[TMNF]Need Help : What's wrong ?

[larta 1]

Hi,

 

First, i want to know if the addy's of TrackMania are up to date ? ( here : http://forum.ghbsys.net/index.php?showtopic=14714 )

 

I made a small programme in c++ which is supposed to change the addy's value to -100 ( for CP hack ) but it do nothing.

I tried to follow the module given by Kvn'X, in my own way.

The program compile, but nothing ingame.

 

Here is my code :

#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
#include <stdlib.h> 

//Start declaration of adress
#define adressone 0x00ABE2D0 + 0x00400000
#define adresstwo 0x00ABE2D0 + 0x00400000
#define adressthree 0x00AC1908 + 0x00400000
#define adressfour 0x00AC1908 + 0x00400000
#define offone 0x0000032C
#define offtwo 0x00000328
#define offthree 0x0000031C
#define offfour 0x00000318
//end declaration of adress


using namespace std;

void GetProcId( char *ProcId); // Get the process ID

DWORD ProcId = 0;

int main()
{

   char* ProcName = "TmForever.exe"; // The process name


  SetConsoleTitle ("C++ Hack Test"); // Console Title
  int Value1 = -100; // The Value = -100
  int i=0; // Used after
  long RBuff[4]; // Four RBuff because 4 adress
  long fullAdress[4]; // Same Here
  long adress[4] = {adressone, adresstwo, adressthree, adressfour}; // here are the adress. I can only make the addition here
  long off[4] = {offone, offtwo, offthree, offfour}; // here are the Offsets

  GetProcId(ProcName); // Function GetProcId()
  cout << "ProcessID of " << ProcName <<" is " << ProcId <<endl; // Nearly useless

  HANDLE phandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, 0, ProcId); // Creating HANDLE
  if (phandle == INVALID_HANDLE_VALUE) // if ERROR creating HANDLE
       cout <<"Erreur, Acces refuse" <<endl;
  else
       cout <<"Acces au processus accepte" <<endl;


  do {   //Fill the fullAdress[]
      ReadProcessMemory(phandle, (LPVOID)adress[i], (LPVOID)RBuff[i], 4, 0); // Seen on your module
      fullAdress[i] = RBuff[i] + off[i];  // Same
      i++;
  } while (i != 3 ) ;

   cout << (LPVOID)fullAdress[0] << endl; // Just to show what the fullAdress contains
   cout << (LPVOID)fullAdress[1] << endl; // Same
   cout << (LPVOID)fullAdress[2] << endl; // Same
   cout << (LPVOID)fullAdress[3] << endl; // Same
   WriteProcessMemory(phandle, (LPVOID)fullAdress[0], &Value1, sizeof(Value1), 0); // here we write in the processMemory to change the adress value to -100
   WriteProcessMemory(phandle, (LPVOID)fullAdress[1], &Value1, sizeof(Value1), 0); // It looks better with a loop
   WriteProcessMemory(phandle, (LPVOID)fullAdress[2], &Value1, sizeof(Value1), 0);
   WriteProcessMemory(phandle, (LPVOID)fullAdress[3], &Value1, sizeof(Value1), 0);
    system("PAUSE");

    return 0;
}

void GetProcId(char* ProcName) // Here the function to get the Process Id
{
   PROCESSENTRY32   pe32;
   HANDLE         hSnapshot = NULL;

   pe32.dwSize = sizeof( PROCESSENTRY32 );
   hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

   if( Process32First( hSnapshot, &pe32 ) )
   {
       do{
           if( strcmp( pe32.szExeFile, ProcName ) == 0 )
               break;
       }while( Process32Next( hSnapshot, &pe32 ) );
   }

   if( hSnapshot != INVALID_HANDLE_VALUE )
       CloseHandle( hSnapshot );

   ProcId = pe32.th32ProcessID;
}

 

So, what's wrong in this code ?

And why i always get "Acces au processus accepte" ? Even if TM isn't open, it says that it found the processId o_O

 

I can also add that i tried to find checkPoint adress with CE. Then, i changed their value to -100 ( with my small program ) and it worked. But it was only adress, not Pointers.

 

( ps : Here it's a console prog.

The way it works :

- Go in a TM track

- Start. ( DONT PRESS ENTER OR RETURN )

- Lauch My program ( AGAIN, DON'T RESTART THE TRACK )

- Done ( It doesn't work now, as said before, but it worked with only adress )

 

( I am on Vista 32bits )