EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 203 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: posta59

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Anahtar-kelime

Kimler hatta?
Toplam 5 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 5 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

C# read memory from pointer + CE

Önceki başlık Sonraki başlık Aşağa gitmek

C# read memory from pointer + CE

Mesaj tarafından EMO Bir Perş. Haz. 02, 2011 8:58 am

Hello guys, I have question regarding reading
from pointer in C#. I scanned for pointers in Lineage2 game(l2.bin)and I
got about 2 bilions of pointers. Some of them look like "L2.bin +
0x302444 Offset 0: 0x32 Offset 1: 0x48 Offset 2: 0x4A Offset 3: 0x5F".
And now comes the question: How do I use that pointer? I have read FAQ:
How to use a pointer; does it mean that I have to read memory at
0x302444 then add to the value Offset 0 then add to that value Offset 1
etc till offset 3 ? Do I have to add offset to memory address or to the
value that is read from memory address ? Could anyone help me through
skype ? If yes, contact with me: immonsi . Thanks.



Code:
public int ReadMemory()

{

ProcessMemoryReader pReader = new ProcessMemoryReader();



System.Diagnostics.Process[] myProcesses = System.Diagnostics.Process.GetProcessesByName("l2.bin");



if (myProcesses.Length == 0)

{

MessageBox.Show("No L2 process found!");

return 0;

}

pReader.ReadProcess = myProcesses[0];



pReader.OpenProcess();





int byteswritten;

int bytesread;

int value;

int value1;

int value2;

int value3;

int value4;

int pointerbase;

byte[] memory;

memory = pReader.ReadProcessMemory((IntPtr)0x0008EAD0, 4, out bytesread);

pointerbase = BitConverter.ToInt32(memory, 0);

pointerbase += 0x5BC;

memory = pReader.ReadProcessMemory((IntPtr)pointerbase, 4, out bytesread);

value = BitConverter.ToInt32(memory, 0);

value += 0x160;

memory = pReader.ReadProcessMemory((IntPtr)value, 4, out bytesread);

value1 = BitConverter.ToInt32(memory, 0);

value1 += 0x140;

memory = pReader.ReadProcessMemory((IntPtr)value1, 4, out bytesread);

value2 = BitConverter.ToInt32(memory, 0);

value2 += 0x30;

memory = pReader.ReadProcessMemory((IntPtr)value2, 4, out bytesread);

value3 = BitConverter.ToInt32(memory, 0);

value3 += 0x240;

memory = pReader.ReadProcessMemory((IntPtr)value3, 4, out bytesread);

value4 = BitConverter.ToInt32(memory, 0);



int bytesReaded;

int CurrentCP;

byte[] pamiec;

int CPaddress = 0x24D21440; //should be that address but value4 == 0



pamiec = pReader.ReadProcessMemory((IntPtr)value4, 4, out bytesReaded);

CurrentCP = pamiec[0] + (pamiec[1] << Cool;



pReader.CloseHandle();



return CurrentCP;

}


Value4 should be same as "CPaddress" but it is 0..


***********************************************************************


Immons wrote:
I have to read memory at 0x302444.



No...



All you have to do is read the result of the sum of the value of the module address (L2.bin) + 0x302444.



At this point you're wondering how to get that address, it is simple,
use the class "Process" to do so, declare a variable of type "Process[]"
and add to this the value of the name of your process, then you can get
hence the address we need to add.



Here's an example:



Code:
using System.Diagnostics;



internal static IntPtr GetBaseAddress(string ProcessName)

{

try

{

Process[] L2Process = Process.GetProcessesByName(ProcessName);

return L2Process[0].MainModule.BaseAddress;

}

catch { return IntPtr.Zero; }

}



After that result, add the offset 1, and reads its value again, and repeat until finish.



Hope this helps.






****************************************************************************

So I tested what you wrote and here comes what I got:



-Using CE I tested pointers:



img577[dot]imageshack[dot]us/img577/4175/pointertest[dot]jpg



It worked fine, pointed to good address. But now I post my tests in C# code:



Code:
internal static IntPtr GetBaseAddress(string ProcessName)

{

try

{

Process[] L2Process = Process.GetProcessesByName(ProcessName);

return L2Process[0].MainModule.BaseAddress;

}

catch { return IntPtr.Zero; }

}



public int ReadMemory()

{

ProcessMemoryReader pReader = new ProcessMemoryReader();



System.Diagnostics.Process[] myProcesses = System.Diagnostics.Process.GetProcessesByName("l2.bin");



if (myProcesses.Length == 0)

{

MessageBox.Show("No L2 process found!");

return 0;

}

pReader.ReadProcess = myProcesses[0];



pReader.OpenProcess();





int byteswritten;



int bytesread;

int value;

int value1;

int value2;

int value3;

int value4;

IntPtr baseadress = GetBaseAddress("l2.bin");

int test = baseadress.ToInt32();

int test2 = test + 0x001926D0;

int pointerbase;

byte[] memory;

memory = pReader.ReadProcessMemory((IntPtr)test2, 4, out bytesread);

MessageBox.Show(Convert.ToString(memory[0]));

pointerbase = BitConverter.ToInt32(memory, 0);

pointerbase += 0x7AC;

memory = pReader.ReadProcessMemory((IntPtr)pointerbase, 4, out bytesread);

value = BitConverter.ToInt32(memory, 0);

value += 0x300;

memory = pReader.ReadProcessMemory((IntPtr)value, 4, out bytesread);

value1 = BitConverter.ToInt32(memory, 0);

value1 += 0x460;

memory = pReader.ReadProcessMemory((IntPtr)value1, 4, out bytesread);

value2 = BitConverter.ToInt32(memory, 0);

value2 += 0x12C;

memory = pReader.ReadProcessMemory((IntPtr)value2, 4, out bytesread);

value3 = BitConverter.ToInt32(memory, 0);

value3 += 0x1E0;

memory = pReader.ReadProcessMemory((IntPtr)value3, 4, out bytesread);

value4 = BitConverter.ToInt32(memory, 0);



int bytesReaded;

int CurrentCP;

byte[] pamiec;

int CPaddress = 0x1FECAD40; //should be that address but value4 == 0



pamiec = pReader.ReadProcessMemory((IntPtr)value4, 4, out bytesReaded);

CurrentCP = pamiec[0] + (pamiec[1] << Cool;



pReader.CloseHandle();



return CurrentCP;

}




Following that:



-Baseaddress returned: 0x10900000

-variable test = 277872640

-variable test2 = 279520976



but:

Code:
memory = pReader.ReadProcessMemory((IntPtr)test2, 4, out bytesread);

MessageBox.Show(Convert.ToString(memory[0]));

memory[0] = 0 ! while it should have return DEC - 874810112 | HEX - 34248B00



Looking for help, please.



Btw there was a guy named Pingo, I had to contact you by MSN but you are offline whole time.



@edit



Got it to work ! The fair code should be:

Code:
public int ReadMemory()

{

ProcessMemoryReader pReader = new ProcessMemoryReader();



System.Diagnostics.Process[] myProcesses = System.Diagnostics.Process.GetProcessesByName("l2.bin");



if (myProcesses.Length == 0)

{

MessageBox.Show("No L2 process found!");

return 0;

}

pReader.ReadProcess = myProcesses[0];



pReader.OpenProcess();





int byteswritten;



int bytesread;

int value;

int value1;

int value2;

int value3;

IntPtr baseadress = GetBaseAddress("l2.bin");

int test = baseadress.ToInt32();

int test2 = test + 0x001926D0;

int test3 = test2 + 0x7AC;

int pointerbase;

byte[] memory;

memory = pReader.ReadProcessMemory((IntPtr)test2, 4, out bytesread);

pointerbase = BitConverter.ToInt32(memory, 0);

pointerbase += 0x7AC;

memory = pReader.ReadProcessMemory((IntPtr)pointerbase, 4, out bytesread);

value = BitConverter.ToInt32(memory, 0);

value += 0x300;

memory = pReader.ReadProcessMemory((IntPtr)value, 4, out bytesread);

value1 = BitConverter.ToInt32(memory, 0);

value1 += 0x460;

memory = pReader.ReadProcessMemory((IntPtr)value1, 4, out bytesread);

value2 = BitConverter.ToInt32(memory, 0);

value2 += 0x12C;

memory = pReader.ReadProcessMemory((IntPtr)value2, 4, out bytesread);

value3 = BitConverter.ToInt32(memory, 0);

value3 += 0x1E0;





int bytesReaded;

int CurrentCP;

byte[] pamiec;

int CPaddress = 0x1FECAD40;



pamiec = pReader.ReadProcessMemory((IntPtr)value3, 4, out bytesReaded);

CurrentCP = pamiec[0] + (pamiec[1] << Cool;



pReader.CloseHandle();



return CurrentCP;

}




**************************************************************************






Immons wrote:
Another
question comes. I see that many pointers change after application
restart, but some stay the same. Those which stay are in process
"Engine.dll" but when I try to get baseaddress of engine.dll it returns
0. Can I use "Engine.dll" to read memory of application ?



Hmmm, i hope you code are solved, the way for get the baseaddress of "Engine.dll" module is the next:



Code:
internal static IntPtr GetModuleBaseAddress(string AppName, string ModuleName)

{

IntPtr BaseAddress = IntPtr.Zero;

Process[] myProcess = null;

ProcessModule myProcessModule = null;



myProcess = Process.GetProcessesByName(AppName);



if (myProcess.Length > 0)

{

ProcessModuleCollection myProcessModuleCollection;



try

{

myProcessModuleCollection = myProcess[0].Modules;

}

catch { return IntPtr.Zero; /*Maybe would be ok show the exception after/instead return*/ }



for (int i = 0; i < myProcessModuleCollection.Count; i++)

{

myProcessModule = myProcessModuleCollection[i];

if (myProcessModule.ModuleName.Contains(ModuleName))

{

BaseAddress = myProcessModule.BaseAddress;

break;

}

}

}



return BaseAddress;

}



I don't know how hell the code works for you when you're looking for a process with this parameter:



Code:
IntPtr baseadress = GetBaseAddress("l2.bin");



Might be wrong, because the "Process class" just needs the process name WITHOUT extension.



Anyway, I hope I've helped.



PS: For get a specific module base address you just need yo set the next parameters:



Code:
IntPtr baseadress = GetModuleBaseAddress("L2", "Engine.dll");



Where "Engine.dll" is the specific module to find, and "L2" the process name.



Gruß.







**********************************************************




darkjohn20 wrote:
Here
is my Memory Library with full source code included. I will be updating
it soon but it should have everything you need at the moment. The
points of interest would be CalculatePointer() and the ReadType()
functions. Hope it helps!



Hey mate, I am trying to use your ReadInt from pointer and I got "Object reference not set to an instance of an object" error:



Code:
public int BaseAddress(string sModuleName)

{

return FindModule(sModuleName).BaseAddress.ToInt32();

}



in "return" code. Do I need to declare it myself ? I have such method for reading:

Code:
public void ReadMemory()

{

Memory editor = new Memory();



editor.OpenProcess("L2.bin");



editor.GetModules();



int baseaddress = editor.BaseAddress("l2.bin");

int basemoduleaddress = editor.BaseAddress("Engine.dll");





int moduleaddress = basemoduleaddress + 0x01834A6C;



int[] wartosci = { 0x5C8, 0x494, 0x3EC, 0x8, 0x160, 0x3C, 0x4C, 0x240 };



IloscCP = editor.ReadInt(moduleaddress, wartosci);

MaxIloscCP = editor.ReadIntMinus8(moduleaddress, wartosci);



try

{

progressBar1.Value = Convert.ToInt32((IloscCP / MaxIloscCP) * 100);

label1.Text = Convert.ToString(IloscCP);

label3.Text = Convert.ToString(MaxIloscCP);

}

catch { }

}

********************************************
avatar
EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 114693
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön


 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz