[Ayuda] ReadProcessMemory Address Dinamico

Iniciado por .mokk., 13 Junio 2010, 03:58 AM

0 Miembros y 1 Visitante están viendo este tema.

.mokk.

Bueno ahora estoy haciendo una aplicacion que a la ves trabaje como ayuda a otro programa(Juego)

Ahora les explico un ejemplo de lo que hace:
Dentro del juego estoy y si deceo hay un campo de texto, mientras mi programa esta corriendo y leyendo lo que escriba ahi y segun lo que escrib ejecutara una serie de comandos para el juego (No no es Trainer) de ayuda o de informacion.

Bueno ahi ya es todo, pero hay algo malo que el Address donde leo es Dinamico por lo tanto cada que lo abro y ejecuto mi programa debo rellenar un campo de texto donde coloco el address ese nuevo address lo obtengo mediante el Cheat Engine, pero ahora deceo saber cual es la forma de poder abrir mi programa y automaticamente detecte esa linea empece a leer por google pero no e encontrado nada que me ayude a solucionarlo si e visto ejemplos pero solo para uso de ReadProcessMemory y nada mas, y cuando encuentro sobre e tema de cuando es dinamia el address no entiendo muy bien como es ademas de que no encontre ninguno en VB.NET, Segun usando el Puntero + los Offset obtendria el resultado pero no consigo entender muy bien como es, y cuando lo hago al final no me da el address verdadero =/

Bueno creo explicarme mas o menos si alguien pudiese ayudarme se lo agradeceria mucho ^^

Aqui les dejo una imagen de los punteros para llegar a mi Address(El Puntero que muestro nunca cambia)


En el primer Address of Pointer ya sume el BaseAddres con el Pointer ^^, el Address al que necesito llegar es el 043A4FD8

O si conocen alguna otra manera de obtener un address Dinamico diganmela porfavor ^^


Porfavor quien podria explicarmelo o darme una mejor idea porque llevo ya 3 dias en eso solo es y no lo entiendo muy bien aun jeje :$

Desde ya Gracias, por tomarte el tiempo de leerlo jeje ^^

P.D. Si se que aqui se trato una ves sobre ese tema pero fue en C++, ademas de que alfinal no mostro bien si lo soluciono o no y no respondia ahi porque fue hace 3 meses mas o menos.

43H4FH44H45H4CH49H56H45H


-R IP
:0100
-A 100 
2826:0100 MOV AH,09
2826:0102 MOV DX,109
2826:0105 INT 21
2826:0105 MOV AH,08
2826:0105 INT 21
2826:0107 INT 20
2826:0109 DB 'MI NICK ES CODELIVE.$' 
2826:0127 
-R BX
:0000
-R CX
:20
-N CODELIVE.COM
-W

.mokk.

#2
Al final lo logre jeje gracias a otro codigo bueno
Aqui dejo el codigo con el que lo solucione y con comentarios para que se entienda mejor (Puse los comentarios a como yo entendi xD)

'API ReadProcessMemory
  <DllImport("kernel32.dll", SetLastError:=True)> _
    Private Shared Function ReadProcessMemory( _
      ByVal hProcess As IntPtr, _
      ByVal lpBaseAddress As IntPtr, _
      <Out()> ByVal lpBuffer() As Byte, _
      ByVal dwSize As Integer, _
      ByRef lpNumberOfBytesRead As Integer) As Boolean
   End Function

   Private Function FindAddress(ByVal pHandle As IntPtr, ByVal BaseAddress As IntPtr, ByVal StaticPointer As IntPtr, ByVal Offsets() As IntPtr) As IntPtr
       ' Crearemos un buffer de 4 bytes para sistema de32-bit o 8 bytes sobre un sistema de 64-bit .
       Dim tmp(IntPtr.Size - 1) As Byte
       Dim Address As IntPtr = BaseAddress
       ' Checaremos para 32-bit vs 64-bit.
       If IntPtr.Size = 4 Then
           Address = New IntPtr(Address.ToInt32 + StaticPointer.ToInt32)
       Else
           Address = New IntPtr(Address.ToInt64 + StaticPointer.ToInt64)
       End If
       ' Loop de cada Offset hasta encontrar el Address
       For i As Integer = 0 To Offsets.Length - 1
           ReadProcessMemory(pHandle, Address, tmp, IntPtr.Size, 0)
           If IntPtr.Size = 4 Then
               Address = BitConverter.ToInt32(tmp, 0) + Offsets(i).ToInt32()
           Else
               Address = BitConverter.ToInt64(tmp, 0) + Offsets(i).ToInt64()
           End If
       Next
       Return Address
   End Function

   Public Function Obtener_Address()
       Dim p As Process() = Process.GetProcessesByName("Gunz")

       ' Obtendremos el Handle y el BaseAddress de nuestro proceso
       Dim pID As IntPtr = p(0).Handle
       Dim base As IntPtr = p(0).MainModule.BaseAddress
       ' Colocamos Nuestro Pointer Estatico
       Dim sptr As IntPtr = &H26C7C8
       ' Y aqui nuestro Offset segun los necesarios
       Dim offsets() As IntPtr = {&H0, &H1F8, &H8, &H84, &H0}
       Dim addr As IntPtr = FindAddress(pID, base, sptr, offsets)
       Dim f As String
       f = addr.ToString
       Return f
   End Function


Bueno ahi con ello obtendremos ya nuestro Address ^^
Y si no saben como obtener su Pointer o que Offsets colocar Aqui les dejo un Tutorial de como obtener el Pointer y sus Offset ^^

Post Original:
This is a simple bit of code to make looking up addresses from pointers really easy.

First you'll need to add the API reference for ReadProcessMemory for this to work. Here it is:

VB.NET
[code]    <DllImport("kernel32.dll", SetLastError:=True)> _
    Public Shared Function ReadProcessMemory( _
      ByVal hProcess As IntPtr, _
      ByVal lpBaseAddress As IntPtr, _
      <Out()> ByVal lpBuffer() As Byte, _
      ByVal dwSize As Integer, _
      ByRef lpNumberOfBytesRead As Integer) As Boolean
   End Function



C#
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out()] byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);



And this is the code I wrote to look up an address from a pointer and a list of offsets:

VB.NET
   Private Function FindAddress(ByVal pHandle As IntPtr, ByVal BaseAddress As IntPtr, ByVal StaticPointer As IntPtr, ByVal Offsets() As IntPtr) As IntPtr
       ' Create a buffer that is 4 bytes on a 32-bit system or 8 bytes on a 64-bit system.
       Dim tmp(IntPtr.Size - 1) As Byte
       Dim Address As IntPtr = BaseAddress
       ' We must check for 32-bit vs 64-bit.
       If IntPtr.Size = 4 Then
           Address = New IntPtr(Address.ToInt32 + StaticPointer.ToInt32)
       Else
           Address = New IntPtr(Address.ToInt64 + StaticPointer.ToInt64)
       End If
       ' Loop through each offset to find the address
       For i As Integer = 0 To Offsets.Length - 1
           ReadProcessMemory(pHandle, Address, tmp, IntPtr.Size, 0)
           If IntPtr.Size = 4 Then
               Address = BitConverter.ToInt32(tmp, 0) + Offsets(i).ToInt32()
           Else
               Address = BitConverter.ToInt64(tmp, 0) + Offsets(i).ToInt64()
           End If
       Next
       Return Address
   End Function



C#
private IntPtr FindAddress(IntPtr pHandle, IntPtr BaseAddress, IntPtr StaticPointer, IntPtr[] Offsets)
{
   // Create a buffer that is 4 bytes on a 32-bit system or 8 bytes on a 64-bit system.
   byte[] tmp = new byte[IntPtr.Size];
   IntPtr Address = BaseAddress;
   // We must check for 32-bit vs 64-bit.
   if (IntPtr.Size == 4) {
       Address = new IntPtr(Address.ToInt32 + StaticPointer.ToInt32);
   }
   else {
       Address = new IntPtr(Address.ToInt64 + StaticPointer.ToInt64);
   }
   // Loop through each offset to find the address
   for (int i = 0; i < Offsets.Length; i++) {
       ReadProcessMemory(pHandle, Address, tmp, IntPtr.Size, 0);
       if (IntPtr.Size == 4) {
           Address = BitConverter.ToInt32(tmp, 0) + Offsets(i).ToInt32();
       }
       else {
           Address = BitConverter.ToInt64(tmp, 0) + Offsets(i).ToInt64();
       }
   }
   return Address;
}





Here's how you use it:
1) Get a hande to the process. I personally use the Process class to find the process I need (Process.GetProcessesByName) and then read from the Handle property.
2) Get the base address of the process, which is usually 0x400000 (&H400000 in VB.NET). You can use Process.MainModule.BaseAddress property to get the address if you want to.
3) Create an array of offsets for each pointer. If CE's pointer scan returns 0x0062B688 + 0xC, 0x38, create an array whose values are 0xC and 0x38. The StaticPointer parameter in this case would be 0x0062B688.

Here's an example:

VB.NET

' I'm assuming p is a Process object that represents the game process.
Dim pID As IntPtr = p.Handle
Dim base As IntPtr = p.MainModule.BaseAddress
' Our static pointer...
Dim sptr as IntPtr = &H62B688
' And our offsets...
Dim offsets() As IntPtr = {&HC, &H38}
Dim addr As IntPtr = FindAddress(pID, base, sptr, offsets)



C#
// I'm assuming p is a Process object that represents the game process.
IntPtr pID = p.Handle;
IntPtr @base = p.MainModule.BaseAddress;
// Our static pointer...
IntPtr sptr = 0x62b688;
// And our offsets...
IntPtr[] offsets = { 0xc, 0x38 };
IntPtr addr = FindAddress(pID, @base, sptr, offsets);



And that's it. This method has saved me loads of time when creating trainers. [/code]
Creditos: Burningmace

Obtieniendo Pointer y Offsets:
Cita de: CodeHPro;1976357there is an easier way of find pointers but this is another way im doing this cause the game im using doesn't allow you to attach a debugger or it will crash! ok here we go first open up CE
once ce is opened click the little Computer icon

once you click it you will get a list of process id's scroll down untill you see yours sense im doing halo 2 mine will look like this

now click Open once you have your process selected then find your address's for health amo or whatever your looking for i am not showing how to find address's in this tutorial now once you find that addy  double click it so it adds it to your bottom column like this

now right click it and choose pointer scan for this address

once you click it make sure the form fields look like mine

now click OK then it will pop up with a form that will ask you for a folder where it will save your files it's good to make new folder name it whatever you want then locate the folder then make a name then click save now CE will now search for pointers this can take awhile depending on how fast your pc is once it is done you will get a window that looks like this

as you can see there are alot! of pointers that we need to get out of the way to find are real pointer you need the address to change again so restart your game or kill your self whatever resets the addy now look for the address again once you find it it should look something like

now go back to your pointerscan window and click [pointer scanner]

once you clikc it you will get a window put the addy from ce into it exactly the same like this

click OK and save the scan same as the first one but put scan 1 at the end
once you do you should get alot less pointers if you dont keep resting the addy and searching untill you get down to a couple pointers like me i have 1 left that means it is it and i found the correct pointer

PS: this isn't really the pointer for my addy if it was it would show 2 as the value i just put it there to speed up my tut

now double click it it will add it to ce once you do save it and that pointer will always point to that address and it will never change

have any questions on cheatengine or programming hacks in vb.net add me on MSN or Xfire
msn=ipivb@live.com
Xfire=codehpro

[SIZE="4"][FONT="Book Antiqua"]If this TUT helped you please press the thanks button -->>[/FONT][/SIZE]

Creditos: CodeHPro

Bueno aun asi Gracias ^^

Meta

Hola:

Viendo el ejemplo que has hecho, no consigo que me funcione en C#. Dejo aquí el ejemplo. Solo creé un Windows Form C# 2013 y ya está.

Código (csharp) [Seleccionar]
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

using System.Runtime.InteropServices; // No olovidar este using.

namespace AAA_cs
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out()] byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

        private IntPtr FindAddress(IntPtr pHandle, IntPtr BaseAddress, IntPtr StaticPointer, IntPtr[] Offsets)
        {
            // Create a buffer that is 4 bytes on a 32-bit system or 8 bytes on a 64-bit system.
            byte[] tmp = new byte[IntPtr.Size];
            IntPtr Address = BaseAddress;
            // We must check for 32-bit vs 64-bit.
            if (IntPtr.Size == 4)
            {
                Address = new IntPtr(Address.ToInt32 + StaticPointer.ToInt32);
            }
            else
            {
                Address = new IntPtr(Address.ToInt64 + StaticPointer.ToInt64);
            }
            // Loop through each offset to find the address
            for (int i = 0; i < Offsets.Length; i++)
            {
                ReadProcessMemory(pHandle, Address, tmp, IntPtr.Size, 0);
                if (IntPtr.Size == 4)
                {
                    Address = BitConverter.ToInt32(tmp, 0) + Offsets(i).ToInt32();
                }
                else
                {
                    Address = BitConverter.ToInt64(tmp, 0) + Offsets(i).ToInt64();
                }
            }
            return Address;
        }


        // I'm assuming p is a Process object that represents the game process.
        IntPtr pID = p.Handle;
        IntPtr @base = p.MainModule.BaseAddress;
        // Our static pointer...
        IntPtr sptr = 0x62b688;
        // And our offsets...
        IntPtr[] offsets = { 0xc, 0x38 };
        IntPtr addr = FindAddress(pID, @base, sptr, offsets);


    }
}


Saludo.
Tutoriales Electrónica y PIC: http://electronica-pic.blogspot.com/

Eleкtro

#4
@Meta

No creo que vayas a recibir una respuesta por parte del usuario que publicó el código:
CitarÚltima vez activo:    28 Septiembre 2011, 15:44

Además está prohibido revivir posts antiguos, porfavor fíjate en los detalles antes de responder a un tema.

Cierro el tema.

Saludos!