Solved Trainer + GUI not finding PROC ID

Hexui Undetected CSGO Cheats PUBG Accounts

LsDevs

Dank Tier Donator
Full Member
Mar 12, 2020
18
338
0
Game Name
Assault Cube
Anticheat
N/A
Tutorial Link
N/A
How long you been coding/hacking?
2 Years coding, some weeks GH
Coding Language
C++
Hi everyone,

I try to implement the Assault Cube External Trainer with a GUI (I use wxWidgets).
I build wxWIdgets to support Unicode .
(I work on Ubuntu and cross compile for Windows)

Here's my code :
App Declaration:
class App : public wxApp {

    virtual bool OnInit() wxOVERRIDE;

};

wxDECLARE_APP(App);
main.cpp:
wxIMPLEMENT_APP(App);

bool App::OnInit() {

    MainFrame *test = new MainFrame("Assault");
    test->Show(true);

    return true;

};
MainFrame (containing Button):
enum {
    ID_BTN = 1
};


MainFrame::MainFrame(const wxString &title)
    : wxFrame(nullptr, wxID_ANY, title, wxDefaultPosition, wxSize(200,200)) {

    btn = new wxButton(this, ID_BTN, "1337");

    Connect(ID_BTN, wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler(MainFrame::OnButtonClick));

}

void MainFrame::OnButtonClick(wxCommandEvent &) {

    DWORD procID = GetProcId(L"ac_client.exe");

    uintptr_t modularBase = GetModuleBaseAddress(procID, L"ac_client.exe");

    HANDLE hProcess = 0;
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);

    if (!hProcess) {
        wxMessageBox("NO PROCESS");
    }

    uintptr_t dynamicPtrBaseAddr = modularBase + 0x10f4f4;

    uintptr_t ammoAddr = FindDMAAddy(hProcess, dynamicPtrBaseAddr, {0x374, 0x14, 0x0});

    int ammoValue{0};
    ReadProcessMemory(hProcess, (BYTE *) ammoAddr, &ammoValue, sizeof(ammoValue), nullptr);

    int newAmmo{1337};
    WriteProcessMemory(hProcess, (BYTE *) ammoAddr, &newAmmo, sizeof(newAmmo), nullptr);

    ReadProcessMemory(hProcess, (BYTE *) ammoAddr, &ammoValue, sizeof(ammoValue), nullptr);

}
How I compile :
Bash:
i686-w64-mingw32-g++ *.cpp $(wx-config-win_x86 --cxxflags --libs --unicode) -static -lgcc -lstdc++

$(wx-config-win_x86 --cxxflags --libs --unicode)  mean :
-I/home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/wx/include/i686-w64-mingw32-msw-unicode-static-3.1 -I/home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/include -D_FILE_OFFSET_BITS=64 -DwxDEBUG_LEVEL=0 -D__WXMSW__ -mthreads
-L/home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib   -Wl,--subsystem,windows -mwindows /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_mswu_xrc-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_mswu_qa-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_baseu_net-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_mswu_html-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_mswu_core-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_baseu_xml-3.1-i686-w64-mingw32.a /home/ubuntu/Dev/C++/Libraries/wxWidgets/wxWidgets-3.1.3_x86/build_win/lib/libwx_baseu-3.1-i686-w64-mingw32.a -lwxtiff-3.1-i686-w64-mingw32 -lwxjpeg-3.1-i686-w64-mingw32 -lwxpng-3.1-i686-w64-mingw32 -lwxregexu-3.1-i686-w64-mingw32 -lwxscintilla-3.1-i686-w64-mingw32 -lwxexpat-3.1-i686-w64-mingw32 -lwxzlib-3.1-i686-w64-mingw32 -lrpcrt4 -loleaut32 -lole32 -luuid -luxtheme -lwinspool -lwinmm -lshell32 -lshlwapi -lcomctl32 -lcomdlg32 -ladvapi32 -lversion -lwsock32 -lgdi32 -loleacc
So, when I click my Button, it don't find the process , it output a MessageBox with "NO PROCESS". (Maybe don't find the procID too)
I think it's probably something like encoding but I'm not sure.
Is anyone familiar with wxWIdgets and can help me with this?

Edit : Could it be related to -D_FILE_OFFSET_BITS=64 ?
 

Broihon

Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,799
41,598
324
Is your project set to unicode? If not this line won't work since szExeFile isn't unicode. Casting it like this won't work.
C++:
_wcsicmp((wchar_t *) procEntry.szExeFile, procName))
Either set it to unicode or use these versions of the functions/structures and remove the cast.
Alternively use PROCESSENTRY32W and Process32FirstW/Process32NextW.
 
  • Like
  • Love
Reactions: XdarionX and LsDevs

XdarionX

Dying Light Hacker
Dank Tier VIP
Trump Tier Donator
Dank Tier Donator
Mar 30, 2018
896
24,908
118
Hi, thanks for helping.
As it's not easy for me to print out the procID using wxWidgets (can't use both console and GUI)
I decided to write the procID to a file like this :
C++:
    DWORD procID = GetProcId(L"ac_client.exe");
    wxTextFile file("test.txt");
    file.Create();
    file.Open();
    file.AddLine(wxString::Format("%i", proID));
    file.Close();
The procID is always null (nothing is write to the file)

As you requested :

GetProdId:
DWORD GetProcId(const wchar_t *procName) {
    DWORD procID = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hSnap != INVALID_HANDLE_VALUE) {

        PROCESSENTRY32 procEntry;

        procEntry.dwSize = sizeof(procEntry);
      
        if (Process32First(hSnap, &procEntry)) {

            do {
              
                if (!_wcsicmp((wchar_t *) procEntry.szExeFile, procName)) {
                    procID = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));

        }
    }
    CloseHandle(hSnap);
    return procID;
}
GetModuleBaseAddress:
uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t *modName) {

    uintptr_t modBaseAddr = 0;

    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);

    if (hSnap != INVALID_HANDLE_VALUE) {

        MODULEENTRY32 modEntry;

        modEntry.dwSize = sizeof(modEntry);

        if (Module32First(hSnap, &modEntry)) {
            do {
          
                if (!_wcsicmp((wchar_t *) (modEntry.szModule), modName)) {
                    modBaseAddr = (uint64_t) modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}
thats weird because both funcs are ok (i have just tested them), are you sure that writing to that file works ? (eg check permissions) can you log to file all procEntry.th32ProcessID that it loops through ? also check return value of Process32First and Process32Next, if hSnap == INVALID_HANDLE_VALUE can you log getlasterror ?
 
  • Like
Reactions: LsDevs

Broihon

Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,799
41,598
324
Hey thanks a lot. It work using W functions and removing the cast but I don't really understand what it does, could you explain a little maybe ?
Thanks you so much.
To put it simply there are 2 versions of all APIs that do stuff with strings. One ending with A and one ending with W.
The ones ending with A (eg. MessageBoxA) deal with multi byte strings (A for ANSI I guess). The ones ending with W (eg. MessageBoxW) deal with unicode strings (W for wide char I guess).
Depending on your project settings in this example MessageBox is either defined as MessageBoxA or MessageBoxW. If your project is set to unicode but you want to use the ansi version of a function you have specify the ansi function. In your case your project was set to ansi/multibyte. By default all the Process32XXX functions and structures are defined by the ansi versions. Thus if you want to use the unicode variants you have to explicitly tell the compiler to use that function - in this case Process32NextW/Process32FirstW since Process32First/Next already were defined as Process32FirstA and Process32NextA. Same goes for the PROCESSENTRY32 structure.

The main difference between ansi and unicode in this case is that each character in ansi is 1 byte in size and in unicode it's 2 bytes. But there are better and more in depth explantions on the different character sets on the internet.
 
  • Like
Reactions: LsDevs

LsDevs

Dank Tier Donator
Full Member
Mar 12, 2020
18
338
0
print out procID, can you show bodies of: GetProcId and GetModuleBaseAddress ?
Hi, thanks for helping.
As it's not easy for me to print out the procID using wxWidgets (can't use both console and GUI)
I decided to write the procID to a file like this :
C++:
    DWORD procID = GetProcId(L"ac_client.exe");
    wxTextFile file("test.txt");
    file.Create();
    file.Open();
    file.AddLine(wxString::Format("%d", procID));
    file.Close();
The procID is always null (nothing is write to the file)
I also tried with a stringstream to be sure cause I'm not pretty comfortable with wxWidgets yet.
C++:
 std::ostringstream stream;
    stream << procID;
    std::string proc = stream.str();
    file.Create();
    file.Open();
    file.AddLine(proc);
    file.Close();
As you requested :

GetProdId:
DWORD GetProcId(const wchar_t *procName) {
    DWORD procID = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hSnap != INVALID_HANDLE_VALUE) {

        PROCESSENTRY32 procEntry;

        procEntry.dwSize = sizeof(procEntry);
   
        if (Process32First(hSnap, &procEntry)) {

            do {
           
                if (!_wcsicmp((wchar_t *) procEntry.szExeFile, procName)) {
                    procID = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));

        }
    }
    CloseHandle(hSnap);
    return procID;
}
GetModuleBaseAddress:
uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t *modName) {

    uintptr_t modBaseAddr = 0;

    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);

    if (hSnap != INVALID_HANDLE_VALUE) {

        MODULEENTRY32 modEntry;

        modEntry.dwSize = sizeof(modEntry);

        if (Module32First(hSnap, &modEntry)) {
            do {
       
                if (!_wcsicmp((wchar_t *) (modEntry.szModule), modName)) {
                    modBaseAddr = (uint64_t) modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}
 
Last edited:

LsDevs

Dank Tier Donator
Full Member
Mar 12, 2020
18
338
0
thats weird because both funcs are ok (i have just tested them), are you sure that writing to that file works ? (eg check permissions) can you log to file all procEntry.th32ProcessID that it loops through ? also check return value of Process32First and Process32Next, if hSnap == INVALID_HANDLE_VALUE can you log getlasterror ?
Please just hit me hard in the head ! I forgot to save the lines I add to the file. Sure it certainly not going to work like that.
So now I have a lot of ouput in the file and I see PROCID = 0. (At the end of the file)
I can scan all the th32processID and here is the output of the file :
Bash:
=========TH32PROCESSID========
0
0
4
0
4
104
0
4
104
632
0
4
104
632
856
0
4
104
632
856
968
0
4
104
632
856
968
976
0
4
104
632
856
968
976
68
0
4
104
632
856
968
976
68
664
0
4
104
632
856
968
976
68
664
640
0
4
104
632
856
968
976
68
664
640
1084
0
4
104
632
856
968
976
68
664
640
1084
1116
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
2804
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
2804
2824
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
2804
2824
2832
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
2804
2824
2832
2964
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
2288
2308
2424
2532
2548
2580
2596
2628
2700
2772
2804
2824
2832
2964
2976
0
4
104
632
856
968
976
68
664
640
1084
1116
1136
1156
1212
1300
1356
1432
1528
1536
1644
1652
1740
1776
1788
1820
1852
1936
1984
2012
2052
2136
2168
2268
etc...

=========TH32PROCESSID========
=========PROCID========
0
=========PROCID========
How I modified the code :
GetProcId:
DWORD GetProcId(const wchar_t *procName) {

    DWORD procID = 0;

    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hSnap != INVALID_HANDLE_VALUE) {

        PROCESSENTRY32 procEntry;
        procEntry.dwSize = sizeof(procEntry);

        wxTextFile file("test.txt");
        file.Create();
        file.Open();
        std::stringstream stream;
        file.AddLine(_T("=========TH32PROCESSID========"));
        if (Process32First(hSnap, &procEntry)) {


            do {

                stream << procEntry.th32ProcessID;
                file.AddLine(stream.str());
                stream << '\n';

                if (!_wcsicmp((wchar_t *) procEntry.szExeFile, procName)) {
                    procID = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));
            file.AddLine(_T("=========TH32PROCESSID========"));
            file.Write();
            file.Close();
        }
    } else {
        wxTextFile fileE("error.txt");
        fileE.Create();
        fileE.Open();
        fileE.AddLine("Something wrong with hSnap ?");
        fileE.Write();
        fileE.Close();
    }
    CloseHandle(hSnap);

    return procID;
}
Main:
DWORD procID = GetProcId(L"ac_client.exe");
    std::stringstream stream;
    stream << procID;
    wxTextFile file("test.txt");
    file.Open();
    file.AddLine(_T("=========PROCID========"));
    file.AddLine(stream.str());
    file.AddLine(_T("=========PROCID========"));
    file.Write();
    file.Close();
 

LsDevs

Dank Tier Donator
Full Member
Mar 12, 2020
18
338
0
Is your project set to unicode? If not this line won't work since szExeFile isn't unicode. Casting it like this won't work.
C++:
_wcsicmp((wchar_t *) procEntry.szExeFile, procName))
Either set it to unicode or use these versions of the functions/structures and remove the cast.
Alternively use PROCESSENTRY32W and Process32FirstW/Process32NextW.
Hey thanks a lot. It work using W functions and removing the cast but I don't really understand what it does, could you explain a little maybe ?
Thanks you so much.
 

LsDevs

Dank Tier Donator
Full Member
Mar 12, 2020
18
338
0
To put it simply there are 2 versions of all APIs that do stuff with strings. One ending with A and one ending with W.
The ones ending with A (eg. MessageBoxA) deal with multi byte strings (A for ANSI I guess). The ones ending with W (eg. MessageBoxW) deal with unicode strings (W for wide char I guess).
Depending on your project settings in this example MessageBox is either defined as MessageBoxA or MessageBoxW. If your project is set to unicode but you want to use the ansi version of a function you have specify the ansi function. In your case your project was set to ansi/multibyte. By default all the Process32XXX functions and structures are defined by the ansi versions. Thus if you want to use the unicode variants you have to explicitly tell the compiler to use that function - in this case Process32NextW/Process32FirstW since Process32First/Next already were defined as Process32FirstA and Process32NextA. Same goes for the PROCESSENTRY32 structure.

The main difference between ansi and unicode in this case is that each character in ansi is 1 byte in size and in unicode it's 2 bytes. But there are better and more in depth explantions on the different character sets on the internet.
Thanks, I appreciate the explanations. it help a lot.
 
Community Mods