Clearing concepts

Page 2 of 2 1 2
11/11/2013 11:46 BUNNY!#16
Quote:
Originally Posted by berkay2578 View Post
let's say your address is nfsw.exe+AA14 and your process is nfsw.exe. That means you need to add 0xAA14 to the base address of the nfsw.exe module which runs under the nfsw.exe process. then you just pass it to the $iv_Address parameter..

Code:
$addr = _MemoryModuleGetBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe") + 0xAA14 
;or you can use the function from the _ProcessListFunctions
;~ $base = StringTrimLeft(_ProcessGetModulemBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe"), 2) ;removes the 0x at the start
;~ $addr = Dec($base) + Dec("AA14")
;MemoryWrite($addr, *), MemoryRead($addr, *) etc..
Edit: just tell me your address/pointer and I'll give you an example.
Sorry for the late reply. Had school and extra classes.

The client which I wanna hack is ac_client.exe
The address is : 02CA8F90. Offset is : 378.
The second one is : 004DF73C. Offset = F4.
11/11/2013 14:36 berkay2578#17
Code:
#RequireAdmin
#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
EndFunc

$proc = ProcessExists("ac_client.exe")
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, "ac_client.exe") + 0x2CA8F90
$addr = _MemoryRead($addr, $access) + 0x378
;~ if you found the pointer with CE Pointer Scan, there is a high chance this is a decimal.. but I used it as hex
;~ if it is decimal, use 0x17A
$result = _MemoryRead($addr, $access)
ConsoleWrite("Address: " & Hex($addr, 8) & @CRLF & "Result: " & $result & @CRLF)
_MemoryClose($access)
;~ to write to the pointer just use _MemoryWrite($addr, *) after the pointer is read
11/11/2013 20:52 davydavekk#18
I think you are making things harder than they truly are, berkay.

Why don't you simply do a MemWrite at the specified adress ? If he only wants to write to an adress he found with CE, there is no need for all of this BaseAdress stuff.

(You "only" need the base address if you're using the memory viewer)
11/11/2013 22:38 lolkop#19
Quote:
Originally Posted by BUNNY! View Post
Sorry for the late reply. Had school and extra classes.

The client which I wanna hack is ac_client.exe
The address is : 02CA8F90. Offset is : 378.
The second one is : 004DF73C. Offset = F4.
could be realised like this:
Code:
Global $kernel32 = DllOpen('kernel32.dll')
Global $process_hwnd = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', ProcessExists('ac_client.exe'))
ConsoleWrite(read(read(0x2CA8F90) + 0x378)&@CRLF)
ConsoleWrite(read(read(0x4DF73C) + 0xF4)&@CRLF)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $process_hwnd[0])
DllClose($kernel32)

Func read($adress, $type = 'dword')
	Local $struct = DllStructCreate($type)
	DllCall($kernel32, 'int', 'ReadProcessMemory', 'int', $process_hwnd[0], 'int', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
	Return DllStructGetData($struct, 1)
EndFunc
11/12/2013 05:55 berkay2578#20
Quote:
Originally Posted by davydavekk View Post
I think you are making things harder than they truly are, berkay.

Why don't you simply do a MemWrite at the specified adress ? If he only wants to write to an adress he found with CE, there is no need for all of this BaseAdress stuff.

(You "only" need the base address if you're using the memory viewer)
Maybe because they are static addresses and for them to work you need to add the given offset to the base address in order to find *the* address. He didn't mention them just being an address so I thought they were static. So I think I know my fcking way around.

And the thing you wrote, "memory viewer" thing, yea that's the stupidest thing I have ever seen/heard.
11/13/2013 03:58 BUNNY!#21
Quote:
Originally Posted by berkay2578 View Post
Maybe because they are static addresses and for them to work you need to add the given offset to the base address in order to find *the* address. He didn't mention them just being an address so I thought they were static. So I think I know my fcking way around.

And the thing you wrote, "memory viewer" thing, yea that's the stupidest thing I have ever seen/heard.
They are static addresses.
Plus, I followed up your post but it ain't working, i used both the decimal and hex one and still no.
11/13/2013 06:05 berkay2578#22
Explain "does not work", post your code.
11/15/2013 06:47 BUNNY!#23
Code:
#include <NomadMemory.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
$Process = "ac_client.exe"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Hack",300, 69, 192, 124)
$Checkbox1 = GUICtrlCreateCheckbox("Ammo hack", 24, 8, 97, 17)
$Checkbox2 = GUICtrlCreateCheckbox("HP hack", 24, 32, 97, 17)
$Label1 = GUICtrlCreateLabel("Searching for : Assualt Cube ", 140,8)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
	$nMsg = GUIGetMsg()
	Switch $nMsg
		Case $GUI_EVENT_CLOSE
			Exit
		Case $Checkbox1
			Hack()
		Case $Process = ProcessExists("ac_client.exe")
			If ProcessExists("ac_client.exe") Then
				GUICtrlSetData($Label1,"Assualt Cube found.")
			EndIf

	EndSwitch
WEnd

Func Hack()
	$Data = 7331
	$Offset = 0
	$Process = "ac_client.exe"
	$Address = 0x02CA8F90
	$MemoryAccess = _MemoryOpen(ProcessExists($Process))
	_MemoryWrite($Address ,$MemoryAccess,$Data,'ptr')
	_MemoryPointerWrite ($Address + 0x0F4, $MemoryAccess, $Offset, $Data,'ptr')
	_MemoryClose($MemoryAccess)
EndFunc
Code:
#RequireAdmin
#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
EndFunc

$proc = ProcessExists("ac_client.exe")
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, "ac_client.exe") + 0x2CA8F90
$addr = _MemoryRead($addr, $access) + 0x17A
;~ if you found the pointer with CE Pointer Scan, there is a high chance this is a decimal.. but I used it as hex
;~ if it is decimal, use 0x17A
$result = _MemoryRead($addr, $access)
ConsoleWrite("Address: " & Hex($addr, 8) & @CRLF & "Result: " & $result & @CRLF)
_MemoryWrite($addr,$proc,'5000','ptr')
;~ to write to the pointer just use _MemoryWrite($addr, *) after the pointer is read
The result is 0 and the address seems too off, it is 0000017A
Well, nevermind, Berkay2578.
You're gonna get irritated by a single person. It is better just to request a close on this topic.
Thanks for all your help.
#RequestClose.
11/15/2013 12:35 berkay2578#24
You are using the memorypointerwrite wrongly.. not even going to mention that you are trying to write 5000(ptr?) to a process' pid. and you forgot to get the base address, add the offset(in this case 2CA8F90) and then write to it.

Try using $addr1 for holding later addr values.
Page 2 of 2 1 2