Solved Problems with read- /writeprocessmemory on multipointers

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
Hello, I really need guidance on reading and writing to process memory when working with multipointers. The game that I am testing it on is Counter Strike Source and the picture below shows the pointers and offsets. I think the problem is that I haven't included "server.dll"+ baseaddress. But I don't know how to retrieve that, code runs without errors.
View attachment 2888

C++:
#include <iostream>
#include <Windows.h>
#pragma comment(lib, "user32.lib")

using namespace std;


BYTE AmmoValue[] = {0x7B, 0x0, 0x0, 0x0}; // 123
DWORD BaseAddress = 0x004EE83C;
DWORD AmmoOffsets[] = {0x49C, 0x40, 0x50};
DWORD pId;
DWORD first = 0x50;
DWORD second = 0x40;
DWORD third = 0x49C;
size_t value = 123;

DWORD FindDmaAddy(int PointerLevel, HANDLE hProc, DWORD Offsets[], DWORD BaseAddress) {
    DWORD pointer = BaseAddress;
    DWORD pTemp;

    DWORD pointerAddr;
    for (int i = 0; i < PointerLevel; i++) {
        if (i == 0) {
            ReadProcessMemory(hProc, (LPCVOID)pointer, &pTemp, sizeof(pTemp), NULL);
        }

        pointerAddr = pTemp + Offsets[i];
        ReadProcessMemory(hProc, (LPCVOID)pointerAddr, &pTemp, sizeof(pTemp), NULL);
    }
    return pointerAddr;
}


void WriteToMemory(HANDLE hProc) {
    DWORD AmmoAddressToWrite;
    AmmoAddressToWrite = FindDmaAddy(3, hProc, AmmoOffsets, BaseAddress);
    WriteProcessMemory(hProc, (BYTE*)AmmoAddressToWrite, &AmmoValue, sizeof(AmmoValue), NULL);
}






int main() {
    // FindWindow();
    HWND hWnd = FindWindow(0, L"Counter-Strike Source");

    GetWindowThreadProcessId(hWnd, &pId);
    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, pId);
    if (hProc) {
        cout << "Opened Process..." << endl;
    }


    WriteToMemory(hProc);



    cin.get();
    CloseHandle(hProc);

}
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
Here's your problem like you said:

C++:
DWORD BaseAddress = 0x004EE83C;
In your screenshot of your pointer the BaseAddress = "server.dll" + 004EE83C.
You need to find where server.dll loads into memory and add 004ee83c to it. This is the address you need to assign BaseAddress to. More on that in a bit.

C++:
DWORD AmmoOffsets[] = {0x49C, 0x40, 0x50};
You wrote these in the wrong order is should be {0x50, 0x40, 0x49C}.
To help you understand. FindDMAAddy reads the value pointed to by base address and adds 0x50 to it. Then it reads that address's value, adds 0x40 to it. Then it Reads that address's value and adds 0x50 to it. That is the address of your ammo value.

All these questions are answered by doing the guide:
https://guidedhacking.com/starthere

Specifically:
https://guidedhacking.com/threads/how-to-hack-any-game-tutorial-c-external-trainer-part-2.10897/
 
Last edited:

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
If you watch Fleep's Bunnyhop/Aimbot/Triggerbot/ESP video tutorials, he uses a file called HackProcess.h that allows you to use addresses in these sections. You'd have to modify HackProcess.h to include server.dll, though.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
FYI I have 0 experience with Source Engine.
This is assuming you found a very reliable pointer.
This has worked for me 100%, may not for every game.

To equate "server.dll" + 004EE83:

Load your game in cheat engine.
Go to Memory Viewer.
In the Tools drop down menu select Dissect PE Headers.
Select server.dll and hit info.
On the right under the ALL tab find "Preferred Imagebase".

This is where the server.dll start address will be allocated by the game.
(Note this is the preferred location it will allocate elsewhere if that area is already being used by another program)

Add 004ee83 to that value.

Now edit your pointer to ammo in cheat engine and plug in this new address you have equated from above as your base address. Does the pointer still point to the correct address and read the correct value for your current ammo?

Test it and if it is reliable can use it as your base address in your trainer.

Alternative when you are better with C++: function CreateToolhelp32Snapshot - google it
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
Here's your problem like you said:

C++:
DWORD BaseAddress = 0x004EE83C;
In your screenshot of your pointer the BaseAddress = "server.dll" + 004EE83C.
You need to find where server.dll loads into memory and add 004ee83c to it. This is the address you need to assign BaseAddress to. More on that in a bit.

C++:
DWORD AmmoOffsets[] = {0x49C, 0x40, 0x50};
You wrote these in the wrong order is should be {0x50, 0x40, 0x49C}.
To help you understand. FindDMAAddy reads the value pointed to by base address and adds 0x50 to it. Then it reads that address's value, adds 0x40 to it. Then it Reads that address's value and adds 0x50 to it. That is the address of your ammo value.

You may have other issues lets address these problems first.
Ok, I'll look into that thanks.
You need to find where server.dll loads into memory and add 004ee83c to it.
How can I assign server.dll + 004EE83C to baseaddress?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
Anyone want to chime in on my method of finding base address of a loaded module? I had been trying to figure it out for like 3 weeks and with enough coffee I came up with that
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
This time BaseAddr = "server.dll"+0x004EE83C And server.dll address found using AnomanderRake's method.
View attachment 2891
To help me better understand the writing concept. Could I do something like this?
C++:
ReadProcessMemory(hProc, (LPVOID*)(BaseAddr + baseoffset), &secondPtr, sizeof(secondPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(secondPtr + secondOff), &thirdPtr, sizeof(thirdPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(thirdPtr + finalOff), &finalPtr, sizeof(finalPtr), 0)
Is this how I read it all into lets say finalPtr and then use something like:
C++:
WriteProcessMemory(hProc, (PBYTE*)(finalPtr), valueToReplace, sizeof(valueToReplace), 0) ?
EDIT: @AnomanderRake the pointer was reliable, I'm going to test it out in my code
 
Last edited:

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
This time BaseAddr = "server.dll"+0x004EE83C And server.dll address found using AnomanderRake's method.
View attachment 2892
To help me better understand the writing concept. Could I do something like this?
C++:
ReadProcessMemory(hProc, (LPVOID*)(BaseAddr + baseoffset), &secondPtr, sizeof(secondPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(secondPtr + secondOff), &thirdPtr, sizeof(thirdPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(thirdPtr + finalOff), &finalPtr, sizeof(finalPtr), 0)
Is this how I read it all into lets say finalPtr and then use something like:
C++:
WriteProcessMemory(hProc, (PBYTE*)(finalPtr), valueToReplace, sizeof(valueToReplace), 0) ?
EDIT: @AnomanderRake the pointer was reliable, I'm going to test it out in my code
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
Anyone want to chime in on my method of finding base address of a loaded module? I had been trying to figure it out for like 3 weeks and with enough coffee I came up with that
This time BaseAddr = "server.dll"+0x004EE83C And server.dll address found using AnomanderRake's method.
To help me better understand the writing concept. Could I do something like this?
C++:
ReadProcessMemory(hProc, (LPVOID*)(BaseAddr + baseoffset), &secondPtr, sizeof(secondPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(secondPtr + secondOff), &thirdPtr, sizeof(thirdPtr), 0)
ReadProcessMemory(hProc, (LPVOID*)(thirdPtr + finalOff), &finalPtr, sizeof(finalPtr), 0)
Is this how I read it all into lets say finalPtr and then use something like:
C++:
WriteProcessMemory(hProc, (PBYTE*)(finalPtr), valueToReplace, sizeof(valueToReplace), 0) ?
EDIT: @AnomanderRake the pointer was reliable, I'm going to test it out in my code
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
BUMP... my main problem is that it won't work even though I add the right address of server.dll + baseaddr. I am compiling on 32bit os
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
You might have to use HackProcess.h, and edit it to serve your needs.
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
Well, I finally got it working. I wasn't adding the offsets correctly thanks to you all
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
I was about to mention the same thing! As GingerbreadMan said Hackprocess.h contains one method of using CreateToolhelp32Snapshot to read your module base address but I haven't looked into function yet. Glad we could help!
 

zepixx

Newbie
Full Member
Aug 29, 2014
27
168
0
I was about to mention the same thing! As GingerbreadMan said Hackprocess.h contains one method of using CreateToolhelp32Snapshot to read your module base address but I haven't looked into function yet. Glad we could help!
Yes, thanks a bunch. I learnt something from this, cheers! :)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Similar threads

Community Mods