|
You last visited: Today at 16:16
Advertisement
Clearing concepts
Discussion on Clearing concepts within the AutoIt forum part of the Coders Den category.
11/09/2013, 07:05
|
#1
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Clearing concepts
Hello, epvp.
I'm new to programming,actually a bit new, I've programmed in only VB.Net on a very basic level. But I've done enough of it. I picked up AutoIt a while ago and it seemed a bit tempting. I tried to do whatever the tutorials said but they were all spoon feeding tutorials or C&P tutorials.
I just wanna know some things about some commands which are used and re-used in hacking.
Code:
_MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
_MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
_MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
_MemoryClose($ah_Handle)
What are the parameters used for? Normally, In VB.Net I've never used something like this and these parameters look a bit too difficult as I've never been normal with them. Plus, the talk about offsets and pointers,they are irritating as well. All I've done was look at addresses and find their pointers through CE 6.1
It'll be nice if you guys clear them out for me. : D
Your's truly,
BUNNY!
|
|
|
11/09/2013, 10:05
|
#2
|
elite*gold: 50
Join Date: Sep 2012
Posts: 3,841
Received Thanks: 1,462
|
PHP Code:
_MemoryOpen(ProcessExists("process.exe")) _MemoryRead(Address in Process like 0x845F, $MemoryOpen, i.e. DWORD or LONG or Double or Float ....) _MemoryWrite(,, A integer or string or binary or hex value) _MemoryClose($MemoryOpen)
|
|
|
11/09/2013, 12:53
|
#3
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,394
|
Code:
;~ Description: Opens a process and enables all possible access rights to the process.
$MemoryAccess = _MemoryOpen(ProcessExists("processName.exe"))
;~ Description: Reads the value located in the memory address specified.
;~ The $Address, it must be in hex format.
;~ For $Type, see the help file for DllStructCreate.
$ReadValue = _MemoryRead($Address, $MemoryAccessHandle, $Type)
;~ Description: Writes data to the specified memory address.
;~ The $Address, it must be in hex format.
;~ For $Type, see the help file for DllStructCreate.
_MemoryWrite($Address, $MemoryAccessHandle, $Data, $Type)
;~ Description: Closes the process handle opened by using _MemoryOpen().
_MemoryClose($MemoryAccessHandle)
PM me if you need additional help
|
|
|
11/09/2013, 18:16
|
#4
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Thanks a ton, that cleared a lot. But I'm just wondering about the "On"s I keep seeing whenever I look onto a tutorial, what are those? And Char[16]
What are those?
Edit : Plus, how do I use offsets with pointers with offsets, Do I add them? Multiply them or what? = O
Plus, what is that $MemoryAccessHandle, is it same as the $MemoryAcess or something else?
Thanks you two. Due to your grateful explanations, I managed to make a small little hack, I thank you two greatly, Wish I could give you a thousand thanks xD
Code:
#include <NomadMemory.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
$Process = "ac_client.exe"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Hack",300, 69, 192, 124)
$Checkbox1 = GUICtrlCreateCheckbox("Ammo hack", 24, 8, 97, 17)
$Checkbox2 = GUICtrlCreateCheckbox("HP hack", 24, 32, 97, 17)
$Label1 = GUICtrlCreateLabel("Searching for : Assualt Cube ", 140,8)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Checkbox1
Hack()
Case $Checkbox2
Hack2()
Case $Process = ProcessExists("ac_client.exe")
While ProcessExists("ac_client.exe")
GUICtrlSetData($Label1,"Assualt Cube found.")
WEnd
EndSwitch
WEnd
Func Hack()
$Data = 7331
$Process = "ac_client.exe"
$Address = 0x02B793A4
$MemoryAccess = _MemoryOpen(ProcessExists($Process))
_MemoryWrite($Address,$MemoryAccess,$Data,'ptr')
_MemoryClose($MemoryAccess)
EndFunc
Func Hack2()
$Data = 7331
$Process = "ac_client.exe"
$Address = 0x02B7934C
$MemoryAccess = _MemoryOpen(ProcessExists($Process))
_MemoryWrite($Address,$MemoryAccess,$Data,'ptr')
_MemoryClose($MemoryAccess)
EndFunc
But it seems I need to use static addresses. I don't know how to that with Auto It, any ideas?
|
|
|
11/09/2013, 18:35
|
#5
|
elite*gold: 60
Join Date: Aug 2009
Posts: 2,256
Received Thanks: 815
|
Char[16] is an array of the type character with 16 entries.
Char is normally used to store characters as the name is saying.
The size of one char is 1 Byte.
If the address you want to write in has to be in Char[16] then you have to use the type Char[16]. If you use int for example then the MemoryWrite wouldn't be successful.
|
|
|
11/09/2013, 19:16
|
#6
|
elite*gold: 0
Join Date: May 2013
Posts: 101
Received Thanks: 42
|
Quote:
Originally Posted by BUNNY!
Edit : Plus, how do I use offsets with pointers with offsets, Do I add them? Multiply them or what? = O
Plus, what is that $MemoryAccessHandle, is it same as the $MemoryAcess or something else?
|
Write a function that take an array of offset and the base pointer in parameter, and in this function you loop ReadProcessMemory(adress+offset[]).
|
|
|
11/09/2013, 19:28
|
#7
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Quote:
Originally Posted by davydavekk
Write a function that take an array of offset and the base pointer in parameter, and in this function you loop ReadProcessMemory(adress+offset[]).
|
Why is the offset in brackets? I have found the certain offsets of the hacks I want to use. But I don't understand what you're trying to say. Can you show me a small little example?
For example my offsets are 378 for a certain address and F4 for the other, how do i use them now? = O
Make an array for single values?
Quote:
Originally Posted by alpines
Char[16] is an array of the type character with 16 entries.
Char is normally used to store characters as the name is saying.
The size of one char is 1 Byte.
If the address you want to write in has to be in Char[16] then you have to use the type Char[16]. If you use int for example then the MemoryWrite wouldn't be successful.
|
How do I know what to use in my address? Some type of sign or do I just have to keep trying all of them? = O
Normally all addresses are 4 bytes right? So using a normal Int would be fine or not?
|
|
|
11/09/2013, 19:37
|
#8
|
elite*gold: 60
Join Date: Aug 2009
Posts: 2,256
Received Thanks: 815
|
If you want to read out a pointer for example then you have offsets for each Level of the pointer.
Your address is for example 0x2244FF and you have the pointer 40, 1AC, 4F.
The first part you have to do is to create an array containing these offsets the first entry has to be zero.
Code:
Local $aOffsets[4] = [0, 0x40, 0x1AC, 0x4F]
And to use these offsets with that address you could do for example
Code:
Local $sAddress = 0x2244FF, $aOffsets[4] = [0, 0x40, 0x1AC, 0x4F]
;If the address is longer than AutoIt allows in hex than type it as a string e.g. "0x2244FF"
$iPID = ProcessExists("target.exe")
If $PID Then
$hMemory = _MemoryOpen($iPID)
$aValues = _MemoryPointerRead($sAddress, $hMemory, $aOffsets, "dword") ;DWORD = 4 Bytes
_MemoryClose($hMemory)
MsgBox(64, "Value", $aValues[UBound($aValues) - 1])
EndIf
Don't forget to use the last entry of pointer read because the other ones are the value of the mid level pointer.
If a pointer has 3 levels then you only want the latest lvl which contains the value you want to modify/read.
|
|
|
11/09/2013, 19:48
|
#9
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
My first pointer is a level three pointer which is 02CA8F90 and its offset is 378.
So, I put it in as $Offsets[3] = [0x378,0x0,0x0]
And the second one is a single leveled pointer which is 004DF73C and its offset is F4
So, I put it in as $Offsets[1] = [0xF4,0x0]
Or am I wrong?
|
|
|
11/09/2013, 19:58
|
#10
|
elite*gold: 60
Join Date: Aug 2009
Posts: 2,256
Received Thanks: 815
|
I guess you understood it wrong! The first array entry has to be zero the other ones are filled with your offsets
Code:
Local $Offsets[0, 0x0, 0x0, 0x378]
If don't correctly know if you need 3 offsets or 2 offsets for a level three pointer but still the first array is zero and the other ones are filled with your offsets. If the offset for level 1 and 0 is really 0 then I guess it's
Code:
Local $Offsets[0, 0x0, 0x378]
or
Code:
Local $Offsets[0, 0x0, 0x0, 0x378
And not to confuse you. 0 = 0x0 (The 2nd one is written in hex)
|
|
|
11/09/2013, 20:41
|
#11
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,394
|
Quote:
Originally Posted by BUNNY!
But it seems I need to use static addresses. I don't know how to that with Auto It, any ideas?
|
Code:
#RequireAdmin
#include <NomadMemory.au3>
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
$proc = ProcessExists("procN.exe")
$module = "moduleN.exe" ;usually it is same with the process name
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0xADDR ;or Dec("ADDR")
$result = _MemoryRead($addr, $access) + 0x120 ;a simple lvl1 offset
ConsoleWrite($result & @CRLF) ;or Hex($result, 8)
_MemoryClose($access)
This should show you pretty much everything you need..
|
|
|
11/10/2013, 03:18
|
#12
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Quote:
Originally Posted by alpines
I guess you understood it wrong! The first array entry has to be zero the other ones are filled with your offsets
Code:
Local $Offsets[0, 0x0, 0x0, 0x378]
If don't correctly know if you need 3 offsets or 2 offsets for a level three pointer but still the first array is zero and the other ones are filled with your offsets. If the offset for level 1 and 0 is really 0 then I guess it's
Code:
Local $Offsets[0, 0x0, 0x378]
or
Code:
Local $Offsets[0, 0x0, 0x0, 0x378
And not to confuse you. 0 = 0x0 (The 2nd one is written in hex)
|
So, I got that code down and I wrote my offsets but I don't know how to combine them with my Base addresses. Any ideas?
Quote:
Originally Posted by berkay2578
Code:
#RequireAdmin
#include <NomadMemory.au3>
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
$proc = ProcessExists("procN.exe")
$module = "moduleN.exe" ;usually it is same with the process name
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0xADDR ;or Dec("ADDR")
$result = _MemoryRead($addr, $access) + 0x120 ;a simple lvl1 offset
ConsoleWrite($result & @CRLF) ;or Hex($result, 8)
_MemoryClose($access)
This should show you pretty much everything you need..
|
Honestly, I thank you for your contribution but I'm not getting anything related to those DLL calls. > . >
Plus, I'm trying to stay at a basic level so that I can cope up easily.
|
|
|
11/10/2013, 07:56
|
#13
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,394
|
Here's how _MemoryModuleGetBaseAddress works; - Get access to the specified process. [even if it was open before]
- Use EnumProcessModules(see MSDN) to get the module list of the specified process.
- Use GetModuleBaseNameW(see MSDN, supports Unicode) to find the specified module.
- Return the specified module's base address if it was found.
btw, as you know pointers work with reading the memory of the given address [->] add an offset [->] repeat if necessary.. this is exactly what _MemoryRead($addr, $access) + 0x120 does.
Also, this is as basic as it can get.. at least for me.
|
|
|
11/10/2013, 12:34
|
#14
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Well, just wondering, what do I do when I find the address? Write to it again?
EDIT : That might be basic to you but it isn't to me xD
|
|
|
11/10/2013, 12:45
|
#15
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,394
|
let's say your address is nfsw.exe+AA14 and your process is nfsw.exe. That means you need to add 0xAA14 to the base address of the nfsw.exe module which runs under the nfsw.exe process. then you just pass it to the $iv_Address parameter..
Code:
$addr = _MemoryModuleGetBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe") + 0xAA14
;or you can use the function from the _ProcessListFunctions
;~ $base = StringTrimLeft(_ProcessGetModulemBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe"), 2) ;removes the 0x at the start
;~ $addr = Dec($base) + Dec("AA14")
;MemoryWrite($addr, *), MemoryRead($addr, *) etc..
Edit: just tell me your address/pointer and I'll give you an example.
|
|
|
|
|
Similar Threads
|
basic concepts
05/04/2013 - CO2 PServer Guides & Releases - 4 Replies
i don't really think if i should post this to define some basic concepts AS i think even after that people will still ask dumb questions but ill do it anyway
im so open minded , if you want to rephrase anything , add or remove sentences please commend with what you want to edit for better understanding for others
GM/PM commands : a gm/pm commands or commands in general are just a chat packet with special char (most common @) at the very first that process some data to the source to take...
|
[News] Neue APB Concepts
03/28/2012 - All Points Bulletin - 2 Replies
(auf spoiler klicken und thx nich vergessen ;))
http://www.abload.de/img/menu_loginscreen90kxh.jp g
http://www.abload.de/img/ui3wqk45.jpg
http://www.abload.de/img/map1cjjvc.jpg
http://www.abload.de/img/map2uakjr.jpg
http://www.abload.de/img/ui2v5kcm.jpg
http://www.abload.de/img/ui495jut.jpg
http://www.abload.de/img/ui5qrji0.jpg
|
[CLEARING]
09/14/2010 - Soldier Front Hacks, Bots, Cheats & Exploits - 3 Replies
Clear ko lng ung mga nag comment dun sa Thread ni kua Match*Star
about release.bat and renew.bat kung d nyo mapagana b COz default as Notepad ...
just simply open the "release.bat" then file>save as>release.cmd then save.
same operation to "renew .bat"
open first the release then renew then play,
you can play w/ wallhack without DC
|
Clearing Up Downloads - 16/5/09
05/16/2009 - Soldier Front - 0 Replies
CLOSED!!!
THE SITE IS BLOCKING..
|
All times are GMT +2. The time now is 16:16.
|
|