Solved Memory Addresses! :/

Hexui Undetected CSGO Cheats PUBG Accounts

Ollie

Newbie
Full Member
Feb 2, 2013
11
202
0
Sorry for spamming my threads here, but I've got quite a lot of questions and this forums is pretty helpful so yeah.

I tried getting static memory address for "Spider Solitaire" game's score value.

I managed to find this pointer:
0xffdd5f78 + 0xE8 + 0x14, which points to my score perfectly fine, but it's not static.

When I check what accesses this pointer, I can find "mov rax,SpiderSolitaire.exe+000b5f78"?

So what is this SpiderSolitaire.exe doing there, and how can i turn that into a memory address?

 

Rake

I'm not your friend
Administrator
Jan 21, 2014
13,032
79,068
2,469
C#:
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace RakeCSharp
{
    internal class RakeCSMem
    {
        [DllImport("kernel32.dll")]
        private static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);

        public static IntPtr FindDMAAddy(IntPtr hProc, IntPtr ptr, int[] offsets)
        {
            var buffer = new byte[IntPtr.Size];
            foreach (int i in offsets)
            {
                ReadProcessMemory(hProc, ptr, buffer, buffer.Length, out var read);

                ptr = (IntPtr.Size == 4)
                ? IntPtr.Add(new IntPtr(BitConverter.ToInt32(buffer, 0)), i)
                : ptr = IntPtr.Add(new IntPtr(BitConverter.ToInt64(buffer, 0)), i);
            }
            return ptr;
        }

        public static IntPtr GetModuleBaseAddress(Process proc, string modName)
        {
            IntPtr addr = IntPtr.Zero;

            foreach (ProcessModule m in proc.Modules)
            {
                if (m.ModuleName == modName)
                {
                        addr = m.BaseAddress;
                        break;
                }
            }
                return addr;
        }

        private static void Main(string[] args)
        {
            Process process;

            process = Process.GetProcessesByName("ac_client")[0];

            var hProc = OpenProcess(0x001F0FFF, false, process.Id);

            var modBase = GetModuleBaseAddress(process, "ac_client.exe");

            var addr = FindDMAAddy(hProc, (IntPtr)0x50f4f4, new int[] { 0x374, 0x14, 0 });

            Console.WriteLine("0x" + addr.ToString("X"));
        }
    }
}
 
Last edited:

Crazywink

Hacker
Meme Tier VIP
Dank Tier Donator
Jul 18, 2012
626
4,613
17
SpiderSolitaire.exe is referring to the program's base address. Something along the lines of.. (If you're doing it in C#.)
C++:
System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("SpiderSolitaire"); 

int baseAddy = processes[0].MainModule.BaseAddress.ToInt32();
Will return the base address, from which you add the proceeding address and offsets. :)

Crazywink
 

Ollie

Newbie
Full Member
Feb 2, 2013
11
202
0
This is what I use when getting the base address using C++: (Thanks to Flyte from Cheat Engine Forums for this)

C++:
DWORD GetModuleBase(HANDLE hProc, string &sModuleName) 
{ 
   HMODULE *hModules; 
   char szBuf[50]; 
   DWORD cModules; 
   DWORD dwBase = -1; 
   //------ 

   EnumProcessModules(hProc, hModules, 0, &cModules); 
   hModules = new HMODULE[cModules/sizeof(HMODULE)]; 
    
   if(EnumProcessModules(hProc, hModules, cModules/sizeof(HMODULE), &cModules)) { 
      for(int i = 0; i < cModules/sizeof(HMODULE); i++) { 
         if(GetModuleBaseName(hProc, hModules[i], szBuf, sizeof(szBuf))) { 
            if(sModuleName.compare(szBuf) == 0) { 
               dwBase = (DWORD)hModules[i]; 
               break; 
            } 
         } 
      } 
   } 

   delete[] hModules; 

   return dwBase; 
}
To use:
C++:
GetModuleBase(hProc, string("spidersolitaire.exe"));

Thanks but GetModuleBase() always returns 0xFFFFFFFF for some reason.
 
Community Mods