C# - Getting Variable from Windows:Calculator to use in my C#-Programm

Question

3.33/5 (3 votes)

See more:

Ok, someone told me that what im doing has something to do with code injection, not sure if thats so.

All im trying is to get the value that i have given in the calculator to show up in my secondary program.

For that im using Cheatengine 6.1 which gives me the adress of that variable which is currently 00179B1C

In my C# Program i want to read from that adress. ((( See unsafe{} section )))
I get values that are not what i expect, they change after every execution, mostly they stay 0 so i guess im not at the right adress. Can someone help me with this problem? I have heard that every programm uses its own adress room, for windows starting at 400000. But how is Cheat Engine getting the variables from other Programms then?

if your asking yourself why im doing all this, its for training purpose.

Here is a screenshot:
http://img444.imageshack.us/img444/7702/botcreate1.jpg

Thank you.

Posted 7-Jul-12 12:55pm

f4k0rg077

Updated 7-Jul-12 12:58pm

v2

Add a Solution

Comments

RaisKazi 7-Jul-12 19:39pm

Interesting Question. 5!

Sergey Alexandrovich Kryukov 7-Jul-12 21:37pm

No, this is totally baseless question. I explain why in my answer.
--SA

pasztorpisti 9-Jul-12 20:06pm

ReadProcessMemory() is the best (and unfortunately undetectable) (stat)hack out there. :D Stathacks are hacks that run in a different processes than the game itself and they read data from the game into a separate window and they print it out. They are easy to code and are hard or impossible to detect by anticheat. For example in a strategy game you could read the array of units from the game process and draw the whole map to a separate window by indicating all units with colored dots - this way you know when your enemy attacks... If you are interested in this kind of stuff then search for hacking/cracking tutorials on the net. You will find good stuff on codeproject too, but its easier to read some hacking tutorials first before reinventing the wheel ;D This is a good stuff if you have a lot of time to kill! If you are into hacking then learn assembly and use IDA Pro that is the best to disassemble programs!
EDIT: mentioned assembly and disassembling (reverse engineering) just because the kind of stuff you are doing is powerful if its coupled with assembly and reverse engineering knowledge. For win32 assembly search for Iczelion's tutorials. For reverse engineering search for "reverse engineering tutorial" in google. Having a clear understanding of assembly and being able to disassemble a binary executable is necessary to find the right places in the virtual memory of the other process from where you can read useful info. Later you will be able to modify the other exe (file, or runtime in memory) to alter its behavior if you want. Its lots of lots of fun! :D

f4k0rg077 10-Jul-12 17:38pm

yes i have already found out what i had to to.
Those Tutorials helped: http://www.youtube.com/watch?v=0osZuafJuB0&feature=related
but i found also out that there is one bad in the included Memory.cs class
If someone is doing the same tutorials, i recommend changing the value in the
PointerRead function at the part:
else if (i == 0)
{
ReadProcessMemory(m_hProcess, MemoryAddress, buffer, 4, out ptrBytesRead);
tempAddress = ToDec(Make(buffer)) + Offset[1];
}
and replace the 1 with a 0.
In the tutorials you wont have a problem with this bug, but when reading from an adress that has multiple offsets you would see that its wrong there.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2012-07-07T15:37:00

You have no idea of what you are doing. It makes no sense at all. The addresses of different processes are totally isolated, and each process runs in its own address space. One process can report, say, some variable address to another process, and in that process that address can be address of completely different object, physically different or be not a valid address. What you do is totally useless.

[EDIT]

The question is: how can your cheating engine work? There is are special "holes" in the isolation of the process memory space, designed for different purposes, such as debugging.

You can access the process memory using the Windows API ReadProcessMemory or WriteProcessMemory:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx[^],
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx[^].

This is a very different from what you are trying to do. You never have any common point in the memory spaces and you cannot use the remote process memory throw a pointer in your memory space. The memory is only copied to or from some buffer in the caller's memory space.

For more information of this topic, please see the API set "Process Functions for Debugging":
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680549%28v=vs.85%29.aspx[^].

And the wider set "Debugging Functions":
http://msdn.microsoft.com/en-us/library/windows/desktop/ms679303%28v=vs.85%29.aspx[^].

—SA