#include <Windows.h> #include <TlHelp32.h> #include <tchar.h> #include <vector> #include <stdlib.h> #include <iostream> using namespace std; DWORD GetModuleBaseAddress(TCHAR* lpszModuleName, DWORD pID) { DWORD dwModuleBaseAddress = 0; HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pID); // make snapshot of all modules within process MODULEENTRY32 ModuleEntry32 = { 0 }; ModuleEntry32.dwSize = sizeof(MODULEENTRY32); if (Module32First(hSnapshot, &ModuleEntry32)) //store first Module in ModuleEntry32 { do { if (_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0) // if Found Module matches Module we look for -> done! { dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr; break; } } while (Module32Next(hSnapshot, &ModuleEntry32)); // go through Module entries in Snapshot and store in ModuleEntry32 } CloseHandle(hSnapshot); return dwModuleBaseAddress; } DWORD GetPointerAddress(HWND hwnd, DWORD gameBaseAddr, DWORD address, vector<DWORD> offsets) { DWORD pID = NULL; // Game process ID GetWindowThreadProcessId(hwnd, &pID); HANDLE phandle = NULL; phandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); if (phandle == INVALID_HANDLE_VALUE || phandle == NULL); DWORD offset_null = NULL; ReadProcessMemory(phandle, (LPVOID*)(gameBaseAddr + address), &offset_null, sizeof(offset_null), 0); DWORD pointeraddress = offset_null; // the address we need for (int i = 0; i < offsets.size() - 1; i++) // we dont want to change the last offset value so we do -1 { ReadProcessMemory(phandle, (LPVOID*)(pointeraddress + offsets.at(i)), &pointeraddress, sizeof(pointeraddress), 0); } return pointeraddress += offsets.at(offsets.size() - 1); // adding the last offset } int main() { HWND hwnd_Chaos = FindWindowA(NULL, "Chaos"); if (hwnd_Chaos != FALSE); DWORD pID = NULL; GetWindowThreadProcessId(hwnd_Chaos, &pID); HANDLE phandle = NULL; phandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); if (phandle == INVALID_HANDLE_VALUE || phandle == NULL); char gamemodule1[] = "ChaosGame424-Win64-Shipping.exe"; DWORD gamebaseadress1 = GetModuleBaseAddress(_T(gamemodule1), pID); //Ammo DWORD ammoAddr = 0x035CC570; vector<DWORD> ammoOffsets{ 0x10, 0x20, 0x50, 0x298, 0xE0, 0x248, 0x974 }; DWORD ammoPtrAddr = GetPointerAddress(hwnd_Chaos, gamebaseadress1, ammoAddr, ammoOffsets); //Write the memory finally while (true) { int ammo = 1000; WriteProcessMemory(phandle, (LPVOID*)(ammoPtrAddr), &ammo, 4, 0); cout << "test"; } }