Solved ReadProcessMemory not returning to var

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

real_fff

Newbie
Full Member
Aug 10, 2017
5
52
0
I'm trying to read an address to another var (eventually to work with multi threaded pointers), but ReadProcessMemory will not output anything.
C++:
#include "stdafx.h"
#include <Windows.h>
#include <iostream>

#define num0 0x60
#define F6 0x75

DWORD pid = 0;
DWORD buffer = 0;
DWORD localHealth = 0;
const DWORD localHealthBase = 0x01295540;
const DWORD localHealthOffset1 = 0x24;
const DWORD localHealthOffset2 = 0x10;
const DWORD localHealthOffset3 = 0x500;
const DWORD localHealthOffset4 = 0x6A0;
const DWORD localHealthOffset5 = 0x2B0;
-snip-
int main()
{
    int i = 0;
    HWND hWnd = FindWindowA(0, ("7 Days To Die"));
    GetWindowThreadProcessId(hWnd, &pid);
    HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    std::cout << "Process ID: " << pid << std::endl; //outputs correct PID
    std::cout << localHealthBase << std::endl; //outputs correct Base Address
    ReadProcessMemory(pHandle,(void*)localHealthBase,&localHealth,sizeof(localHealth),NULL);
        //^^^I've tried with LPCVOID, LPCVOID*, and PBYTE* to no avail
    std::cout << localHealth << std::endl; //outputs 0
-snip-

VS Output: (Though program does compile and run properly until ReadProcessMemory)
-snip- *correct loading*
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntdll.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel32.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\KernelBase.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\user32.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\gdi32.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\lpk.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\usp10.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcrt.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\advapi32.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sechost.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\rpcrt4.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sspicli.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\cryptbase.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcp140d.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\vcruntime140d.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ucrtbased.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\imm32.dll'. Cannot find or open the PDB file.
'7Days.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msctf.dll'. Cannot find or open the PDB file.

This is an external hack.
Thanks,
Real


C++:
#include "stdafx.h"
#include <Windows.h>
#include <iostream>
#include <tlhelp32.h>
#include <tchar.h>

#define num0 0x60
#define F6 0x75

const DWORD localHealthBase = 0x01295540;
const DWORD localHealthOffset1 = 0x24;
const DWORD localHealthOffset2 = 0x10;
const DWORD localHealthOffset3 = 0x500;
const DWORD localHealthOffset4 = 0x6A0;
const DWORD localHealthOffset5 = 0x2B0;


void godMode(HANDLE pHandle, DWORD health, int myHealth);
DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcID, TCHAR *szModuleName);
bool godStatus = false;

int main()
{
    DWORD buffer = 0, localHealth = 0, moduleBase = 0, pid = 0;
    int i = 0;
    HWND hWnd = FindWindowA(0, ("7 Days To Die"));
    GetWindowThreadProcessId(hWnd, &pid);
    HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    std::cout << "Process ID: " << pid << std::endl; //returns correct PID
    std::cout << "Handle: " << pHandle << std::endl; //returns 00000060 (what should it return?)
    moduleBase = dwGetModuleBaseAddress(pid, _T("7DaysToDie.exe"));
    std::cout << "Module Base: " << moduleBase << std::endl; //returns null
    ReadProcessMemory(pHandle,(LPCVOID*)moduleBase,&localHealth,sizeof(localHealth),NULL);
    std::cout << localHealth << std::endl; //returns null
    /*ReadProcessMemory(pHandle, (LPCVOID*)localHealthBase + localHealthOffset1, &buffer, sizeof(buffer), NULL);
    ReadProcessMemory(pHandle, (LPCVOID*)buffer + localHealthOffset2, &buffer, sizeof(buffer), 0);
    ReadProcessMemory(pHandle, (LPCVOID*)buffer + localHealthOffset3, &buffer, sizeof(buffer), 0);
    ReadProcessMemory(pHandle, (LPCVOID*)buffer + localHealthOffset4, &buffer, sizeof(buffer), 0);
    ReadProcessMemory(pHandle, (LPCVOID*)buffer + localHealthOffset5, &localHealth, sizeof(localHealth), 0); */
    int myHealth = 1117257728;
    while (!GetAsyncKeyState(F6)) {
        if (i == 0) {
            std::cout << "While loop works." << std::endl;
            i++;
        }
        else i++;
        godMode(pHandle, localHealth, myHealth);
    }
    return 0;
}

DWORD_PTR dwGetModuleBaseAddress(DWORD dwProcID, TCHAR *szModuleName)
{
    DWORD_PTR dwModuleBaseAddress = 0;
    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcID);
    if (hSnapshot != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 ModuleEntry32;
        ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
        if (Module32First(hSnapshot, &ModuleEntry32))
        {
            do
            {
                if (_tcsicmp(ModuleEntry32.szModule, szModuleName) == 0)
                {
                    dwModuleBaseAddress = (DWORD_PTR)ModuleEntry32.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnapshot, &ModuleEntry32));
        }
        CloseHandle(hSnapshot);
    }
    return dwModuleBaseAddress;
}

void godMode(HANDLE pHandle, DWORD health, int myHealth) {
    if (GetAsyncKeyState(num0)) {
        godStatus = !godStatus;
        std::cout << "toggled" << std::endl;

    }
    if (!godStatus) {
        return;
    }
    WriteProcessMemory(pHandle, (LPVOID)health, &myHealth, sizeof(myHealth), 0);
}
I'd really like to solve the problems one problem at a time. I guess if you see later issues go ahead and point them out, but I am aware of the method to add offsets (I could be wrong), but I can't implement that until I have the first couple steps working. (getting module base address and getting it to read to another buffer dword)
I am building the application in Visual Studio 2017 Community Debug, and it compiles correctly.
I am running it with admin rights.
Possible immediate errors:
-calling of dwGetModuleBase function or code itself
-calling of ReadProcessMemory function (specifically the type LPCVOID*/etc)
 
Last edited by a moderator:

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
We are all supposing that the game doesn't have any anti-hacking measures.
But you do know that 7 Days to Die uses EAC right? Are you even bypassing it?
If not, that's the problem, it's for sure stripping your handle.
 

Paga

Newbie
Full Member
Jul 23, 2017
11
59
1
Are you sure your address is static? And if it's not and that's what the offsets are for then why aren't you using them?

For a basic ReadProcessMemory what you did was alright, the problem isn't there most likely. You should add some checks to everything firstly though, like for RPM:
C++:
	if (!ReadProcessMemory(pHandle, reinterpret_cast<void*>(localHealthBase), &localHealth, sizeof(localHealth), nullptr))
	{
		std::cout << "There was an error while trying to read the value of the address " << std::hex << localHealthBase;
		getchar();
		return false;
	}
And if you're staying external, you may need to get debug privileges for your console program in order to open a handle:
C++:
bool SeDebugPrivilege(bool IsOn) {
	unsigned int zCheck = NULL;
	HANDLE hToken;
	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
		return false;

	TOKEN_PRIVILEGES tPriv;
	tPriv.PrivilegeCount = { 1 };
	if (tPriv.Privileges[0].Attributes == IsOn)
		SE_PRIVILEGE_ENABLED;
	else
		return false;

	if (!LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &tPriv.Privileges[0].Luid)) {
		CloseHandle(hToken);
		return false;
	}
	if (!AdjustTokenPrivileges(hToken, FALSE, &tPriv, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr)) {
		CloseHandle(hToken);
		return false;
	}
	CloseHandle(hToken);
	return true;
}
And if you want to add the offsets to the address you could use a GetDMAAddy function from this forum. You place your offsets in a reversed order at the end of the function, after the numOffsets var. Credits to R A K E *for the bad code, this nibba use "..." lmfao

C++:
uintptr_t EvaluatePointerVA(HANDLE hProcHandle, uintptr_t pointer, size_t numOffsets, ...)
{
	va_list args;
	va_start(args, numOffsets);
	if (!ReadProcessMemory(hProcHandle, (LPCVOID)pointer, &pointer, sizeof(pointer), NULL))
		return false;
	for (size_t i = 0; i < numOffsets; i++)
	{
		uintptr_t offset = va_arg(args, uintptr_t);
		if (!ReadProcessMemory(hProcHandle, (LPVOID)(pointer + offset), &pointer, sizeof(pointer), nullptr))
			return false;
	}
	va_end(args);
	return pointer;
}
C++:
	UINT_PTR localHealthADDY = EvaluatePointerVA(pHandle, localHealthBase, 5, 0x2B0, 0x6A0, 0x500, 0x10, 0x24);

Hope this mess helped, it took like 1 hour to write with a 50 minute break in-between
 
  • Like
Reactions: Rake

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
Are youn sure LocalHealth(0x1295540) is a addy and not an offset?
Because you would need to sum it with the .exe base
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,061
78,998
2,370
Your address is a dynamic address, it will change everytime. You must use a pointer.
 

real_fff

Newbie
Full Member
Aug 10, 2017
5
52
0
Are you sure your address is static? And if it's not and that's what the offsets are for then why aren't you using them?

For a basic ReadProcessMemory what you did was alright, the problem isn't there most likely. You should add some checks to everything firstly though, like for RPM:
-snip-

And if you're staying external, you may need to get debug privileges for your console program in order to open a handle:
-snip-

And if you want to add the offsets to the address you could use a GetDMAAddy function from this forum. You place your offsets in a reversed order at the end of the function, after the numOffsets var. Credits to R A K E *for the bad code, this nibba use "..." lmfao

-snip-

Hope this mess helped, it took like 1 hour to write with a 50 minute break in-between
The address is the base address before adding offsets, but I have not exited the process through this progress. I have 5 offsets to add, but I need to be able to read something to add the offsets. To my knowledge, whether the address is dynamic or not shouldn't have anything to do with whether or not I can read it at all. I have been using checks, but I have been messing with them and switched out in this version, sorry.

As far as debug, I'll consider doing that, but I have been running it as administrator to no avail.

Also, I have considered using the function, but it wouldn't work either if I can't read the address.
Are youn sure LocalHealth(0x1295540) is a addy and not an offset?
Because you would need to sum it with the .exe base
I do need to sum it with the .exe, the function doesn't sum it by default?

Rake;50779 said:
Your address is a dynamic address, it will change everytime. You must use a pointer.
(from above) The address is the base address before adding offsets, but I have not exited the process through this progress. I have 5 offsets to add, but I need to be able to read something to add the offsets. To my knowledge, whether the address is dynamic or not shouldn't have anything to do with whether or not I can read it at all.


EDIT: Also thank you guys for the help. I'm somewhat new, and I appreciate it.
 
Last edited:

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
Also have you tried calling GetLastError after the call to RPM and if so then what's the error?
I don't see anything wrong with the call to RPM though, looks like it should succeed.

What I believe is going on here is that 0x01295540 is an offset from the base address of the .exe and the call to RPM is succeeding, and returning the correct value.
It's just reading from a location you didn't intend, and returning a value you didn't expect :p
Use this tutorial to learn how to get the base of a module so that you can add it to your offsets :)

Good luck homie!
 

real_fff

Newbie
Full Member
Aug 10, 2017
5
52
0
I did use GetLastError(), but it didn't return anything.
Also have you tried calling GetLastError after the call to RPM and if so then what's the error?
I don't see anything wrong with the call to RPM though, looks like it should succeed.

What I believe is going on here is that 0x01295540 is an offset from the base address of the .exe and the call to RPM is succeeding, and returning the correct value.
It's just reading from a location you didn't intend, and returning a value you didn't expect :p
Use this tutorial to learn how to get the base of a module so that you can add it to your offsets :)

Good luck homie!
I did use GetLastError(), but it didn't return anything.
I think you're right, but there's still something else.
I quickly skidded the function from the tutorial, but it isn't returning a module address.

New Paste: https://pastebin.com/STe6nCVT

EDIT: Thanks for the suggestion.
 
Last edited:

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
I did use GetLastError(), but it didn't return anything.

I did use GetLastError(), but it didn't return anything.
I think you're right, but there's still something else.
I quickly skidded the function from the tutorial, but it isn't returning a module address.

New Paste: https://pastebin.com/STe6nCVT
So whats happens here is you are getting the addy of the .exe then you need to SUM it with the health addy;
Instead of
C++:
   ReadProcessMemory(pHandle,(LPCVOID*)moduleBase,&localHealth,sizeof(localHealth),NULL);
You should be doing
C++:
ReadProcessMemory(pHandle,(LPVOID)moduleBase+localHealthBase ,&localHealth,sizeof(localHealth),NULL);
About the module error, try executing your program as admin, if you don't have admin rights you can't open a handle most of the times.
 

real_fff

Newbie
Full Member
Aug 10, 2017
5
52
0
So whats happens here is you are getting the addy of the .exe then you need to SUM it with the health addy;
Instead of
-snip-

About the module error, try executing your program as admin, if you don't have admin rights you can't open a handle most of the times.
I can't sum the module base with anything if the module base does not return anything. I want to solve one issue at a time to avoid unnecessary work. I could go ahead and uncomment all of the offset code and add that, but the program still won't work because the dwGetModuleBase func isn't working and possibly neither is the RPM func. I have been running the program as an admin.
Thanks for the suggestion though.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,061
78,998
2,370
don't learn game hacking on games with anticheat

and from the almighty fleep
C++:
uintptr_t FindDMAAddy(HANDLE hProc, uintptr_t ptr, uintptr_t offsets[], unsigned int numOffsets)
{
    uintptr_t addr = ptr;
    for (unsigned int i = 0; i < numOffsets; ++i)
    {
        ReadProcessMemory(hProc, (LPCVOID)addr, &addr, sizeof(addr), 0);
        addr += offsets[i];
    }
    return addr;
}
 
Last edited:

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
We are all supposing that the game doesn't have any anti-hacking measures.
But you do know that 7 Days to Die uses EAC right? Are you even bypassing it?
If not, that's the problem, it's for sure stripping your handle.
:facepalm:
 

real_fff

Newbie
Full Member
Aug 10, 2017
5
52
0
We are all supposing that the game doesn't have any anti-hacking measures.
But you do know that 7 Days to Die uses EAC right? Are you even bypassing it?
If not, that's the problem, it's for sure stripping your handle.
Sorry, i guess I should've clarified. Yes, I have disabled EAC (not completely uninstalled but disabled through the launcher). I can do the hack with cheat engine, but I can't in C++.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,061
78,998
2,370
Sorry, i guess I should've clarified. Yes, I have disabled EAC (not completely uninstalled but disabled through the launcher). I can do the hack with cheat engine, but I can't in C++.
You can disable EAC by turning it off in the launcher?
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods