ConsoleWrite(Hex(read($adress))&@crlf)
multi level pointers
04/10/2012 23:36
lolkop#31
04/10/2012 23:40
fear-x#32
Quote:
ConsoleWrite(Hex(read($adress))&@crlf)
Code:
00000000
wtf is wrong ;//
maybe my MEMORY UDF sucks ?
Code:
ConsoleWrite($Address & @CRLF)
Code:
Global $Address, $Handle, $Offset
Local $prozessname = "fixedmain.exe"
Local $PID = ProcessExists("fixedmain.exe")
If $PID > 0 Then
$Handle = _MemoryOpen($PID)
$Address = _MemoryModuleGetBaseAddress("" & $PID & "", '' & $prozessname & '')
;~ $Address = _WinAPI_ReadProcessMemory($prozessname,
$Address = "0x" & Hex($Address + Dec("B609D4"))
Dim $Offset[5]
$Offset[0] = 0x104
$Offset[1] = 0x010
$Offset[2] = 0x108
$Offset[3] = 0x304
$Offset[4] = 0x114
EndIf
Dim $Read[2]
$Read[0] = $Address
$Read[1] = _MemoryPointerRead($Read[0], $Handle, $Offset, "dword")
;~ $Read = _MemoryPointerRead($Address, $Handle, $Offset, "dword")
_MemoryClose($Handle)
04/11/2012 01:02
lolkop#33
try using the dlls directly:
Code:
$pid = ProcessExists(<processName>)
$process_hwnd = OpenProcess($pid)
ConsoleWrite($process_hwnd&@CRLF)
$read = ReadProcessMemory($process_hwnd, <adress>)
ConsoleWrite(Hex($read)&@CRLF)
CloseHandle($process_hwnd)
Func OpenProcess($pid)
Local $mid = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x1F0FFF, 'bool', True, 'dword', $pid)
Return $mid[0]
EndFunc
Func ReadProcessMemory($process_hwnd, $adress, $type = 'dword')
Local $struct = DllStructCreate($type)
DllCall('kernel32.dll', 'bool', 'ReadProcessMemory', 'handle', $process_hwnd, 'ptr', $adress, 'ptr', DllStructGetPtr($struct), 'long', DllStructGetSize($struct), 'int', 0)
Return DllStructGetData($struct, 1)
EndFunc
Func CloseHandle($hwnd)
DllCall('kernel32.dll', 'bool', 'CloseHandle', 'hwnd', $hwnd)
EndFunc
04/11/2012 01:14
fear-x#34
OK .. THIS is FKn annoying :D
still gives 0 for adress but pid has value of adress...
maybe u know completely different way than this? maybe my memory udf is mesed up ?
still gives 0 for adress but pid has value of adress...
maybe u know completely different way than this? maybe my memory udf is mesed up ?
04/11/2012 01:17
lolkop#35
if that returns 0 for your adress, there are only 2 possible reasons.
1. your adress is wrong
2. you do not have the permissions to access the memory of your target.
1. your adress is wrong
2. you do not have the permissions to access the memory of your target.
04/11/2012 01:24
fear-x#36
well adress cant be wrong its in cheat engine showign a value for the adress...
and um how can i not have permision to access teh memory target? because ive disabled the gameguard anticheat . no security on the game.
and um how can i not have permision to access teh memory target? because ive disabled the gameguard anticheat . no security on the game.
04/11/2012 03:03
summoner01#37
Memory reading is something I've had a hard time with too. I'm on Windows 7 64 bit, and everything I try returns a value of 0 like you. What windows are you on? If your on Windows 7 64bit, then maybe it has something to do with 64 bit vs 32 bit windows.
04/11/2012 09:33
K1ramoX#38
Try it with SeDebugPrivilege O;
04/11/2012 13:05
fear-x#39
yes im on win7 64bit tooQuote:
how ? what do i add? and most important , where? :DQuote:
04/11/2012 13:10
K1ramoX#40
Code:
#include <WinAPI.au3>
Func _SeDebug()
Local $tagluidandattrib = "int64 Luid;dword Attributes"
Local $count = 1
Local $tagtokenprivileges = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"
Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 32, "int*", "")
Local $htoken = $call[3]
$call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "")
Local $iluid = $call[3]
Local $tp = DllStructCreate($tagtokenprivileges)
Local $luid = DllStructCreate($tagluidandattrib, DllStructGetPtr($tp, "LUIDandATTRIB"))
DllStructSetData($tp, "PrivilegeCount", $count)
DllStructSetData($luid, "Luid", $iluid)
DllStructSetData($luid, "Attributes", 2)
$call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $htoken, "int", 0, "ptr", DllStructGetPtr($tp), "dword", 0, "ptr", "", "ptr", "")
EndFunc
04/11/2012 13:28
fear-x#41
i called this func and continue with the last code u gave me.. but still returned 0 for the adress i need but for pid adress it gave value still.Quote:
#include <WinAPI.au3> Func _SeDebug() Local $tagluidandattrib = "int64 Luid;dword Attributes" Local $count = 1 Local $tagtokenprivileges = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 32, "int*", "") Local $htoken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "") Local $iluid = $call[3] Local $tp = DllStructCreate($tagtokenprivileges) Local $luid = DllStructCreate($tagluidandattrib, DllStructGetPtr($tp, "LUIDandATTRIB")) DllStructSetData($tp, "PrivilegeCount", $count) DllStructSetData($luid, "Luid", $iluid) DllStructSetData($luid, "Attributes", 2) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $htoken, "int", 0, "ptr", DllStructGetPtr($tp), "dword", 0, "ptr", "", "ptr", "") EndFunc
okay i found this. for most people it worked they sayd .but for me it still doesnt work.
Code:
#include <MemoryConstants.au3>
#include <NomadMemory.au3>
SetPrivilege("SeDebugPrivilege", 1)
HotKeySet('{ESC}', '_TerminateLoop')
$pid = ProcessExists("fixedmain.exe") ;Step 8: Multilevel pointers: (PW=525927)
Global $fLoop = True
Global $Offset1[5]
$Offset1[0] = 0 ; Is ALWAYS 0.
$Offset1[1] = Dec("104")
$Offset1[2] = Dec("10")
$Offset1[3] = Dec("108")
$Offset1[4] = Dec("304")
$StaticOffset = Dec("114")
$openmem = _MemoryOpen($pid) ; Open the memory
$baseADDR = _MemoryGetBaseAddress($openmem, 1)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset) ; Creates the final static address you read from.
$Value = _MemoryPointerRead($finalADDR, $openmem, $Offset1)
ConsoleWrite ( "Address = " & $Value[0] & @CRLF & "Value = " & $Value[1] & @CRLF)
; Click change pointer and press Esc before 3 seconds passes away. :)
While $fLoop
Sleep(10)
WEnd
$Value = _MemoryPointerRead($finalADDR, $openmem, $Offset1)
ConsoleWrite ( "Address = " & $Value[0] & @CRLF & "Value = " & $Value[1] & @CRLF)
;~ _MemoryWrite($Value[0], $openmem, 5000)
_MemoryClose($openmem)
;~ MsgBox(0, "",
Func _TerminateLoop()
$fLoop = False
EndFunc
;~ <?xml version="1.0"?>
;~ <CheatTable>
;~ <CheatEntries>
;~ <CheatEntry>
;~ <ID>49</ID>
;~ <Description>"Current HP"</Description>
;~ <Color>80000008</Color>
;~ <VariableType>Float</VariableType>
;~ <Address>"fixedmain.exe"+00B609D4</Address>
;~ <Offsets>
;~ <Offset>104</Offset>
;~ <Offset>10</Offset>
;~ <Offset>108</Offset>
;~ <Offset>304</Offset>
;~ <Offset>114</Offset>
;~ </Offsets>
;~ </CheatEntry>
;~ </CheatEntries>
;~ </CheatTable>
04/17/2012 12:14
summoner01#42
Well, I was able to get memory reading to work. But, not for multi-level pointers, only single pointers. Maybe you guys can figure it out. Also, I was messing around with one address that needed to show some text I type in a chatbox, but it only shows 4 letters that I type, instead of the whole string... not quite sure how to increase that. I'm also trying to convert one of the values into a float value, but not sure on that either. The dllstructure is what I was looking at, but haven't quite understood it yet.
Code:
#include <NomadMemory.au3>
Global $PLAYER_COUNT_POINTER = 0x00794004
Global $PLAYER_COUNT_OFFSET = 0x22028
Func _FindNewAddress(ByRef $P, ByRef $OSet)
$ID=_MemoryOpen(ProcessExists("TRose.exe"))
$New_Address=_MemoryRead($P,$ID) +$OSet
_MemoryClose($ID)
Return $New_Address
EndFunc
Do
$Client = _MemoryOpen(ProcessExists("TRose.exe"))
$PLAYER_COUNT_ADDRESS = _FindNewAddress($PLAYER_COUNT_POINTER, $PLAYER_COUNT_OFFSET)
$PlayerCount = _MemoryRead($PLAYER_COUNT_ADDRESS, $Client)
_MemoryClose($Client)
Until False
04/17/2012 12:46
lolkop#43
that's a huge amount of totally useless code...Quote:
#include <NomadMemory.au3> Global $PLAYER_COUNT_POINTER = 0x00794004 Global $PLAYER_COUNT_OFFSET = 0x22028 Func _FindNewAddress(ByRef $P, ByRef $OSet) $ID=_MemoryOpen(ProcessExists("TRose.exe")) $New_Address=_MemoryRead($P,$ID) +$OSet _MemoryClose($ID) Return $New_Address EndFunc Do $Client = _MemoryOpen(ProcessExists("TRose.exe")) $PLAYER_COUNT_ADDRESS = _FindNewAddress($PLAYER_COUNT_POINTER, $PLAYER_COUNT_OFFSET) $PlayerCount = _MemoryRead($PLAYER_COUNT_ADDRESS, $Client) _MemoryClose($Client) Until False
this is how you would do it better:
Code:
$mid = _MemoryOpen(ProcessExists("TRose.exe"))
$playerCount = _MemoryRead(_MemoryRead(0x00794004, $mid) + 0x22028, $mid)
_MemoryClose($mid)
Code:
read([...]read(read(read(<base>)+<offset_1>)+<offset_2>)[...]+<offset_N>)
04/17/2012 13:46
summoner01#44
Thanks for the simplified version man.
read(read(read(<base>, mid) +offset1, mid) +offset2, mid)
Works perfect for multi pointers. Then for converting the values, i'll just use dllstruct, or do you have a better way to do that? Say to convert between formats. What I was going for mainly on this was to memory coordinates, so I memory read and used _Lib_Inttofloat() to convert the value to float. Worked perfectly.
read(read(read(<base>, mid) +offset1, mid) +offset2, mid)
Works perfect for multi pointers. Then for converting the values, i'll just use dllstruct, or do you have a better way to do that? Say to convert between formats. What I was going for mainly on this was to memory coordinates, so I memory read and used _Lib_Inttofloat() to convert the value to float. Worked perfectly.
04/17/2012 13:59
lolkop#45
if i was you, i would simplify the memory reading functions for your needs.
f.e.:
f.e.:
Code:
open(ProcessExists("TRose.exe"))
$playerCount = read(read(0x00794004)+0x22028)
close()
Func open($pid)
Local $mid = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', 0x1F0FFF, 'bool', True, 'int', $pid)
Assign("processHwnd", $mid[0], 2)
EndFunc
Func read($adress, $type = 'dword')
Local $struct = DllStructCreate($type)
DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'hwnd', Eval("processHwnd"), 'ptr', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
Return DllStructGetData($struct, 1)
EndFunc
Func close()
DllCall('kernel32.dll', 'bool', 'CloseHandle', 'hwnd', Eval("processHwnd"))
EndFunc