Java JNA Memory Reading/Writing + Cheat Engine

0
votes

I have been working on a project involving Java's JNA library and reading/writing to the memory of a game and have run into a few problems.

To preface everything, I am attempting to find the base address of the game (as it will change every time you reopen it), then I believe I should be able to add the offsets I am finding in Cheat Engine, and then I get the address of which I need to modify. For example, Cheat Engine provides me with the pointer "Game.exe"+0170AFC0 and an offset of 49C. My understanding is that if I obtain the base address of Game.exe through my programs getBaseAddress method, I can then add 0170AFC0 & 49C to that base address, leaving me with the address I am looking to modify (at least, this is my understanding).

I believe I am finding the base address correctly(?) as I found a useful method online for debugging. That method returns a base address of 1BB5310 which is exactly what my getBaseAddress method is finding.

The problem is that when I follow the aforementioned logic, my addresses do not match up to those I am looking for when I compare it to Cheat Engine directly. Ex: I find the base address of 1bb5310, add my offsets 0170AFC0 & 49C, and get the address 32C076C. However, Cheat Engine is telling me "Game.exe"+0170AFC0 -> 18F8CA1C +49C -> 18F8CEB8

This leaves me with one of two conclusions, my logic about how to get from base address to the address I am looking to modify is incorrect, or my getBaseAddress method is incorrect.

Here is the github of my current project (main class is Editor/MemEdit.java)

Any help in clearing up which is the problem would be very appreciated.

Clarification for Cheat Engine: Cheat Engine is a program that attaches itself to a running process and allows you to view/edit the memory associated with said process. An example is here. We are looking at all memory with the value of 1000 for the program Calculator.exe. Due to the nature of memory, every time you restart the program, the memory addresses change. You can, however, find the pointer which points to a particular memory address and provides you with information similar to this. The top Address being the current address, then it has the offset of 49c and lastly the "Game.exe"+0170AFC0, which I believe is the game's base address + an offset. What that then allows me to do is access that same information, regardless of if I restart the game (as it is going off of the games base address, I believe). Unfortunately Cheat Engine doesn't seem to have any exact documentation on how it is obtaining the "Game.exe" address but from what I have found, it should just be the processes base address.

1
javajnacheat-enginememory-editing
Post all relevant code here directly. If it's so much code that that's unreasonable, you need to narrow down the problem first. - Carcigenicate
I already have my github repo in my post with pretty clear direction on where it is inside of that (Editor/MemEdit.java in the getBaseAddress method). I don't want to copy that here as that method relies on others, which would just clutter the post further. I feel I narrow the problem fairly well, and one of the potential problems doesn't even rely on looking at my code. - DougTheDruid
Most of us are not familiar with Cheat Engine or how it provides you these offsets or what they are supposed to mean. Just doing math on the hexidecimal seems to confirm your math (and I assume your code does this) but this seems less a Java/JNA question as a question about interpreting Cheat Engine's output. So please provide more detail in your question about how and why Cheat Engine gives the results it does, with links to documentation or another SO post showing where you're getting these offsets. - Daniel Widdis
I added a bit of information to the post, hopefully that helpful. It is a bit of a Cheat Engine question, I will post it over on their forums as well and maybe someone will be able to help. - DougTheDruid
Solved this, explanation below - DougTheDruid

1 Answers

0
votes

Both my code to calculate the base address of the program as well as the logic to find the dynamic address were off. My code will be updated on GitHub shortly for anyone also looking to do this.

In regard to my logic:

Cheat Engine will provide you a pointer such a "Game.exe"+016F572C and you will have an offset of 1D4 for example. "Game.exe" is effectively the base address. In my situation, "Game.exe" is found using the getBaseAddress method. Then what you must do is ADD "016F572C" (or whatever your number happens to be) to your base address, the result of which I will call X. Now, read the memory located at X and you will receive Y (read as 4 byte for 32bit applications, 8 byte for 64 bit). If you have only one offset, add the offset to Y and your done!

Cheat Engine thread with useful information here