Tsearch tutorial

Discussion in 'Steam Tutorials' started by lolp1, April 13, 2007.

  1. lolp1

    lolp1 Full Member

    Hello,

    Just recently I used T-search for the first time and I was surprised at how easy it was to find some things.

    For this tut, we will be using counterstrike. We will be getting the memory location using Tsearch.

    First of all if you don't have Tsearch, I took the time to upload it here: www.valvesupport.info/tsearch_16b.zip

    Next step will be to actually start Tsearch. You should be at a screen like so:

    [​IMG]


    From here we will start counter strike. Once you have done that, go ahead and alt + tab back out to this window.

    Ok, so we have counter strike loaded, and were ready to go. In Tsearch you should see a huge button called "Open process" go ahead and click that.

    Then select "hl.exe".

    Ok, now you should be looking for this button (right below Open process) [​IMG]

    When you see that button, go ahead and click it. You will now see a few options, let me explain what they mean. (By quoting from another site, to lazy to type those all out)

    From here, we need to decide what we want to search. In this case we will be searching for the memory location of "life" in counterstrike.

    Go ahead and enter a game in counter strike. (Just make a local server, it will be important for a later step).

    Ok, so now you are in game, you should have '100' life. So our life value is 100, thats what we need to search. This will need to be an exact value.

    Then, the this will only be one byte as well. In the end it should look like so:

    [​IMG]

    Go ahead and click ok. Now you will see alot of results, but thats ok, we are going to lower those results. The first button we orignaly clicked to search (the magnifying glass..) well directly on the right of that is another button, and thats what we will need to use soon.

    Right now, go into counter strike and lose a bit of life. Then click the button I mentioned above ("search next") It will bring up a search box just like before, just fill in all the same as before, except this time for "Value" put in the value of life you currently have. (After losing some, like I said to above) and go and and click ok.

    This should greatly narrow your results down, repeat that step to lower then down a bit more if you want.

    Now you should be left with something like so:
    [​IMG]


    Thats good, your almost done :) ok, now we will go through each of these and figure out which one is our life memory address.

    Double click the first memory address out of your list. Doing so will 'transfer' that over to the other side of the screen, so it will look like so:

    [​IMG]


    Then, change the value to '100' and check counter strike again, if your life has moved up to 100, you have just found the addres, repeat these steps on down the list untill you find the correct one. (Transfering the addres on the left side to to the other side of the screen, changing the value to 100, checking CS life)

    Evuantly, you will end up with: 1A1BFC8

    Congrats! You've just successfully found the memory address you were looking for in Tsearch. The point of this tut is to tell you how to find these addres in Tsearch, not what to do with them, but I will provide some rought example code and ideas anyways.

    With the memory location of life in counter strike, you could make a 'life bar' in autoit(C++ readprocessmemory is more affective, and more powerfull, but we will use autoit in this case)

    Here is a fully working example code(porrly made by my self in about 10 seconds for this example):

    Code:
    $Process = 'hl.exe' ;-> Target process
    $PID = ProcessExists($Process) ;-> Get Process ID
    $Address = 0x1A1BFC8 ;-> Read/write address
    $Value = 100 ;-> Value to write
    
    
    $OpenProcess = _MemOpen(0x38, False, $PID) ;-> Enable reading/writing to the process and get the handle
    
        $v_Read = _MemRead($OpenProcess, $Address, 1) ;-> Read a 1 byte value from the defined address
       ; MsgBox(0,"Info", "The value of address "&HEX($Address, 8)&" is now: "&$v_Read)
    
    
    	   $button = GUICtrlCreateButton ("Start",75,70,70,20)
    
    
    
    GUICreate("Counter-Strike life",220,100, 100,200)
    $progressbar1 = GUICtrlCreateProgress (10,10,200,20)
    GUICtrlSetColor(-1,32250); not working with Windows XP Style
    
    GUISetState ()
    While 1
    	$v_Read = _MemRead($OpenProcess, $Address, 1)
    	Sleep(10)
       GUICtrlSetData ($progressbar1,$v_read)
       Wend
    _MemClose($OpenProcess)
    
    You would need a memory UDF for this, so I'll provide that to:

    Code:
    Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '')
        Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
        DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
        Local $v_Return = DllStructGetData ($v_Struct, 1)
        $v_Struct=0
        Return $v_Return
    EndFunc ;==> _MemRead()
    
    Func _MemWrite($i_hProcess, $i_lpBaseAddress, $v_Inject, $i_nSize, $v_lpNumberOfBytesRead = '')
        Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
        DllStructSetData ($v_Struct, 1, $v_Inject)
        $i_Call = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
        $v_Struct=0
        Return $i_Call[0]
    EndFunc ;==> _MemWrite()
    
    Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)
        $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
        If @error Then
            SetError(1)
            Return 0
        EndIf
        Return $ai_Handle[0]
    EndFunc ;==> _MemOpen()
    
    Func _MemClose($i_hProcess)
        $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
        Return $av_CloseHandle[0]
    EndFunc ;==> _MemClose()
    
     
  2. Krzywy

    Krzywy Moderator

    nice toturial for game hackers :p
     
  3. Vasuki?

    Vasuki? It Was Me!!!11!1

    nice tut thanks bro
     
  4. daarty

    daarty RTFM jou musst, mmh!

    2 questions:
    1. only works in local game?
    2. vac detected ? (think so *chuckle*)
     
  5. Vasuki?

    Vasuki? It Was Me!!!11!1

    just using tsearch by itself i think it would be detected... and yes local game as the health etc is all server side
     
  6. BlinkY

    BlinkY Pork is not a Verb

    T-search is really good i ifnd and easy to use. along with trainermaker kit =)
     
  7. Vasuki?

    Vasuki? It Was Me!!!11!1

    yeah it is good so is art money and cheat engine
     
  8. lolp1

    lolp1 Full Member

    T-search is safe to use. (Just use it on LAN to get the address.)

    You can use the memory valuables for alot of things. You can get your current amount of bullets (Reload bar) maybe a weapon switch hack to. You can do a no recoil and read the current gun you have in your hand with memory to adjust recoil. The possiblyitys are alot. This tutorial how ever is just to teach you how to use TS, not to teach you to do those things :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice