Ok basically what I am trying to do is this. There is a game and it has an address that changes but always contains the same value. So what I'm trying to do is enumerate from a starting address of this running process in this case 0x0120DE13 and read what value is stored at address 0x0120DE13 and then increment to 0x0120DE14 etc... (scanning a memory region). However it's not working properly. When I cout the value it's a constant integer number and not the value of the next address. When 2198867081u is found I want to replace that value with 22072894885u. Everything is working except what's in my for loop where I'm cycling through what I was hoping to be 40,000 addresses. I'm going about this wrong I am sure.
Any help would be very appreciated. Thank you !

int main()
{

system("title Battle Gear");
if(hwndDC == 0)
{
    MessageBox(0,"Error","Handle Error",0);
    SendMessage(hwndDC,0,0,WM_CLOSE);
    return 0;
};
//////////LIGHT HACK///////////////////////////
   unsigned long pID;
   GetWindowThreadProcessId(hwndDC,&pID);
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,pID);
   int x;
   int x2 = 22072894885u;
   DWORD LH;
   for(int i = 0; i <= 40000;i++)
   {
    LH = 0x0120DE13 + 1;
    cout<<LH;
    system("pause");
    ReadProcessMemory(hProcess, (LPVOID)LH,&x, 4, NULL);
    if(x == 2198867081u)
    {
    WriteProcessMemory(hProcess, (LPVOID)LH, &x2, 4, NULL);
    };
   };
system("pause");
return 0;
};

The problem is on this line: LH = 0x0120DE13 + 1;
This should instead be: LH = 0x0120DE13 + i;

That is not working... when I output LH I get numbers not addresses.
I basically need a loop that's going to go from one address to the next up until it locates the value I'm looking for.

where are you getting a value for hwndDC? does hwndDC hold a handle to the window of the game you are trying to hack?

Yes I have declared HWND hwndDC = FindWindow(0,"the game"); in code that I did not include within my globals. So my focus is primarily on the incrementing of addresses. Nathan I appreciate any help you can provide on this. This has me surfing all over the web trying to get an answer. A more experienced programmers help would be very very helpful. Thank you -Cody

focus is primarily here. Note I changed hwndDC to simply hwnd since it's most familiar to clear things up.

    //////////LIGHT HACK///////////////////////////
       unsigned long pID;
       GetWindowThreadProcessId(hwnd,&pID);
        HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,pID);
       int x;
       int x2 = 22072894885u; 
       DWORD LH;
       for(int i = 0; i <= 40000;i++)
       {
        LH = 0x0120DE13 + 1;  //<=== This is my problem area I want my program to start here
        // and increment addresses (scanning through addys) for 2198867081

        ReadProcessMemory(hProcess, (LPVOID)LH,&x, 4, NULL);
        if(x == 2198867081u)
        {
        WriteProcessMemory(hProcess, (LPVOID)LH, &x2, 4, NULL);
        };
       };

Edited 3 Years Ago by CodyOebel

To output the valuu LH as an address, you need to use the hex output manipulator, as in cout << hex << LH << endl;

Edited 3 Years Ago by rubberman

Ok got the hex address outputting to what seems correct thus far. Now the problem is when I output x from the read process memory it's constantly the same number

   DWORD LH;
   for(int i = 0; i <= 5000000;i++)
   {
       Sleep(10);
    LH = 0x0011DE13+i;
    //std::cout<<std::hex<<LH<<"\n";
    //system("pause");
    ReadProcessMemory(hProcess, (LPVOID)LH,&x, 4, NULL);
    cout<<x<<"\n"; //<--- Constantly outputs 2686916 
    if(x == 2198867081u)
    {
    MessageBox(0,"Found it","MB FINDER",0);
    WriteProcessMemory(hProcess, (LPVOID)LH, &x2, 4, NULL);
    };
   };

Thanks to your help guys I have it now working it just takes a long time to scan through the process, but it does eventually find it. This below is my working code.

//////////LIGHT HACK///////////////////////////
   unsigned long pID;
   GetWindowThreadProcessId(hwndDC,&pID);
   HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,pID);
   int x = 2207289488u;
   unsigned int x2;
   for(int i = 0; i<15000000;i++)
   {
    Sleep(1);
    DWORD LH = 0x001ed900+i;
    std::cout<<std::hex<<LH<<"\n";
    //MessageBox(0,"Found it","MB FINDER",0);
    ReadProcessMemory(hProcess, (LPVOID)LH, &x2, 4, NULL);
    if(x2 == 2198867081u)
    {
     Beep(1000,1000);
     Beep(1000,1000);Beep(1000,1000);Beep(1000,1000);Beep(1000,1000);
     WriteProcessMemory(hProcess, (LPVOID)LH, &x, 4, NULL);
     MessageBox(hwndDC,"FOUND IT","LIGHT HACK",0);
    break;
    };


   };

You might also want to use the endl operator instead of "\n" in your output code since that also has the affect of flushing the output buffer. IE: std::cout<<std::hex<<LH<<std::endl;

Ok here's a problem I am running into. The program is working perfectly fine and is doing what it was intended to do. The problem however is that it is at times taking up to 2+ hours to scan through the processes memory for the address that contains the value I am interested in. This is not at all practical. The program it is scanning has 14 million addresses in it. It's scanning through them all at this time. It does find it eventually. Is there a way to speed this process up? I use a program called cheat engine, and it finds addresses very fast so I know there is a way to speed this up.

You might be able to narrow down where in the process memory the address is likely to be and just scan that area.

well here is what I noticed. The address always ends in DE13 it's the first four that change randomly. What I was maybe thinking was increment an integer starting at 0, all the way through the 65,000_ (ffff) and then output each incrementation to a notepad and then concatenate the de13, and read in the address as a DWORD. This would really speed up the process. However I am running into a great deal of problems with this idea. A faster scanning method would be perfect. The program randomly allocates memory with the address interested. So scanning from ground zero has been thus far my best attempt. I appreciate any and all advice guys. Thank you for your time and I value that time greatly as I know you will never get it back. -Cody

for(int i = 0; i<15000000;i++)

Since you are looking for an unsigned int, would you not increment your loop like so

for(unsigned i = 0; i<15000000; i += sizeof(unsigned))

Take note tht I'm novice so might not be 100% correct about that.

This article has been dead for over six months. Start a new discussion instead.