
					GameStatus = "Failed to get Process ID";
				}
			}
			else
			{
				GameStatus = "Game not found!!!";
			}

			if (updateOnNextRun || clock() - timeSinceLastUpdate > 5000)
			{
				system("cls");
				std::cout << "----------------------------------------------" << std::endl;
				std::cout << "                Hacker for: Starbound - Beta    " <<std::endl;
				std::cout << "----------------------------------------------" << std::endl << std::endl;
				std::cout << "Game Status: " << GameStatus << std::endl << std::endl;
				std::cout << "F1 - Item at Cursor = 999: " << stheStatus << std::endl;
				std::cout << "INSERT - EXIT!" << std::endl;
				std::cout << "BaseAdress: " << BaseAdress << std::endl;
				std::cout << "Exe: " << ExeAdress << std::endl;
				std::cout << "dwProcID: " << dwProcID << std::endl;
				updateOnNextRun = false;
				timeSinceLastUpdate = clock();
			}

			if (isGameAvailable)
			{
				WriteToMemory(hProcHandle);
			}
		}
		
		if(clock() - omePressTMR > 400)
		{
			if (isGameAvailable)
			{
				if (GetAsyncKeyState(VK_F1))
				{
					omePressTMR = clock();
					theStatus = !theStatus;
					updateOnNextRun = true;
					if (theStatus)
					{
						stheStatus = "ON";
					}
					else
					{
						stheStatus = "OFF";
					}
				}
			}
		}
	}
	CloseHandle(hProcHandle);
	CloseHandle(hGameWindow);

	return ERROR_SUCCESS;
}

DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress)
{
	DWORD pointer = BaseAdress;
	DWORD pTemp;

	DWORD pointerAdress;

	for (int i = 0; i < Pointerlevel; i++)
	{
		if (i == 0)
		{
			ReadProcessMemory(hProcHandle, (LPCVOID)pointer, &pTemp, sizeof(pTemp), NULL);
		}
		pointerAdress = pTemp + Offsets[i];
		ReadProcessMemory(hProcHandle, (LPCVOID)pointerAdress, &pTemp, sizeof(pTemp), NULL);
	}
	return pointerAdress;
}

void WriteToMemory(HANDLE hProcHandle)
{
	if (theStatus)
	{
		DWORD ChangeMem = FindDmaAddy(4, hProcHandle, Offsets, BaseAdress);
		WriteProcessMemory(hProcHandle,(BYTE*)ChangeMem,&AmmoValue,sizeof(AmmoValue), NULL);
	}
}
I have tried both Offsets but None seems to be working. Do i still do something wrong?
 
Last edited:

Timori

Newbie
Feb 14, 2014
3
102
0
Hey, i just got it working.

What i did was actually add a function posted by Galhali:
C++:
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
    DWORD_PTR dwModuleBaseAddress = 0;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 ModuleEntry32;
        ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
        if (Module32First(hSnapshot, &ModuleEntry32))
        {
            do
            {
                if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
                {
                    dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
                    break;
                }
            }
            while (Module32Next(hSnapshot, &ModuleEntry32));
        }
        CloseHandle(hSnapshot);
    }
    return dwModuleBaseAddress;
}
With this one i just got it working.

Here is my final Code: The Trainer changes the Money Value of Starbound to 2313, because of testing purposes:
All in Main.cpp:
C++:
#include <iostream>
#include <Windows.h>
#include <string>
#include <ctime>
#include <TlHelp32.h>
#include <tchar.h>

//Declaration of Functions
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName);
DWORD FindDmaAddy(int Pointerlevel, HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress);
void WriteToMemory(HANDLE hProcHandle);

//LGameName has to be the exact Window's Name! String GameName is not needed 
std::string GameName = "Starbound";
LPCSTR LGameName = "Starbound - Beta";
std::string GameStatus;

bool isGameAvailable;
bool updateOnNextRun;

//Cash to 2313, Because Hex = 909;
bool StarboundCashStatus;
BYTE CashValue[] = {0x9, 0x9, 0x0, 0x0};
DWORD StaticOffset = {0x1298CC24};
DWORD BaseAdress;
DWORD Offsets[] = {0xe8, 0xd8, 0x84, 0x10};

int main()
{
	HWND hGameWindow = NULL;
	int timeSinceLastUpdate = clock();
	int GameAvail = clock();
	int onePressTMR = clock();
	DWORD dwProcID = NULL;
	HANDLE hProcHandle = NULL;
	updateOnNextRun = true;
	std::string sStarboundCashStatus = "OFF";

	//Checks for Key Insertion every 100 MS
	while(!GetAsyncKeyState(VK_INSERT))
	{
		if (clock() - GameAvail > 100)
		{
			GameAvail = clock();
			isGameAvailable = false;

			hGameWindow = FindWindow(NULL, LGameName);
			if(hGameWindow)
			{
				GetWindowThreadProcessId(hGameWindow, &dwProcID);
				if (dwProcID != 0)
				{
					BaseAdress = dwGetModuleBaseAddress( dwProcID, _T("starbound.exe") );
					hProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcID);
					if (hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL)
					{
						GameStatus = "Failed to open process";
					}
					else
					{
						GameStatus = "Ready to Hack!!";
						isGameAvailable = true;
					}
				}
				else
				{
					GameStatus = "Failed to get Process ID";
				}
			}
			else
			{
				GameStatus = "Game not found!!!";
			}

			// Console Window gets updated every 5000 MS = 5 seconds.
			if (updateOnNextRun || clock() - timeSinceLastUpdate > 5000)
			{
				system("cls");
				std::cout << "----------------------------------------------" << std::endl;
				std::cout << "                Hacker for: Starbound - Beta    " <<std::endl;
				std::cout << "----------------------------------------------" << std::endl << std::endl;
				std::cout << "Game Status: " << GameStatus << std::endl << std::endl;
				std::cout << "F1 - Set Money to 2313: " << sStarboundCashStatus << std::endl;
				std::cout << "INSERT - EXIT!" << std::endl;
				std::cout << "BaseAdress: " << BaseAdress << std::endl; //Debug-Info only, can be removed
				std::cout << "dwProcID: " << dwProcID << std::endl; //Debug-Info only, can be removed
				updateOnNextRun = false;
				timeSinceLastUpdate = clock();
			}

			if (isGameAvailable)
			{
				WriteToMemory(hProcHandle);
			}
		}

		// Every 400 MS, you can Press a Key, which actually activates the Hack. Otherwise it would turn on and off rapidly
		if(clock() - onePressTMR > 400)
		{
			if (isGameAvailable)
			{
				if (GetAsyncKeyState(VK_F1))
				{
					onePressTMR = clock();
					StarboundCashStatus = !StarboundCashStatus;
					updateOnNextRun = true;
					if (StarboundCashStatus)
					{
						sStarboundCashStatus = "ON";
					}
					else
					{
						sStarboundCashStatus = "OFF";
					}
				}
			}
		}
	}
	CloseHandle(hProcHandle);
	CloseHandle(hGameWindow);

	return ERROR_SUCCESS;
}


DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
	DWORD_PTR dwModuleBaseAddress = 0;
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwProcessIdentifier);
	if (hSnapshot != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 ModuleEntry32;
		ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
		if (Module32First(hSnapshot, &ModuleEntry32))
		{
			do
			{
				if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
				{
					dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
					break;
				}
			}
			while (Module32Next(hSnapshot, &ModuleEntry32));
		}
		CloseHandle(hSnapshot);
	}
	return dwModuleBaseAddress;
}

//Note, the Pointerlevel is hardcoded to 4, so if you have a higher Pointerlevel, change the c < 4 to c < Pointerlevel
DWORD FindDmaAddy(HANDLE hProcHandle, DWORD Offsets[], DWORD BaseAdress)
{
	DWORD pointer = BaseAdress;
DWORD pTemp = 0;
DWORD pointerAddr;
 
 for( int c = 0; c < 4; c++ ) // 4 is number of offsets
        {
            if( c == 0 ) 
            {
                if( !ReadProcessMemory( hProcHandle, (LPCVOID)(pointer+StaticOffset ), &pTemp, sizeof(DWORD), NULL ) )//adding Static offset to baseaddress and read proccess memory than put all to pTemp 
                    std::cout << "ERROR IN ADDING BASE ADDRESS TO STATIC OFFSET" << std::endl;
            }
            pointerAddr = pTemp + Offsets[c];  
            if( !ReadProcessMemory( hProcHandle, (LPCVOID)pointerAddr, &pTemp, sizeof(DWORD), NULL ) ) // here we simply adding more offsets in loop 
                std::cout << "ERROR" << std::endl;
        }

 return pointerAddr;

}

void WriteToMemory(HANDLE hProcHandle)
{
	if (StarboundCashStatus)
	{
		DWORD ChangeMem = FindDmaAddy(hProcHandle, Offsets, BaseAdress);
		WriteProcessMemory(hProcHandle,(BYTE*)ChangeMem,&CashValue,sizeof(CashValue), NULL);
	}
}
To have a non hardcoded Pointerlevel in the FindDmaAddy function, add this to the for:
C++:
for( int c = 0; c < sizeof(Offsets); c++ )
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods