7 thoughts on “Video Tutorial – Structures In Memory

  1. Interesting, I was wondering how to find them. I know cheat engine also has a handy tool for memory structures, if you know were the structure is, it will try and fill in types.

  2. Depending on the compiler often the values are 4 bytes anyway even though the programmer set it to 1 byte or 2 bytes. The compiler aligns the structure so it can be accessed more easily e.g. MOV [EDI+Offset],EAX instead of first storing the value into AL and then moving it etc.

  3. This is a great tutorial, can’t wait for the next one. I am going to try small hacks like infinite ammo, but how do you inject the hack from outside the game(how do you make a hack without modifying the game). this was really helpful. Thanks alot.

  4. Heres Read and Write functions for structures or almost any type:

    public T ReadMem(IntPtr MemoryAddress)
    {
    int type_size = Marshal.SizeOf(typeof(T));
    byte[] buffer = new byte[type_size], num = { 0 };
    T obj = default(T);

    if (!P.HasExited)//check if the process has not exited
    {
    int ptrBytesReaded;
    if (!ReadProcessMemory(hProcess, MemoryAddress, buffer, (uint)type_size, out ptrBytesReaded))
    LastWin32Error = Marshal.GetLastWin32Error();

    if (ptrBytesReaded == type_size)
    {
    IntPtr buffer2 = Marshal.AllocHGlobal(type_size);
    Marshal.Copy(buffer, 0, buffer2, type_size);
    obj = (T)Marshal.PtrToStructure(buffer2, typeof(T));
    Marshal.FreeHGlobal(buffer2);
    }
    }

    return obj;
    }

    public bool WriteMem(IntPtr MemoryAddress, T obj)
    {
    bool succeeded = false;
    int rawSize = Marshal.SizeOf(obj);
    byte[] buffer = new byte[rawSize];
    //convert to byte array
    IntPtr buffer2 = Marshal.AllocHGlobal(rawSize);
    Marshal.StructureToPtr(obj, buffer2, false);
    Marshal.Copy(buffer2, buffer, 0, rawSize);
    Marshal.FreeHGlobal(buffer2);

    if (!P.HasExited)//check if the process has not exited
    {
    int bytesWritten;
    if (!WriteProcessMemory(hProcess, MemoryAddress, buffer, (uint)rawSize, out bytesWritten))
    LastWin32Error = Marshal.GetLastWin32Error();

    if (bytesWritten == buffer.Length)
    succeeded = true;
    }
    return succeeded;
    }

  5. wierd…still didnt show it, ”

    public T ReadMem ” (IntPtr MemoryAddress);

    public bool WriteMem ” (IntPtr MemoryAddress, T obj);

    Just remove the single quotes, if someone could edit my original comment with the correction, and delete these 2 posts, that would be great.

  6. ok its not letting me print that at all… well its a generic type function

    well since it wont let me print out those characters, ill just give you the name of the character. Add this in between the name and the parameters.

    “Less-Than Sign” T “Greater-Than Sign”

Leave a message

Your email address will not be published. Required fields are marked *

*