[QUESTION] HP Memory Address

Page 2 of 2 1 2
05/16/2009 16:21 clintonselke#16
Maybe this thread is dead now... im not sure xD... anyways, this is how i get the current HP using the function addresses from high6.

PHP Code:
uint32_t CCO2Functions::execute(voidopcodeuint32_t size)
{
    voidremoteMem VirtualAllocEx(hProcess0sizeMEM_COMMITPAGE_EXECUTE_READWRITE);
    if (remoteMem == NULL) { return 0; }
    if (!WriteProcessMemory(hProcessremoteMemopcodesize0)) {
        VirtualFreeEx(hProcessremoteMem0MEM_RELEASE);
        return 0;
    }
    HANDLE hThread CreateRemoteThread(hProcess065536, (LPTHREAD_START_ROUTINE)remoteMem000);
    if (!hThread) {
        VirtualFreeEx(hProcessremoteMem0MEM_RELEASE);
        return 0;
    }
    while (WaitForSingleObject(hThread1000) != WAIT_OBJECT_0) {}
    uint32_t retval;
    GetExitCodeThread(hThread, (DWORD*)&retval);
    VirtualFreeEx(hProcessremoteMem0MEM_RELEASE);
    CloseHandle(hThread);
    return retval;
}

CCO2Functions::CCO2Functions(uint32_t pid)
{
    hProcess OpenProcess(PROCESS_ALL_ACCESSFALSEpid);
}

CCO2Functions::~CCO2Functions()
{
    if (hProcess != INVALID_HANDLE_VALUE) {
        CloseHandle(hProcess);
    }
}

uint32_t CCO2Functions::getHP()
{
    char opcode[] =
    "\x57"                     // PUSH EDI
    "\x56"                     // PUSH ESI
    "\x6A\x01"                 // PUSH 0x01
    "\xB9\xB8\xAB\x5D\x00"     // MOV ECX, 0x005DABB8
    "\xB8\x18\xA5\x4D\x00"     // MOV EAX, 0x004DA518
    "\xFF\xD0"                 // CALL EAX
    "\x5E"                     // POP ESI
    "\x5F"                     // POP EDI
    "\xC3";                    // RET
    return execute((void*)opcodesizeof(opcode));

05/17/2009 07:01 swords#17
@clinton - Does that make the HP static?... If so, could you convert it to AutoIt script please :D.
05/17/2009 15:58 clintonselke#18
Quote:
Originally Posted by swords View Post
@clinton - Does that make the HP static?... If so, could you convert it to AutoIt script please :D.
Yeap it does :D... and converting to AutoIt... U wanna do it?? xD, enough information is available now.

THis is the only extra part u would have to translate into AutoIt using DllCall() function

PHP Code:
while (WaitForSingleObject(hThread1000) != WAIT_OBJECT_0) {} 
uint32_t retval
GetExitCodeThread(hThread, (DWORD*)&retval); 
That there waits until the function ends and gets the return value from it that was in EAX (ur hp value).

I'll convert it to AutoIt later, just feeling lazy atm :p
05/17/2009 18:09 swords#19
Quote:
Originally Posted by clintonselke View Post
Yeap it does :D... and converting to AutoIt... U wanna do it?? xD, enough information is available now.

THis is the only extra part u would have to translate into AutoIt using DllCall() function

PHP Code:
while (WaitForSingleObject(hThread1000) != WAIT_OBJECT_0) {} 
uint32_t retval
GetExitCodeThread(hThread, (DWORD*)&retval); 
That there waits until the function ends and gets the return value from it that was in EAX (ur hp value).

I'll convert it to AutoIt later, just feeling lazy atm :p
Akaka, I don't understand C++, no chance I could convert it lol xD.

Thanks for doing this for me :D. I actually have an auto-potter that can pot at the exact HP you desire, using NO memory work at all, just algorithms... With this, I can make a background potter by sending F keys through ControlSend :D.
Page 2 of 2 1 2