Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > .NET Languages
You last visited: Today at 21:27

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



Cheat Engine, C#, THREADSTACK0

Discussion on Cheat Engine, C#, THREADSTACK0 within the .NET Languages forum part of the Coders Den category.

Reply
 
Old   #1



 
elite*gold: 122
Join Date: May 2014
Posts: 2,434
Received Thanks: 415
Cheat Engine, C#, THREADSTACK0

Hello,

I try to describe my problem in english, to get more help, as when I write it in german.

I have a pointer for the zoom value, and I got many pointers for some .dll's, but after a while, the pointers aren't valid anymore, and only the pointers which comes from "THREADSTACK0" are valid.

I am not working with C++, that's why I tried to find a way, to get the "THREADSTACK0" address via C#.

I found a github project, which returns a "THREADSTACK0" address (if I convert it to IntPtr) but it isn't the correct address.

I used following project:


Now to explain a little bit more my problem, I will add screens.

That is the address which shows Cheat Engine:


That is the address which shows Visual Studio without adding the 0x000001D8 to the THREADSTACK0:


That is the address which shows Visual Studio with adding the 0x000001D8 to the THREADSTACK0 (I forgot to make a photo of it so I calculated it): 0x3A7FC58

Cheat Engine Value:
"THREADSTACK0"-000001D8



Melli- is offline  
Old 01/10/2020, 14:21   #2
 
elite*gold: 0
Join Date: Apr 2011
Posts: 295
Received Thanks: 109
Don't know much about it, but some urls should help you find your way out.





The git you share is for 32 bit process, if you are ussing 64, you have to change a bit of code, (remember 64bit process has 8bytes address size, so intPtr don't know if can store it without overflow)


elmarcia is offline  
Old 01/10/2020, 14:35   #3



 
elite*gold: 122
Join Date: May 2014
Posts: 2,434
Received Thanks: 415
Quote:
Originally Posted by elmarcia View Post
Don't know much about it, but some urls should help you find your way out.





The git you share is for 32 bit process, if you are ussing 64, you have to change a bit of code, (remember 64bit process has 8bytes address size, so intPtr don't know if can store it without overflow)
First of all: I am using a 32 bit process, that's fine and give no problem (otherwise I would never have a result - because it throws an exception then.)

I read both of them, and that doesn't helped. I need to explain the problem better.

I found out now, that if I use the program:
the THREADSTACK0 base address is "okay" but it isn't this one, which CE uses. Just to clarify with pictures:

if I add the address "THREADSTACK0" I got following address:


this is the same address as the program "threadstack.exe" say:


but if I go to the pointer, and delete the "-000001D8" which is added after the "THREADSTACK0"
I got following value:


but this is obviously not the same value, which I got when I add the address "THREADSTACK0" (because this value is 1999864944)
Melli- is offline  
Old 01/10/2020, 17:50   #4
Moderator


 
elite*gold: 45
The Black Market: 236/0/0
Join Date: Apr 2011
Posts: 10,229
Received Thanks: 2,272
Arrow General Coding -> .NET Languages

#moved


False is offline  
Old 01/10/2020, 21:58   #5
 
elite*gold: 0
Join Date: Apr 2011
Posts: 295
Received Thanks: 109
Quote:
Originally Posted by Melli- View Post
First of all: I am using a 32 bit process, that's fine and give no problem (otherwise I would never have a result - because it throws an exception then.)

I read both of them, and that doesn't helped. I need to explain the problem better.

I found out now, that if I use the program:
the THREADSTACK0 base address is "okay" but it isn't this one, which CE uses. Just to clarify with pictures:

if I add the address "THREADSTACK0" I got following address:


this is the same address as the program "threadstack.exe" say:


but if I go to the pointer, and delete the "-000001D8" which is added after the "THREADSTACK0"
I got following value:


but this is obviously not the same value, which I got when I add the address "THREADSTACK0" (because this value is 1999864944)
Pointer works in oposite direction, i don't know what you mean by add, i see a substraction there no adittion...


If i understand well you get your THREADSTACK0 base address, which is great, lets say THREADSTACK0 base is [03A7F9C0] this base address points to some other address 1999864944 -> [77338470], but this address pointed isn't what you need, you need to recalculate your base address first with the offset (0x1d8):

THREADSTACK0 - 0x1D8 -> 03A7F9C0 - 0x1d8 => BaseAddress:3A7F7E8

Then you can apply your pointer paths like this:

Note is reverse order as in cheat engine

Code:
offsets = {0x4,0x10,0x518,0x24,0x0,0x4,0x260}
currentAddress = BaseAddress
for (i=0;i<len(p) - 1;i++){
   currentAddress = MemoryRead(hProcess,currentAddress + offsets [i],'dword')
}
 value = MemoryRead(hProcess,currentAddress + 0x260,'your type here')
Last pointer offset is used to retrieve the address of the value needed

Lets say that this is valid code that is not, but for simplicity, memoryRead returns value readed, which is stored in the currentAddress and read all pointer path
elmarcia is offline  
Old 01/10/2020, 23:48   #6



 
elite*gold: 122
Join Date: May 2014
Posts: 2,434
Received Thanks: 415
Thank you for your help, but the problem was easier as I thought..

The class which I copied works fine, but I need to compile my project as 32 bit file (and run it as 32 bit file) - then I was able to get the THREADSTACK0, substract it with the 0x1D8, and add then the offsets to it.

I had a funny problem too, because after 6 offsets, I wasn't able to add the 7th offset, but if I wrote "offset7 = offset6 + 0x260" it worked fine, lol.

Thank you very much, but the solution was much easier


Melli- is offline  
Reply



« Anyone experienced in building DNN custom modules | HTTPClient Button im browser clicken »

Similar Threads
Can Anyone use hack with it in Cheat Engine??or Revo engine ??
11/18/2017 - Dekaron - 3 Replies
can u guyz make some hacks using the CE or RE maybe im gonna do something with it like experimenting i made many cheats in RFO but in this Game im a newbie,,,thank you for your support and remember be shareful....:mofo:
CheatEngine Threadstack0
11/18/2015 - General Coding - 2 Replies
Hallo epvp, ich habe mich seit langem mal wieder ans GameHacking gesetzt was zu erst auch ziemlich erfolgersprechend aussah. Richtige Pointer in CE gefunden, jetzt nur noch in C++ Werte auslesen/verändern - dachte ich mir. Allerdings sind alle statischen Adressen in CheatEngine als Threadstack0 definiert, was sich bei jedem Programmstart ändert. In allen anderen Foren steht man soll die Finger von den Statischen Adressen vom Stack lassen, und lieber welche verwenden die Spiel.exe als...
hack using engine(any engine?) anf by pass for this engine..
10/09/2009 - Grand Chase Philippines - 3 Replies
wla na bang engine na gumagana?



All times are GMT +1. The time now is 21:27.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 33E6kMtxYa7dApCFzrS3Jb7U3NrVvo8nsK
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.