help!

Page 2 of 2

10/26/2013 11:17 berkay2578#16

@KDeluxe *your* base is exactly the same as the NomadMemory..

anyways;

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("League of Legends.exe")
$module = "League of Legends.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x2A42A00
$result = _MemoryRead($addr, $access, "float")
ConsoleWrite($result & @CRLF)
_MemoryClose($access)

10/26/2013 12:26 fear-x#17

Quote:

Originally Posted by berkay2578

@KDeluxe *your* base is exactly the same as the NomadMemory..

anyways;

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("League of Legends.exe")
$module = "League of Legends.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x2A42A00
$result = _MemoryRead($addr, $access, "float")
ConsoleWrite($result & @CRLF)
_MemoryClose($access)

true lol

10/27/2013 23:11 KDeluxe#18

Quote:

Originally Posted by berkay2578

@KDeluxe *your* base is exactly the same as the NomadMemory..

You can compare the NomadMemory.au3 with my KDMemory.au3. Both are using the same functions from the Kernel32.dll but there are differences. You may be too ignorant to notice it. Don't say it's the same if you don't know it. It's not the same.

10/28/2013 13:40 berkay2578#19

Quote:

Originally Posted by KDeluxe

You can compare the NomadMemory.au3 with my KDMemory.au3. Both are using the same functions from the Kernel32.dll but there are differences. You may be too ignorant to notice it. Don't say it's the same if you don't know it. It's not the same.

Pardon me? All you did was add pointer support to everything and use MSDN definitions instead of calling a modified one.. which is completely gibberish.

11/04/2013 17:11 DrexonPl2#20

and the offset, for example minesweeper.exe + AAA38
offset = 0x120

11/05/2013 16:46 berkay2578#21

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("minesweeper.exe")
$module = "minesweeper.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0xAAA38
$result = _MemoryRead($addr, $access) + 0x120
ConsoleWrite($result & @CRLF) ;or Hex($result, 8)
_MemoryClose($access)

11/06/2013 07:16 DrexonPl2#22

and last:
0x0048C212 (type:long)

11/06/2013 17:58 berkay2578#23

Nope, not doing it. I gave you 2 examples already..

11/07/2013 06:15 DrexonPl2#24

not work:

Spoiler

11/07/2013 14:48 berkay2578#25

Maybe because your code makes absolutely no sense at all?
*sigh*

Code:

$proc = ProcessExists("S4Client.exe")
$module = "S4Client.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x48C212
; I have no idea why are you using a while *infinite* loop but to hell with it..
While 1
	ToolTip((_MemoryRead($addr, $access)), 0, 0)
	Sleep(100)
WEnd

Func _Exit()
	_MemoryClose($access)
	Exit
EndFunc

11/08/2013 13:31 DrexonPl2#26

address: 0x0048C212
:facepalm:

11/08/2013 17:07 berkay2578#27

Quote:

Originally Posted by DrexonPl2

address: 0x0048C212
:facepalm:

you do know that the two 0's at start doesn't matter, right?

11/08/2013 17:09 alpines#28

berkay2578, I don't understand why you're posting every stuff for him that he could do by himself. It doesn't take a lot of time to change that script.
Try to teach people how to do it and don't do it for them. Next time they won't need your help then.

11/09/2013 08:25 DrexonPl2#29

but it shows the value of 0 and a good address.

11/09/2013 09:24 berkay2578#30

Quote:

Originally Posted by alpines

berkay2578, I don't understand why you're posting every stuff for him that he could do by himself. It doesn't take a lot of time to change that script.
Try to teach people how to do it and don't do it for them. Next time they won't need your help then.

I know these kind of people, they don't want to learn they just want the code..

Page 2 of 2