Asentrix 17 Posted May 25, 2015 Report Share Posted May 25, 2015 (edited) Looking for a plugin that reads processes , addresses , memories , values etcI saw one for 60$ a while back , but it lacked the ability to display the memory values , it could only write.. It would need to be able to do the following. ♦ Read memory of processes , like cheat engine does in a sense.♦ Write to memory♦ Read values etc♦ Freeze values I'm searching for this , so I can build game trainers for fun , sort of like a side project. If you want some examples , here is an example of how it's done in C# using System; using System.Runtime.InteropServices; namespace FarCry3Trainer.CheatEngine { /// <summary> /// Win32 methods /// </summary> public static class Win32 { [DllImport("kernel32.dll", SetLastError = true)] public static extern bool WriteProcessMemory( IntPtr process, IntPtr address, byte[] buffer, uint size, ref uint written); [DllImport("Kernel32.dll", SetLastError = true)] public static extern bool ReadProcessMemory( IntPtr process, IntPtr address, byte[] buffer, uint size, ref uint read); [Flags] public enum ProcessAccessType { PROCESS_TERMINATE = (0x0001), PROCESS_CREATE_THREAD = (0x0002), PROCESS_SET_SESSIONID = (0x0004), PROCESS_VM_OPERATION = (0x0008), PROCESS_VM_READ = (0x0010), PROCESS_VM_WRITE = (0x0020), PROCESS_DUP_HANDLE = (0x0040), PROCESS_CREATE_PROCESS = (0x0080), PROCESS_SET_QUOTA = (0x0100), PROCESS_SET_INFORMATION = (0x0200), PROCESS_QUERY_INFORMATION = (0x0400) } [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess( [MarshalAs(UnmanagedType.U4)]ProcessAccessType access, [MarshalAs(UnmanagedType.Bool)]bool inheritHandler, uint processId); [DllImport("kernel32.dll")] public static extern int CloseHandle(IntPtr objectHandle); } } using System; using System.Diagnostics; using System.Text.RegularExpressions; namespace FarCry3Trainer.CheatEngine { /// <summary> /// Represents an access to a remote process memory /// </summary> public class Memory : IDisposable { private Process process; private IntPtr processHandle; private bool isDisposed; public const string OffsetPattern = "(\\+|\\-){0,1}(0x){0,1}[a-fA-F0-9]{1,}"; /// <summary> /// Initializes a new instance of the Memory /// </summary> /// <param name="process">Remote process</param> public Memory(Process process) { if (process == null) throw new ArgumentNullException("process"); this.process = process; processHandle = Win32.OpenProcess( Win32.ProcessAccessType.PROCESS_VM_READ | Win32.ProcessAccessType.PROCESS_VM_WRITE | Win32.ProcessAccessType.PROCESS_VM_OPERATION, true, (uint)process.Id); if (processHandle == IntPtr.Zero) throw new InvalidOperationException("Could not open the process"); } #region IDisposable ~Memory() { Dispose(false); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } private void Dispose(bool disposing) { if (isDisposed) return; Win32.CloseHandle(processHandle); process = null; processHandle = IntPtr.Zero; isDisposed = true; } #endregion #region Properties /// <summary> /// Gets the process to which this memory is attached to /// </summary> public Process Process { get { return process; } } #endregion /// <summary> /// Finds module with the given name /// </summary> /// <param name="name">Module name</param> /// <returns></returns> protected ProcessModule FindModule(string name) { if (string.IsNullOrEmpty(name)) throw new ArgumentNullException("name"); foreach (ProcessModule module in process.Modules) { if (module.ModuleName.ToLower() == name.ToLower()) return module; } return null; } /// <summary> /// Gets module based address /// </summary> /// <param name="moduleName">Module name</param> /// <param name="baseAddress">Base address</param> /// <param name="offsets">Collection of offsets</param> /// <returns></returns> public IntPtr GetAddress(string moduleName, IntPtr baseAddress, int[] offsets) { if (string.IsNullOrEmpty(moduleName)) throw new ArgumentNullException("moduleName"); ProcessModule module = FindModule(moduleName); if (module == null) return IntPtr.Zero; else { int address = module.BaseAddress.ToInt32() + baseAddress.ToInt32(); return GetAddress((IntPtr)address, offsets); } } /// <summary> /// Gets address /// </summary> /// <param name="baseAddress">Base address</param> /// <param name="offsets">Collection of offsets</param> /// <returns></returns> public IntPtr GetAddress(IntPtr baseAddress, int[] offsets) { if (baseAddress == IntPtr.Zero) throw new ArgumentException("Invalid base address"); int address = baseAddress.ToInt32(); if (offsets != null && offsets.Length > 0) { byte[] buffer = new byte[4]; foreach (int offset in offsets) address = ReadInt32((IntPtr)address) + offset; } return (IntPtr)address; } /// <summary> /// Gets address pointer /// </summary> /// <param name="address">Address</param> /// <returns></returns> public IntPtr GetAddress(string address) { if (string.IsNullOrEmpty(address)) throw new ArgumentNullException("address"); string moduleName = null; int index = address.IndexOf('"'); if (index != -1) { // Module name at the beginning int endIndex = address.IndexOf('"', index + 1); if (endIndex == -1) throw new ArgumentException("Invalid module name. Could not find matching \""); moduleName = address.Substring(index + 1, endIndex - 1); address = address.Substring(endIndex + 1); } int[] offsets = GetAddressOffsets(address); int[] _offsets = null; IntPtr baseAddress = offsets != null && offsets.Length > 0 ? (IntPtr)offsets[0] : IntPtr.Zero; if (offsets != null && offsets.Length > 1) { _offsets = new int[offsets.Length - 1]; for (int i = 0; i < offsets.Length - 1; i++) _offsets[i] = offsets[i + 1]; } if (moduleName != null) return GetAddress(moduleName, baseAddress, _offsets); else return GetAddress(baseAddress, _offsets); } /// <summary> /// Gets address offsets /// </summary> /// <param name="address">Address</param> /// <returns></returns> protected static int[] GetAddressOffsets(string address) { if (string.IsNullOrEmpty(address)) return new int[0]; else { MatchCollection matches = Regex.Matches(address, OffsetPattern); int[] offsets = new int[matches.Count]; string value; char ch; for (int i = 0; i < matches.Count; i++) { ch = matches[i].Value[0]; if (ch == '+' || ch == '-') value = matches[i].Value.Substring(1); else value = matches[i].Value; offsets[i] = Convert.ToInt32(value, 16); if (ch == '-') offsets[i] = -offsets[i]; } return offsets; } } /// <summary> /// Reads memory at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="buffer">Buffer</param> /// <param name="size">Size in bytes</param> public void ReadMemory(IntPtr address, byte[] buffer, int size) { if (isDisposed) throw new ObjectDisposedException("Memory"); if (buffer == null) throw new ArgumentNullException("buffer"); if (size <= 0) throw new ArgumentException("Size must be greater than zero"); if (address == IntPtr.Zero) throw new ArgumentException("Invalid address"); uint read = 0; if (!Win32.ReadProcessMemory(processHandle, address, buffer, (uint)size, ref read) || read != size) throw new AccessViolationException(); } /// <summary> /// Writes memory at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="buffer">Buffer</param> /// <param name="size">Size in bytes</param> public void WriteMemory(IntPtr address, byte[] buffer, int size) { if (isDisposed) throw new ObjectDisposedException("Memory"); if (buffer == null) throw new ArgumentNullException("buffer"); if (size <= 0) throw new ArgumentException("Size must be greater than zero"); if (address == IntPtr.Zero) throw new ArgumentException("Invalid address"); uint write = 0; if (!Win32.WriteProcessMemory(processHandle, address, buffer, (uint)size, ref write) || write != size) throw new AccessViolationException(); } /// <summary> /// Reads 32 bit signed integer at the address /// </summary> /// <param name="address">Memory address</param> /// <returns></returns> public int ReadInt32(IntPtr address) { byte[] buffer = new byte[4]; ReadMemory(address, buffer, 4); return BitConverter.ToInt32(buffer, 0); } /// <summary> /// Reads 32 bit unsigned integer at the address /// </summary> /// <param name="address">Memory address</param> /// <returns></returns> public uint ReadUInt32(IntPtr address) { byte[] buffer = new byte[4]; ReadMemory(address, buffer, 4); return BitConverter.ToUInt32(buffer, 0); } /// <summary> /// Reads single precision value at the address /// </summary> /// <param name="address">Memory address</param> /// <returns></returns> public float ReadFloat(IntPtr address) { byte[] buffer = new byte[4]; ReadMemory(address, buffer, 4); return BitConverter.ToSingle(buffer, 0); } /// <summary> /// Reads double precision value at the address /// </summary> /// <param name="address">Memory address</param> /// <returns></returns> public double ReadDouble(IntPtr address) { byte[] buffer = new byte[8]; ReadMemory(address, buffer, 8); return BitConverter.ToDouble(buffer, 0); } /// <summary> /// Writes 32 bit unsigned integer at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="value">Value</param> /// <returns></returns> public void WriteUInt32(IntPtr address, uint value) { byte[] buffer = BitConverter.GetBytes(value); WriteMemory(address, buffer, 4); } /// <summary> /// Writes 32 bit signed integer at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="value">Value</param> /// <returns></returns> public void WriteInt32(IntPtr address, int value) { byte[] buffer = BitConverter.GetBytes(value); WriteMemory(address, buffer, 4); } /// <summary> /// Writes single precision value at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="value">Value</param> /// <returns></returns> public void WriteFloat(IntPtr address, float value) { byte[] buffer = BitConverter.GetBytes(value); WriteMemory(address, buffer, 4); } /// <summary> /// Writes double precision value at the address /// </summary> /// <param name="address">Memory address</param> /// <param name="value">Value</param> /// <returns></returns> public void WriteDouble(IntPtr address, double value) { byte[] buffer = BitConverter.GetBytes(value); WriteMemory(address, buffer, 8); } } } Edited May 25, 2015 by Asentrix Quote Link to post Share on other sites
pash 504 Posted May 25, 2015 Report Share Posted May 25, 2015 I will try. 1 Quote Link to post Share on other sites
Asentrix 17 Posted May 25, 2015 Author Report Share Posted May 25, 2015 I will try.Sweet , keep me posted Quote Link to post Share on other sites
pash 504 Posted May 25, 2015 Report Share Posted May 25, 2015 Sweet , keep me posted Oh. Sorry tough for me. Quote Link to post Share on other sites
Asentrix 17 Posted May 27, 2015 Author Report Share Posted May 27, 2015 Still interested in this! Quote Link to post Share on other sites
runsoftware 14 Posted May 27, 2015 Report Share Posted May 27, 2015 I would also be interested in this Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.