Solved Writing to Memory, FLT Trainer

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat
Status
Not open for further replies.

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Hello Guys,

So i posted earlier about getting the base address of the game, and I've got that working perfectly. I've now been working to add the cheats in, I had scrap working when testing earlier, that and ammo are now perfect. But when when I add hull, it sets hull to 0 all the time instead of the 30 being written in the bot.

My question is how do I now go about making the hull stay at 30? Clearly I'm doing something wrong...

Does anyone who has already made an infinite hull cheat have any insight?

So far I have tried writing a int, and a long, neither appear to work when set to 30, or 10. Yet at the same address, I can quite comfortably write any number using cheat engine and it will work no problem. My code so far is:

The Pointer I am using is: [[[[["FTLGame.exe"+0x002EA6E4] + 0x690] + 0x7ac] + 0x578] + 0x12c]

Cheat Method:
C#:
        public bool         healthEnabled       = false;
        public int          healthBase          = 0x002EA6E4;
        public int[]        healthOffsets       = new int[] { 0x690, 0x7ac, 0x578, 0x12c };
        public int          healthToWrite       = 10;

private void HealthCheat()
        {
            // Just read the value to begin with.
            int bRead;
            int bWritten;
            byte[] value = Memory.ReadPointer(gameProcess, healthBase, healthOffsets, 4, out bRead);
            int curValue = BitConverter.ToInt32(value, 0);

            Console.WriteLine("Current Health Value: " + curValue.ToString());

            // Now lets write to the address.
            if (curValue != healthToWrite)
            {
                if (!Memory.WritePointer(gameProcess, healthBase, healthOffsets, healthToWrite, out bWritten))
                {
                    Console.WriteLine("Something went wrong....");
                }
            }
        }

WritePointer Method:
C#:
public static bool WritePointer(Process process, int baseAddress, int[] offsets, long value, out int bytesWritten)
        {
            int bWritten = 0;
            int bRead = 0;

            int tempAddress = 0;
            byte[] tempval = ReadMemory(process, process.MainModule.BaseAddress.ToInt32() + baseAddress, 4, out bRead);
            tempAddress = BitConverter.ToInt32(tempval, 0);

            for (int i = 0; i < offsets.Length-1; i++)
            {
                tempval = ReadMemory(process, tempAddress + offsets[i], 4, out bRead);
                tempAddress = BitConverter.ToInt32(tempval, 0);
            }

            bool retValue = WriteMemory(process, tempAddress + offsets[offsets.Length - 1], value, out bWritten);
            bytesWritten = bWritten;

            return retValue;
        }

WriteMemory Method:
C#:
public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)
        {
            IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            byte[] val = BitConverter.GetBytes(value);

            bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32)val.LongLength, out bytesWritten);

            CloseHandle(hProc);

            return worked;
        }

ReadPointer Method:
C#:
public static byte[] ReadPointer(Process process, int baseAddress, int[] offsets, int numOfBytes, out int bytesRead)
        {
            int bRead = 0;

            int tempAddress = 0;
            byte[] value = ReadMemory(process, process.MainModule.BaseAddress.ToInt32() + baseAddress, numOfBytes, out bRead);
            tempAddress = BitConverter.ToInt32(value, 0);

            for (int i = 0; i < offsets.Length; i++)
            {
                value = ReadMemory(process, tempAddress + offsets[i], numOfBytes, out bRead);
                tempAddress = BitConverter.ToInt32(value, 0);
            }

            bytesRead = bRead;
            return value;
        }
ReadMemory Method:
C#:
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
        {
            IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            byte[] buffer = new byte[numOfBytes];

            ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
            return buffer;
        }
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
Best Answer Necro:

We have three important tutorials that cover the basics of all C# hacking which will help you.
https://guidedhacking.com/threads/c-game-hacking-guide-start-here.12701/
https://guidedhacking.com/threads/c-multilevel-pointer-function-c-version-of-finddmaaddy.11874/
https://guidedhacking.com/threads/c-get-module-base-address-c-getmodulebaseaddress-function.11887/

I recommend using IntPtr for pointers. I also recommend using FindDMAAddy to get the addresses, and then calling RPM/WPM on that address, rather than combing all the functionality into one function which makes it a bit confusing

Here is some example code for using FindDMAAddy in C#:

C++:
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace RakeCSharp
{
internal class RakeCSMem
{
[DllImport("kernel32.dll")]

private static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);

[DllImport("kernel32.dll", SetLastError = true)]

private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);

public static IntPtr FindDMAAddy(IntPtr hProc, IntPtr ptr, int[] offsets)
{
var buffer = new byte[IntPtr.Size];

foreach (int i in offsets)
{
ReadProcessMemory(hProc, ptr, buffer, buffer.Length, out var read);
ptr = (IntPtr.Size == 4)

? IntPtr.Add(new IntPtr(BitConverter.ToInt32(buffer, 0)), i)

: ptr = IntPtr.Add(new IntPtr(BitConverter.ToInt64(buffer, 0)), i);
}
return ptr;
}

private static void Main(string[] args)
{
Process process;

process = Process.GetProcessesByName("ac_client")[0];

var hProc = OpenProcess(0x001F0FFF, false, process.Id);

var addr = FindDMAAddy(hProc, (IntPtr)0x50f4f4, new int[] { 0x374, 0x14, 0 });

Console.WriteLine("0x" + addr.ToString("X"));
}
}
}
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Just add some lines printing out your health, your pointer etc. as well..
Does the current health value print out show the right value?

Also post your ReadMemory here, as you might have forgotten to add the baseaddress there....
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Adding them now till0sch97

I did run my tests for reading current health etc, and they did read the correct value.
Here they are:

ReadPointer Method:
C#:
public static byte[] ReadPointer(Process process, int baseAddress, int[] offsets, int numOfBytes, out int bytesRead)
        {
            int bRead = 0;

            int tempAddress = 0;
            byte[] value = ReadMemory(process, process.MainModule.BaseAddress.ToInt32() + baseAddress, numOfBytes, out bRead);
            tempAddress = BitConverter.ToInt32(value, 0);

            for (int i = 0; i < offsets.Length; i++)
            {
                value = ReadMemory(process, tempAddress + offsets[i], numOfBytes, out bRead);
                tempAddress = BitConverter.ToInt32(value, 0);
            }

            bytesRead = bRead;
            return value;
        }
ReadMemory Method:
C#:
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
        {
            IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            byte[] buffer = new byte[numOfBytes];

            ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
            return buffer;
        }
I don't think there is a problem with the read side as its working properly, also these are the same methods I am using for the scrap, missiles, and fuel, but those are all working perfectly without any problems.
 
Last edited:

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Ok, So I really don't know whats wrong.

I found the player's crew array, and managed to find out how to loop through them, and set their health too. It seems that whenever I write to either a crew members health address, or to the ships health address. It fails, it simply sets it to 0 instead. I must be writing my values in correctly but I can't see why.

Here is my code to write the crew members health:

C#:
public bool         crewEnabled                 = false;
        
        public int          numCrewBase                 = 0x00121414;
        public int[]        numCrewOffsets              = new int[] { 0x0 };

        public int          crewArrayBase               = 0x0039D208;
        public int[]        crewArrayOffsets            = new int[] { 0x394, 0x220 };

        public int          crewArrayStartAddress       = 0x24c;
        public int          crewArrayElementOffset      = 0x4;

        public int[]        crewHealthOffset            = new int[] { 0x20, 0x2c };


private void CrewCheat()
        {
            // Just read the value to begin with.
            int bRead;
            int bWritten;
            byte[] value = Memory.ReadPointer(gameProcess, numCrewBase, numCrewOffsets, 4, out bRead);
            int numberOfCrew = BitConverter.ToInt32(value, 0);

            for (int i = 0; i < numberOfCrew; i++)
            {
                int bRead2;
                int arrayBase = BitConverter.ToInt32( Memory.ReadPointer(gameProcess, crewArrayBase, crewArrayOffsets, 4, out bRead2), 0 );

                // Create Offset List
                List<int> trueOffsets = new List<int>();
                
                for (int j = 0; j < crewArrayOffsets.Length; j++)
                {
                    trueOffsets.Add(crewArrayOffsets[j]);
                }

                trueOffsets.Add(crewArrayStartAddress + crewArrayElementOffset * i);    // Array Index Changing.

                for (int k = 0; k < crewHealthOffset.Length; k++)
                {
                    trueOffsets.Add(crewHealthOffset[k]);
                }

                // Now Read the Address.
                float crewHealth = BitConverter.ToSingle(Memory.ReadPointer(gameProcess, crewArrayBase, trueOffsets.ToArray(), 4, out bRead2), 0);


                if (crewHealth != 100f) // if health is not full.
                {
                    // Write Full health.
                    bool worked = Memory.WritePointer(gameProcess, crewArrayBase, trueOffsets.ToArray(), 100, out bWritten);
                }
            }
        }
it seems to write them perfectly, but refuses to write them correctly.... What is wrong with this????

What I don't understand more is that, I use exactly the same methods, to write scrap, fuel, and missiles, and all 3 of those work perfectly without any problems....
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
In this case the issue was caused by the fact that I was writing my values in as long's. FTL didn't like that too much so didn't do what I wanted.

I modified my Write Memory Methods to write byte[] and then modified the cheat methods to pass byte[]'s to the Write Memory Methods in order to get it working. After I did that and tested, it now works perfectly.

The Corrected Write Memory Methods are:

WritePointer Method:
C#:
public static bool WritePointer(Process process, int baseAddress, int[] offsets, byte[] value, out int bytesWritten)
        {
            int bWritten = 0;
            int bRead = 0;

            int tempAddress = 0;
            byte[] tempval = ReadMemory(process, process.MainModule.BaseAddress.ToInt32() + baseAddress, 4, out bRead);
            tempAddress = BitConverter.ToInt32(tempval, 0);

            for (int i = 0; i < offsets.Length-1; i++)
            {
                tempval = ReadMemory(process, tempAddress + offsets[i], 4, out bRead);
                tempAddress = BitConverter.ToInt32(tempval, 0);
            }

            bool retValue = WriteMemory(process, tempAddress + offsets[offsets.Length - 1], value, out bWritten);
            bytesWritten = bWritten;

            return retValue;
        }
WriteMemory Method:
C#:
public static bool WriteMemory(Process process, int address, byte[] value, out int bytesWritten)
        {
            IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            bool worked = WriteProcessMemory(hProc, new IntPtr(address), value, (uint)value.LongLength, out bytesWritten);

            CloseHandle(hProc);

            return worked;
        }
 
Last edited by a moderator:
Status
Not open for further replies.
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods