[C++] Get Target Info from memory

01/05/2015 21:23 Xephn#1
Hi guys.
Does anyone have target base pointer address for Aion 64 bit?
I found this address for Aion 32 bit by Cheat Engine, but for 64 bit not. Does anyone know how I get a true address and offsets of this memory?

Thanks for any ideas. :)
01/07/2015 21:29 Xephn#2
Aah... I found thread where is the solution :)
[Only registered and activated users can see links. Click Here To Register...]

And my C++ code for reading some data of player and target Name, LVL, HP etc...

[AION ver. 4.7.0.8 - 64 bit - NC]
Code:
// [AION]TargetGetInfo.cpp : Defines the entry point for the console application.
//

#include <Windows.h>
#include <stdio.h>
#include <TlHelp32.h>

DWORD GetModuleBaseAddress( DWORD dwProcessIdentifier, TCHAR *lpszModuleName );
DWORD GetProcessID( TCHAR *lpszProcessName );

int main(int argc, CHAR* argv[])
{
	DWORD PID = GetProcessID( "aion.bin" );

	if( PID != NULL )
	{
		WORD data_w = 0;
		DWORD data_dw = 0;
		byte data_b = 0;

		HANDLE PROC_HANDLE = OpenProcess( PROCESS_ALL_ACCESS, false, PID );
		DWORD hmodule_adrs = GetModuleBaseAddress( PID, "Game.dll" );

		printf("   Process ID: %d\n", PID );
		printf("Module Adress: %d\n\n", hmodule_adrs );

		// MaxEXP
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB00), &data_dw, sizeof(data_dw), NULL);
		printf( "MaxEXP: %d\n", data_dw );
		// Exp
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB10), &data_dw, sizeof(data_dw), NULL);
		printf( "CurExp: %d\n", data_dw );
		// MaxHP
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB1C), &data_dw, sizeof(data_dw), NULL);
		printf( "MaxHP:  %d\n", data_dw );
		// HP
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB20), &data_dw, sizeof(data_dw), NULL);
		printf( "CurHP:  %d\n", data_dw );
		// MaxMP
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB24), &data_dw, sizeof(data_dw), NULL);
		printf( "MaxMP:  %d\n", data_dw );
		// MP
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0x129EB28), &data_dw, sizeof(data_dw), NULL);
		printf( "CurMP:  %d\n", data_dw );
		// Target Selected
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0xE54A1C), &data_b, sizeof(data_b), NULL);
		printf( "\nTarget Selected: %d\n", data_b );
		// Target Pointer
		ReadProcessMemory(PROC_HANDLE, (LPCVOID)(hmodule_adrs + 0xE54A1C - 0xC ), &data_dw, sizeof(data_dw), NULL);
			DWORD TargetBase = 0;
			ReadProcessMemory(PROC_HANDLE, (LPCVOID)( data_dw + 0x368 ), &TargetBase, sizeof(TargetBase), NULL);
				// Target NAME
				wchar_t STR[32];
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x46 ), &STR, sizeof(STR), NULL);
				printf( "   NAME:  %ls\n", STR );
				// Target LVL
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x42 ), &data_w, sizeof(data_w), NULL);
				printf( "   LVL:   %d\n", data_w );
				// Target HP
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x145C ), &data_dw, sizeof(data_dw), NULL);
				printf( "   CurHP: %d\n", data_dw );
				// Target MaxHP
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x1460 ), &data_dw, sizeof(data_dw), NULL);
				printf( "   MaxHP: %d\n", data_dw );
				// Target MP
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x1468 ), &data_dw, sizeof(data_dw), NULL);
				printf( "   CurMP: %d\n", data_dw );
				// Target MaxMP
				ReadProcessMemory(PROC_HANDLE, (LPCVOID)( TargetBase + 0x146C ), &data_dw, sizeof(data_dw), NULL);
				printf( "   MaxMP: %d\n", data_dw );
	}

	system("pause");
	return 0;
}

/**********************************************************************************/
DWORD GetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName) 
{ 
   HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier); 
   DWORD dwModuleBaseAddress = 0; 
   if(hSnapshot != INVALID_HANDLE_VALUE) 
   { 
      MODULEENTRY32 ModuleEntry32 = {0}; 
      ModuleEntry32.dwSize = sizeof(MODULEENTRY32); 
      if(Module32First(hSnapshot, &ModuleEntry32)) 
      { 
         do 
         { 
            if(strcmp(ModuleEntry32.szModule, lpszModuleName) == 0) 
            { 
               dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr; 
               break; 
            } 
         } 
         while(Module32Next(hSnapshot, &ModuleEntry32)); 
      } 
      CloseHandle(hSnapshot); 
   } 
   return dwModuleBaseAddress; 
} 
/**********************************************************************************/
DWORD GetProcessID( TCHAR *lpszProcessName )
{
	DWORD processID = NULL;

	HANDLE hSnapShot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32* processInfo = new PROCESSENTRY32;
	processInfo->dwSize = sizeof ( PROCESSENTRY32);
	while ( Process32Next ( hSnapShot,processInfo ) != FALSE)
	{
		if( strcmp( processInfo->szExeFile, lpszProcessName ) == 0 )
		{
			processID = processInfo->th32ProcessID;
			break;
		}
	}

	CloseHandle( hSnapShot);
	delete processInfo;

	return processID;
}
09/27/2015 11:33 xAxTer#3
you can use version.dll Proxy for injecting your code into the Aion Client and you'll see all things goes easy