Deprecated: The behavior of unparenthesized expressions containing both '.' and '+'/'-' will change in PHP 8: '+'/'-' will take a higher precedence in /home/iano/public_html/tpforums-vb5/forum/includes/class_core.php on line 5842

PHP Warning: Use of undefined constant MYSQL_NUM - assumed 'MYSQL_NUM' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_ASSOC - assumed 'MYSQL_ASSOC' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_BOTH - assumed 'MYSQL_BOTH' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 588

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 612

PHP Warning: Use of undefined constant archive_postsperpage - assumed 'archive_postsperpage' (this will throw an Error in a future version of PHP) in ..../archive/index.php on line 456
Base address Tibia.exe? [Archive] - Forums
PDA

View Full Version : Base address Tibia.exe?


Xleniz
06-27-2013, 06:03 PM
Ok, Im having problems with baseaddress,
I tried:
Cheatengine xPos: (Tibia.exe+553038)

then
(c++) xPos = baseAddress + 0x553038;

but xPos gives wrong number.
Why?
--if tibia.exe is not base address, how to find address that adds to base address.
Blequi
06-27-2013, 06:21 PM
yes, tibia.exe in cheat engine means the base address of the Tibia,exe module, so if you read an int on the memory address of "baseAddress + 0x553038", you obtain the x position.
Xleniz
06-27-2013, 06:27 PM
XPOS is already int, or what do you mean?

int XPOS = 0;
ReadProcessMemory(phandle,(void*)xPos,&XPOS, sizeof(XPOS),0);
Blequi
06-27-2013, 06:29 PM
then you are not getting the base address properly
Xleniz
06-27-2013, 06:32 PM
Oh sorry, works now, dont know why it didnt before, sorry XD
Xleniz
06-27-2013, 08:25 PM
Im confused,
xPos = baseAddress + 0x553038;
worked
but now it doesnt.
Value: 2394829384

Im using:


DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(strcmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (intptr_t)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
XtrmJash
06-27-2013, 08:45 PM
Im confused,
xPos = baseAddress + 0x553038;
worked
but now it doesnt.
Value: 2394829384

Im using:


DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(strcmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (intptr_t)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}


Hi again,

A good way to debug this might be to create a C# console application, add "using System.Diagnostics;" and do this:

Console.WriteLine("Base Address : " + Convert.ToString(Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32()));
Console.ReadLine;

I can tell you that this code will work (maybe my conversion from IntPtr to Int32 to string could be dodgy, but try different implementations of it until you get a reasonable base address. This will give you the base address, then you can do the same thing using your code. After that, simply dump the memory address, then the two values added together (base + memory addr), then dump the return from the read (1 or 0 I think, success or failure), then dump the value read in its most nude form. When I say dump, I mean just put it on the display somehow (Console.Write, MessageBox.Show, whatever you fancy).
lanfear
01-03-2014, 04:48 PM
Hello everyone! I'm new to this forum.. I have been reading a lot here last few days :P I just got interest in the concept for hooking tibia functions and stuff.. So i started a little project trying to do this.. I have not come so far yet.. But i thought ill share the source i wrote for getting base address for tibia.exe.. It also reads process memory.. It's written in Visual Studio C++, so you know.. Well the reason why I'm sharing is that it's due to this forums i was able to write it ;D I do have an interest in programming but i do not know C++ very well.. And also i was woundering, does anyone know about the hooking process? Do i need a library that includes the functions of tibia? Or can i write something on my own? I don't really get how it works.. I also tried fooling around with VB and tibiaAPI.. But i did not get it to work.. :P Well, have fun girls and boys!

I have to add.. The code is NOT optimized :P And i just copy the whole thing.. It reads exp, hp and mana as well... Might be a good example for those who is looking for such..


#include "stdafx.h"
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
#include <iomanip>
#include <string.h>
#include <cstdlib>

using namespace std;

void getExp(HANDLE handle, int baseAddr);
void getHp(HANDLE handle, int baseAddr);
void getMana(HANDLE handle, int baseAddr);

int main() {

int baseAddr = 0x180000;
DWORD cbNeeded;
DWORD processID;
HMODULE hMods[1];

HWND hwnd = FindWindow(L"TibiaClient", 0);
GetWindowThreadProcessId(hwnd, &processID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);

cout << "Handle: " << hwnd << endl;
cout << "Process ID: " << processID << endl;
cout << "Process Handle: " << handle << endl;

if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
{
cout << "\nEnumeration: " << "Success!" << endl;

TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(handle, hMods[0], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
cout << "\nModule Name: ";
wcout << szModName; // Wide string char thing
cout << "\n\nModule Address: " << hMods[0] ; // hMods may be wide string, too, IDK, I didn't use it yet.

}
}
else {
cout << "Enumeration failed!" << endl;
}
cout << "\n\nEnd" << endl;

system("Pause");

while(true) {
system("CLS");

getExp(handle, baseAddr);
getHp(handle, baseAddr);
getMana(handle, baseAddr);

Sleep(100);
}

cin.ignore();
cin.get();
}

void getExp(HANDLE handle, int baseAddr) {
int expAddr = 0x3C1210+baseAddr;

int exp;
ReadProcessMemory(handle, (void*)expAddr, &exp, 4, 0);
printf("\nExp: %d", exp);

}
void getHp(HANDLE handle, int baseAddr) {

int xor = 0x3C1200+baseAddr;
int hp = 0x556000+baseAddr;
int maxHp = 0x55602C+baseAddr;

int hpValue;
int xorValue;
int maxHpValue;
ReadProcessMemory(handle, (void*)hp, &hpValue, 4, 0);
ReadProcessMemory(handle, (void*)xor, &xorValue, 4, 0);
ReadProcessMemory(handle, (void*)maxHp, &maxHpValue, 4, 0);

int maxHitpoints = maxHpValue^xorValue;
int hitpoints = hpValue^xorValue;
printf("\nHp: %d", hitpoints);
printf("/%d", maxHitpoints);
}

void getMana(HANDLE handle, int baseAddr) {
//int maxHp = 0x55602C+baseAddr;
int xor = 0x3C1200+baseAddr;
int mana = 0x3C1254+baseAddr;
int maxMana = 0x3C1204+baseAddr;

int manaValue;
int xorValue;
int maxManaValue;
ReadProcessMemory(handle, (void*)mana, &manaValue, 4, 0);
ReadProcessMemory(handle, (void*)xor, &xorValue, 4, 0);
ReadProcessMemory(handle, (void*)maxMana, &maxManaValue, 4, 0);

int maxManapoints = maxManaValue^xorValue;
int manapoints = manaValue^xorValue;
printf("\nMana: %d", manapoints);
printf("/%d", maxManapoints);
}
lanfear
01-03-2014, 04:51 PM
EDIT: I did not know how to make the base address go into a variable and make something like 0x12A458+baseAddress.. So when you run the program you will see the current base address in the console, then you need to copy it and write it into the variable "baseAddress" manually, and restart the program.. Easy as pie ;D C ya!
XtrmJash
01-04-2014, 04:10 AM
In case it is of any use to you, here is my base address acquiring code in C++:


#include "stdafx.h"
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>

#define FILEPATH "C:\\Users\\TibiaTest\\Desktop\\BaseAddr.txt"

using namespace std;


int _tmain(int argc, _TCHAR* argv[])
{
wofstream myFile;
myFile.open(FILEPATH);
myFile.clear();
myFile << L"Josh's module finder" << endl;
HWND hwnd = FindWindow(L"TibiaClient", NULL);
cout << "Handle: " << hwnd << endl;
myFile << L"Handle: " << hwnd << endl;
DWORD cbNeeded;
DWORD processID;
GetWindowThreadProcessId(hwnd, &processID);
cout << "Process ID: " << processID << endl;
myFile << L"Process ID: " << processID << endl;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processID);
cout << "Process Handle: " << handle << endl;
myFile << L"Process Handle: " << handle << endl;
HMODULE hMods[1024];
if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
{
cout << "Enumerated: " << "Success!" << endl;
for (unsigned int i = 0; i < (cbNeeded / sizeof(hwnd)); i++)
{
cout << "Round " << i << ": ";
myFile << L"Round " << i << L": ";
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(handle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
cout << "Module Name: ";
wcout << szModName; // Wide string char thing
cout << ". Entry Number: " << hMods[i] ; // hMods may be wide string, too, IDK, I didn't use it yet.
myFile << L"Module Name: " << szModName << L". Entry Number: " << hMods[i];
}
cout << ". " << endl;
myFile << L". " << endl;
}
}
CloseHandle(handle);
cout << "End" << endl;
myFile.close();
cin.get();
return 0;
}

What this code does is actually writes the file path of each module, as well as its base address, to the file specified near the top.