Solved Need Help with "WriteProcessMemory"

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat
Status
Not open for further replies.

Nemesis3212

Newbie
Full Member
Oct 25, 2013
7
172
0
Hey,

this is my frist time trying to use this function. I wanted to create a little trainer for Assault Cube and used Fleep's guide as refence. Sadly i can't find my error. Everything works great but the WriteProcessMemory part.

Here's my code:
C++:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include <string>
#include <TlHelp32.h>
#include <tchar.h>


using namespace std;

HWND hwnd = FindWindow(0, L"AssaultCube");
DWORD ReadAdress(HANDLE ProcessHandle, int PointerLevel, DWORD StaticOffset, DWORD Offsets[], DWORD BaseAdress);
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName);

DWORD id;
HANDLE processhandle;

DWORD EXEBaseAdress;
bool hackrunning = false;
bool endprocess = false;

DWORD HealthStaticOffset = 0x00109B74;
DWORD HealthOffsets[] = { 0xf8 };
DWORD HealthValue;
DWORD FullHealth[] = { 0x64 };

DWORD RifleAmmoStaticOffset = 0x0010F4F4;
DWORD RifleAmmoOffsets[] = { 0x150 };
DWORD RifleAmmoValue;
DWORD FullRifleAmmo[] = { 0x14 };


int main(){
	if (!hwnd) cout << "AssaultCube not found!" << endl;
	else{
		GetWindowThreadProcessId(hwnd, &id);
		processhandle = OpenProcess(PROCESS_ALL_ACCESS, false, id);
		DWORD EXEBaseAdress = dwGetModuleBaseAddress(id, _T("ac_client.exe"));
		while (endprocess == false){
			if (GetAsyncKeyState(VK_INSERT)){
				hackrunning = true;
			}
			if (GetAsyncKeyState(VK_END)){
				hackrunning = false;
			}
			if (GetAsyncKeyState(VK_DELETE)){
				endprocess = true;
			}
			if (hackrunning == false){
				system("cls");
				cout << "Hack paused!" << endl;
				cout << "Press INSERT to activate it." << endl;
			}
			else{
				HealthValue = ReadAdress(processhandle, 1, HealthStaticOffset, HealthOffsets, EXEBaseAdress);
				WriteProcessMemory(processhandle, (LPVOID)HealthValue, &FullHealth, sizeof(FullHealth), NULL);
				RifleAmmoValue = ReadAdress(processhandle, 1, RifleAmmoStaticOffset, RifleAmmoOffsets, EXEBaseAdress);
				WriteProcessMemory(processhandle, (LPVOID)RifleAmmoValue, &FullRifleAmmo, sizeof(FullRifleAmmo), NULL);

				system("cls");
				cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" << endl;
				cout << "       AssaultCube found!" << endl;
				cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" << endl;
				cout << "Press INSERT to start the Hack" << endl;
				cout << "Press END to stop the Hack" << endl;
				cout << "Press DELETE to end the Process" << endl;
				cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" << endl;
				cout << "Current Health: " << HealthValue << endl;
				cout << "Current RifleAmmo: " << RifleAmmoValue << endl;
				cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" << endl;
				cout << "Current Status: " << hackrunning << endl;
				cout << "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" << endl;
			}
		}
	}
	return 0;
}


DWORD ReadAdress(HANDLE ProcessHandle, int PointerLevel, DWORD StaticOffset, DWORD Offsets[], DWORD BaseAdress){
	DWORD TempAdress;
	int c = 0;
	int PointerCounter = 1;
	if (PointerLevel == 0){
		TempAdress = BaseAdress + StaticOffset;
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	if (PointerLevel >= 1){
		TempAdress = BaseAdress + StaticOffset;
		while (PointerCounter <= PointerLevel){
			ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
			TempAdress += Offsets[c];
			PointerCounter++;
			c++;
		}
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	return TempAdress;
}


DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
	DWORD_PTR dwModuleBaseAddress = 0;
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
	if (hSnapshot != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 ModuleEntry32;
		ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
		if (Module32First(hSnapshot, &ModuleEntry32))
		{
			do
			{
				if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
				{
					dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
					break;
				}
			} while (Module32Next(hSnapshot, &ModuleEntry32));
		}
		CloseHandle(hSnapshot);
	}
	return dwModuleBaseAddress;
}

Another question is why Fleep used an array with a size of 4 to write a new value to health and ammo. Is maybe something wrong with the value im trying to write at the process?

Thanks in advance,

Nemesis3212.
 

Nemesis3212

Newbie
Full Member
Oct 25, 2013
7
172
0
I dont get any error. The program compiles and runes fine, but it doesn't write the values. I can empty my magazine and nothing happens. As far as i understood it the writefunction should reset the ammostatus to a given number. But its just not working :/
 

Crazywink

Hacker
Meme Tier VIP
Dank Tier Donator
Jul 18, 2012
626
4,613
17
I haven't had time to look at your source but I noticed your address are different from Fleep's, maybe try his base and offsets and see if that works. :)
 

Nemesis3212

Newbie
Full Member
Oct 25, 2013
7
172
0
reading works great. I dont have any problem with that. The only problem is writing because it doesn't work at all.
 

NebulaGrey

Newbie
Full Member
Jun 8, 2014
30
218
1
I think you're reading up to your value then writing to that.
If your Reads are working your writes must also work. Be sure you're reading through your pointers and stopping at the right address.
 

GAFO666

Hacker
Meme Tier VIP
Aug 19, 2012
520
3,188
23
-.-' why ppl ever use rpm and wpm if there are easier ways, so my default answer here ..... :
C++:
//Put your old stuff 
DWORD RifleAmmoStaticOffset = 0x0010F4F4;
DWORD RifleAmmoOffsets[] = { 0x150 };
DWORD RifleAmmoValue;
DWORD FullRifleAmmo[] = { 0x14 };

//to following:
DWORD RiffleAmmo = yourBase + yourOffset;

while(InfiniteAmmo)
{
        *((float*)(RiffleAmmo)) = 666;
}

// reading like
cout << "Curr Ammo: " << *((float*)(RiffleAmmo)) << endl;
,greez

ps: or continue use wpm and stuff, i hate wpm/rpm xD
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
-.-' why ppl ever use rpm and wpm if there are easier ways, so my default answer here ..... :
C++:
//Put your old stuff 
DWORD RifleAmmoStaticOffset = 0x0010F4F4;
DWORD RifleAmmoOffsets[] = { 0x150 };
DWORD RifleAmmoValue;
DWORD FullRifleAmmo[] = { 0x14 };

//to following:
DWORD RiffleAmmo = yourBase + yourOffset;

while(InfiniteAmmo)
{
        *((float*)(RiffleAmmo)) = 666;
}

// reading like
cout << "Curr Ammo: " << *((float*)(RiffleAmmo)) << endl;
,greez

ps: or continue use wpm and stuff, i hate wpm/rpm xD
Well considering they are hacking their game of choice externally they have no choice to use WPM/RPM or an engine function enumerated, this thread was also pretty old and I think the guy fixed it, although if you haven't fixed it yet I would suggest checking your loops and if statements and possibly use my memory class that I posted it is much easier to use, and much easier to help you if you have problems whilst using it.
 

Nemesis3212

Newbie
Full Member
Oct 25, 2013
7
172
0
I wasnt able to fix my problem yet. As i said, reading works perfectly fine. Assault Cube is the second game i used to read some adresses with the same method and it worked great every time. The only problem is that writing doesn't seem to be successfull at all! I really can't find my mistake. Here is another example that shows my problem maybe a bit better.

Main Function:
C++:
//Rifle Ammo
DWORD RifleStaticCast = 0x0010F4F4;
DWORD RifleOffsets[] = { 0x150 };
DWORD RifleValue;
int FullAmmo = 21;

int main(){
	if (!hwnd) cout << "AssaultCube not found!" << endl;
	else{
		GetWindowThreadProcessId(hwnd, &id);
		processhandle = OpenProcess(PROCESS_ALL_ACCESS, false, id);
		DWORD EXEBaseAdress = dwGetModuleBaseAddress(id, _T("ac_client.exe"));

		while (1 < 2){
			RifleValue = ReadAdress(processhandle, 1, RifleStaticCast, RifleOffsets, EXEBaseAdress);

			if (RifleValue <= 19){
				cout << "Low ammo detected!" << endl;
				RifleValue = ReadAdress(processhandle, 1, RifleStaticCast, RifleOffsets, EXEBaseAdress);

				if (WriteProcessMemory(processhandle, (LPVOID)RifleValue, &FullAmmo, sizeof(FullAmmo), NULL)){
					cout << "Value has got changed!";
				}
				else{
					cout << "Value hasn't been changed!";
				}
				system("cls");
			}
			else{
				cout << "Ammo is full!";
				system("cls");
			}
		}
	}
	system("pause");
	return 0;
}
external functions:
C++:
DWORD ReadAdress(HANDLE ProcessHandle, int PointerLevel, DWORD StaticOffset, DWORD Offsets[], DWORD BaseAdress){
	DWORD TempAdress;
	int c = 0;
	int PointerCounter = 1;
	if (PointerLevel == 0){
		TempAdress = BaseAdress + StaticOffset;
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	if (PointerLevel >= 1){
		TempAdress = BaseAdress + StaticOffset;
		while (PointerCounter <= PointerLevel){
			ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
			TempAdress += Offsets[c];
			PointerCounter++;
			c++;
		}
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	return TempAdress;
}


DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
	DWORD_PTR dwModuleBaseAddress = 0;
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
	if (hSnapshot != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 ModuleEntry32;
		ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
		if (Module32First(hSnapshot, &ModuleEntry32))
		{
			do
			{
				if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
				{
					dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
					break;
				}
			} while (Module32Next(hSnapshot, &ModuleEntry32));
		}
		CloseHandle(hSnapshot);
	}
	return dwModuleBaseAddress;
}
This is adress in Cheat Engine:
w1ZgvVd.png


As i said, reading works great. The only problem is writing. When i start my code and my magazine is full (20) my cmd window writes: "Ammo is full!". As soon as i start shooting my output flips over to "Low ammo detected! Value hasn't been changed".

I hope you can help me, because im really unable to find any solution at that point :)
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
I wasnt able to fix my problem yet. As i said, reading works perfectly fine. Assault Cube is the second game i used to read some adresses with the same method and it worked great every time. The only problem is that writing doesn't seem to be successfull at all! I really can't find my mistake. Here is another example that shows my problem maybe a bit better.

Main Function:
C++:
//Rifle Ammo
DWORD RifleStaticCast = 0x0010F4F4;
DWORD RifleOffsets[] = { 0x150 };
DWORD RifleValue;
int FullAmmo = 21;

int main(){
	if (!hwnd) cout << "AssaultCube not found!" << endl;
	else{
		GetWindowThreadProcessId(hwnd, &id);
		processhandle = OpenProcess(PROCESS_ALL_ACCESS, false, id);
		DWORD EXEBaseAdress = dwGetModuleBaseAddress(id, _T("ac_client.exe"));

		while (1 < 2){
			RifleValue = ReadAdress(processhandle, 1, RifleStaticCast, RifleOffsets, EXEBaseAdress);

			if (RifleValue <= 19){
				cout << "Low ammo detected!" << endl;
				RifleValue = ReadAdress(processhandle, 1, RifleStaticCast, RifleOffsets, EXEBaseAdress);

				if (WriteProcessMemory(processhandle, (LPVOID)RifleValue, &FullAmmo, sizeof(FullAmmo), NULL)){
					cout << "Value has got changed!";
				}
				else{
					cout << "Value hasn't been changed!";
				}
				system("cls");
			}
			else{
				cout << "Ammo is full!";
				system("cls");
			}
		}
	}
	system("pause");
	return 0;
}
external functions:
C++:
DWORD ReadAdress(HANDLE ProcessHandle, int PointerLevel, DWORD StaticOffset, DWORD Offsets[], DWORD BaseAdress){
	DWORD TempAdress;
	int c = 0;
	int PointerCounter = 1;
	if (PointerLevel == 0){
		TempAdress = BaseAdress + StaticOffset;
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	if (PointerLevel >= 1){
		TempAdress = BaseAdress + StaticOffset;
		while (PointerCounter <= PointerLevel){
			ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
			TempAdress += Offsets[c];
			PointerCounter++;
			c++;
		}
		ReadProcessMemory(ProcessHandle, (LPCVOID)TempAdress, &TempAdress, sizeof(TempAdress), 0);
	}
	return TempAdress;
}


DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *szModuleName)
{
	DWORD_PTR dwModuleBaseAddress = 0;
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
	if (hSnapshot != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 ModuleEntry32;
		ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
		if (Module32First(hSnapshot, &ModuleEntry32))
		{
			do
			{
				if (_tcscmp(ModuleEntry32.szModule, szModuleName) == 0)
				{
					dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
					break;
				}
			} while (Module32Next(hSnapshot, &ModuleEntry32));
		}
		CloseHandle(hSnapshot);
	}
	return dwModuleBaseAddress;
}
This is adress in Cheat Engine:
View attachment 2623


As i said, reading works great. The only problem is writing. When i start my code and my magazine is full (20) my cmd window writes: "Ammo is full!". As soon as i start shooting my output flips over to "Low ammo detected! Value hasn't been changed".

I hope you can help me, because im really unable to find any solution at that point :)

You would be better off using my memory class https://guidedhacking.com/showthread.php?5093-Nether-s-C-Memory-Class-V1-6 and once you have initiated the class etc.

You can get "ac_client.exe" address like this.

C++:
DWORD Base = mem.module("ac_client.exe")
Use To Write:

C++:
mem.write<int>(Base+0x10F4F4, "/x150/*", 1337);
Use To Read Out Value Of Pointer

C++:
int Value = mem.read<int>(Base+0x10F4F4, "/x150/*", true);
_cwprintf(L"Pointer Value = [ %d ]", Value);

or


C++:
DWORD Base = mem.module("ac_client.exe")
Base += 0x10F4F4;
Use To Write:

C++:
mem.write<int>(Base+0x150, 1337);
Use To Read Out Value Of Pointer

C++:
int Value = mem.read<int>(Base+0x150);
_cwprintf(L"Value = [ %d ]", Value);
 

GAFO666

Hacker
Meme Tier VIP
Aug 19, 2012
520
3,188
23
well i always do intern hacks Nether, but normaly if you do it extern wpm & stuff should be fine as well, just wondering cuz the memory used by programs is taken from your memory of your pc, means if one programm is running it should be possible to access the used memory by another one by simple pointer arithmetic as well. (as its possible intern)
and yeh that class for memory editorial is made pretty fine (i like the style but i do always intern so i dont use it .. :p )

,greez
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
well i always do intern hacks Nether, but normaly if you do it extern wpm & stuff should be fine as well, just wondering cuz the memory used by programs is taken from your memory of your pc, means if one programm is running it should be possible to access the used memory by another one by simple pointer arithmetic as well. (as its possible intern)
and yeh that class for memory editorial is made pretty fine (i like the style but i do always intern so i dont use it .. :p )

,greez
fair enough, and that does leave room for lots of questions, such as modules that are running on your PC from start up to finish that also get direct relations to games(or other apps) then i guess your internal method would work fine, although I only know of kernel hooking (that's always running and on every application) , and I have not done that nor could do that at my current level.
 
Status
Not open for further replies.
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods