Thread: Finding memory address using memory pattern

  1. #1
    Registered User
    Join Date
    Nov 2006
    Location
    82.192.160.50
    Posts
    17

    Finding memory address using memory pattern

    Hey,

    I'm messing around with reading values from another already running process, for testing, I'm reading the mouse x and y coordinates of warcraft III. Now, using Cheat Engine, i found the address, which is 0x09A103C0 and 0x09A103C4, and i made a small testing app, and it all works fine. My problem is, it only works if i find the address beforehand, since the address changes from computer to computer. Now what i wanted to do was look up the address by finding a region around the address that might be static, and i think i managed to do that, but now i don't know where to begin, in the whole search aspect.
    Here's the app:
    Code:
    void EnableDebugPriv(void)
    {
        HANDLE hToken;
        LUID sedebugnameValue;
        TOKEN_PRIVILEGES tkp;
    
        OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
    
        LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);
    
        tkp.PrivilegeCount = 1;
        tkp.Privileges[0].Luid = sedebugnameValue;
        tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    
        AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL);
    
        CloseHandle(hToken);
    }
    
    int _tmain(int argc, _TCHAR* argv[]) {
        HWND hWnd;
        HANDLE hProcess;
        unsigned long pID, tID;
        float valx, valy;
    
        EnableDebugPriv();
        hWnd = FindWindow(L"Warcraft III", L"Warcraft III");
        if(hWnd) {
            printf("hWnd: %i (OK)\n", hWnd);
        } else {
            printf("hWnd: %i (Err: %i)\n", hWnd, GetLastError());
            system("pause");
            return GetLastError();
        }
    
        GetWindowThreadProcessId(hWnd, &pID);
        if(pID) {
            printf("pID: %i (OK)\n", pID);
        } else {
            printf("pID: %i (Err: %i)\n", pID, GetLastError());
            system("pause");
            return GetLastError();
        }
        
        hProcess = OpenProcess(PROCESS_VM_READ, false, pID);
        if(hProcess) {
            printf("hProcess: %i (OK)\n", hProcess);
        } else {
            printf("hProcess: %i (Err: %i)\n", hProcess, GetLastError());
            system("pause");
            return GetLastError();
        }
        ReadProcessMemory(hProcess, (LPVOID)0x09A103C0, &valx, sizeof(float), NULL);
        ReadProcessMemory(hProcess, (LPVOID)0x09A103C4, &valy, sizeof(float), NULL);
        printf("fValX: %f (OK)\n", valx);
        printf("fValY: %f (OK)\n", valy);
        system("pause");
        return 0;
    }
    And here's the pattern i found
    Code:
    //Prefix
    00 00 00 00 E4 8D 70 6F 00 00 00 00 A8 F3 45 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    01 00 00 00 04 00 00 00 04 00 00 00 38 8A 7D 04 
    04 00 00 00 04 00 00 00 28 FA 9F 04 04 00 00 00 
    04 00 00 00 C8 64 80 04 04 00 00 00 04 00 00 00 
    78 1E 80 04 04 00 00 00 04 00 00 00 90 15 80 04 
    02 00 00 00 04 00 00 00 04 00 00 00 D8 01 D1 07 
    04 00 00 00 04 00 00 00 30 1D D1 07 04 00 00 00 
    04 00 00 00 48 1D D1 07 00 00 00 00 00 00 00 00 
    FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    
    < fMouseX > < fMouseY > ?? ?? ?? ?? ?? ?? ?? ??
    
    //Suffix
    00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 
    01 00 00 00 60 01 84 04 2C 0F 3B 04 00 11 3B 04 
    80 00 0D 0A 00 00 00 00 E4 8D 70 6F 00 00 00 00 
    A8 F3 45 00 00 00 00 00 01 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    08 00 00 00 08 00 00 00 90 00 DD 09 00 00 00 00
    So, as stated earlier, i don't know what to do, to search the memory, or even where to begin. I did some google searching but i didn't manage to find anything. A link to a guide or tutorial would be cool, or just some hints to what i could try.

    Anyways, thanks in advance.
    - MindWorX

  2. #2
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Manipulating 3rd-party applications, especially games, in unintended ways falls under the cracking rule.
    http://cboard.cprogramming.com/annou...t.php?f=3&a=51
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Help with insert/delete binary search tree
    By Nazgulled in forum C Programming
    Replies: 39
    Last Post: 03-25-2009, 04:24 PM
  2. What does this do (Windows API)?
    By EVOEx in forum Windows Programming
    Replies: 4
    Last Post: 12-19-2008, 10:48 AM
  3. assigning a memory address to a pointer
    By MK27 in forum C Programming
    Replies: 5
    Last Post: 09-16-2008, 01:01 PM
  4. Hmm.. Ai? Finding the pattern in number squences?
    By Zeusbwr in forum C++ Programming
    Replies: 8
    Last Post: 04-02-2005, 06:13 PM
  5. Im so lost at . .
    By hermit in forum C Programming
    Replies: 18
    Last Post: 05-15-2002, 01:26 AM