Originally Posted by
Hrap
Hi, Thanks a lot for your work!!!
But I can't read In_Game_Status = 0x3024174;
I'm probably doing something wrong, or the offset does not work
I try to read like this
Code:
bool inGame = RemouteMemory->ReadBool(0x3024174);
variable read function looks like this
Code:
template <typename Type>
inline Type& RemoteProcess::Read(DWORD_PTR adress)
{
static BYTE* bytes = new BYTE[sizeof(Type*)];
HANDLE hprocess = OpenProcess(PROCESS_VM_READ, false, WowInfo.WowPid);
if (!ReadProcessMemory(hprocess, (LPCVOID)adress, bytes, sizeof(Type*), NULL))
{
CloseHandle(hprocess);
return *reinterpret_cast<Type*>(bytes);
}
}
bool RemoteProcess::ReadBool(DWORD_PTR adress)
{
return Read<bool>(WowInfo.WowBaseAdrtess + adress);
}
I get the base address like this
Code:
DWORD_PTR RemoteProcess::GetModule(DWORD pid, char* procname)
{
HMODULE hMods[1024];
DWORD cbNeeded;
MODULEINFO minfo;
unsigned int i = 0;
HANDLE lpo = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (EnumProcessModules(lpo, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
char szModName[MAX_PATH];
if (GetModuleFileNameEx(lpo, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
if (strcmp(szModName, procname) == 0)
{
GetModuleInformation(lpo, hMods[i], &minfo, sizeof(minfo));
CloseHandle(lpo);
return (DWORD_PTR)minfo.lpBaseOfDll;
}
}
}
}
CloseHandle(lpo);
return NULL;
}
WowInfo.WowBaseAdrtess = GetModule(pInfo.th32ProcessID, procname);
it works on 3,3,5 but doesn't want to on WOTLKC(
I'm probably dumb somewhere
Can anyone help me to solve the problem?
Create x64 console app , 335a is x86 process and i think u program x86.
Scan like this
off = g_pProcess->Scan("48 8B 1D ?? ?? ?? ?? 48 85 DB 74 ?? 80 3D ?? ?? ?? ?? ?? 74 ?? 48 8D 0D ?? ?? ?? ??");
Process.h
Code:
#include <Windows.h>
#include <string>
class Process
{
public:
Process();
~Process();
bool Attach(const std::string& ExeName);
void Detach();
bool Read(DWORD64 dwAddress, LPVOID lpBuffer, DWORD64 dwSize);
bool Write(DWORD64 dwAddress, LPCVOID lpBuffer, DWORD64 dwSize);
template<typename T>
T Read(DWORD64 dwAddress, const T& tDefault = T())
{
T tRet;
if (!Read(dwAddress, &tRet, sizeof(T)))
return tDefault;
return tRet;
}
template<typename T>
bool Write(DWORD64 dwAddress, const T& tValue) { return Write(dwAddress, &tValue, sizeof(T)); }
template<typename T>
bool WriteProtected(DWORD64 dwAddress, const T& tValue)
{
DWORD_PTR oldProtect;
VirtualProtectEx(m_hProcess, (LPVOID)dwAddress, sizeof(T), PAGE_EXECUTE_READWRITE, &oldProtect);
Write(dwAddress, &tValue, sizeof(T));
VirtualProtectEx(m_hProcess, (LPVOID)dwAddress, sizeof(T), oldProtect, NULL);
return true;
}
DWORD64 Scan(const char* szSignature, int offset = 0);
private:
DWORD GetProcessIdByName(const std::string& name);
bool GetModuleInfo();
DWORD m_dwProcessId = NULL;
HANDLE m_hProcess = NULL;
DWORD64 m_dwBase = NULL;
DWORD64 m_dwSize = NULL;
};
extern Process* g_pProcess;
Process.cpp
Code:
#include "Process.h"
#include <TlHelp32.h>
#include <Psapi.h>
Process* g_pProcess = new Process();
Process::Process()
{
}
Process::~Process()
{
Detach();
}
bool Process::Attach(const std::string& ExeName)
{
Detach();
if (ExeName.empty())
{
return false;
}
m_dwProcessId = GetProcessIdByName(ExeName);
if (!m_dwProcessId)
{
HWND hWnd = FindWindowA(NULL, ExeName.c_str());
if (hWnd == NULL)
return false;
GetWindowThreadProcessId(hWnd, &m_dwProcessId);
if (!m_dwProcessId)
return false;
}
m_hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, m_dwProcessId);
if (!m_hProcess)
{
return false;
}
return GetModuleInfo();
}
void Process::Detach()
{
if (m_hProcess)
{
CloseHandle(m_hProcess);
}
m_hProcess = NULL;
m_dwProcessId = NULL;
m_dwBase = NULL;
m_dwSize = NULL;
}
bool Process::Read(DWORD_PTR dwAddress, LPVOID lpBuffer, DWORD_PTR dwSize)
{
SIZE_T Out = NULL;
return (ReadProcessMemory(m_hProcess, (LPCVOID)dwAddress, lpBuffer, dwSize, &Out) == TRUE);
}
bool Process::Write(DWORD_PTR dwAddress, LPCVOID lpBuffer, DWORD_PTR dwSize)
{
SIZE_T Out = NULL;
return (WriteProcessMemory(m_hProcess, (LPVOID)dwAddress, lpBuffer, dwSize, &Out) == TRUE);
}
DWORD Process::GetProcessIdByName(const std::string& name)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
return NULL;
}
PROCESSENTRY32 Entry = { NULL };
Entry.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnapshot, &Entry))
{
CloseHandle(hSnapshot);
return NULL;
}
do
{
if (name.compare(Entry.szExeFile) == 0)
{
CloseHandle(hSnapshot);
return Entry.th32ProcessID;
}
} while (Process32Next(hSnapshot, &Entry));
return NULL;
}
bool Process::GetModuleInfo()
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, m_dwProcessId);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
return false;
}
MODULEENTRY32 Entry = { NULL };
Entry.dwSize = sizeof(MODULEENTRY32);
if (!Module32First(hSnapshot, &Entry))
{
CloseHandle(hSnapshot);
return false;
}
do
{
char szPath[MAX_PATH] = { NULL };
GetModuleFileNameEx(m_hProcess, Entry.hModule, szPath, MAX_PATH);
size_t len = strlen(Entry.szModule);
if (Entry.szModule[len - 4] == '.' && Entry.szModule[len - 3] == 'e' && Entry.szModule[len - 2] == 'x' && Entry.szModule[len - 1] == 'e')
{
m_dwBase = (DWORD64)Entry.hModule;
m_dwSize = (DWORD64)Entry.modBaseSize;
CloseHandle(hSnapshot);
return true;
}
} while (Module32Next(hSnapshot, &Entry));
CloseHandle(hSnapshot);
return false;
}
#define inRange(x,a,b) (x >= a && x <= b)
#define getBits( x ) (inRange((x&(~0x20)),'A','F') ? ((x&(~0x20)) - 'A' + 0xa) : (inRange(x,'0','9') ? x - '0' : 0))
#define getByte( x ) (getBits(x[0]) << 4 | getBits(x[1]))
DWORD64 Process::Scan(const char* szSignature, int offset)
{
const auto startAddress = m_dwBase;
const auto modSize = m_dwSize;
const auto endAddress = startAddress + modSize;
auto pat = szSignature;
DWORD64 firstMatch = 0;
PBYTE pRemote = new BYTE[modSize];
DWORD oldProtect;
VirtualProtectEx(m_hProcess, (LPVOID)startAddress, modSize, PAGE_EXECUTE_READWRITE, &oldProtect);
if (!Read(startAddress, pRemote, modSize))
{
printf("Cant read %lld lerr %d\n", startAddress, GetLastError());
delete[] pRemote;
return NULL;
}
printf("Scan sign %s = ", szSignature);
for (DWORD64 i = 0; i < modSize; i++)
{
auto pCur = pRemote[i];
if (!*pat)
{
delete[] pRemote;
return NULL;
}
if (*(PBYTE)pat == '\?' || pCur == getByte(pat))
{
if (!firstMatch)
{
firstMatch = startAddress + i;
}
if (!pat[2])
{
delete[] pRemote;
return firstMatch;
}
if (*(PWORD)pat == '\?\?' || *(PBYTE)pat != '\?')
{
pat += 3;
}
else
{
pat += 2;
}
}
else
{
pat = szSignature;
firstMatch = 0;
}
}
delete[] pRemote;
return NULL;
}