Autoit open source need some help

02/14/2016 03:52 jin76#1

Hello,
I am trying to work on an open source autoit bot. My first test is to try to read my characters hp and print it out to a message box. I am trying to use functions that i found laying around these forms and also used cheat engine to get the offest (atleast i think i got the right offest). but I am having a bit of a tough time extracting the hp. Can someone look at the code and tell me if my approach is correct or is my offset wrong? Using cheat engine i can get the green values (i think its a pointer) , for health, i see that its

game.dll + 138B03C , does that mean that 138B03C is the offet? if yes i used it below to try to get the hp , it does not seem to be working.

Code:

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.3.14.1
 Author:         myName

 Script Function:
	Template AutoIt script.

#ce ----------------------------------------------------------------------------

; Script Start - Add your code below here



HotKeySet("{ESC}","Exit1");
HotKeySet("{F1}","test2");


$pid = ProcessExists("AION.bin")

Global $openmem = 0

$openmem = _MemoryOpen($pid)

Func Exit1()
   Exit 1

EndFunc


while 1
   Sleep(250)
WEnd



Func test2()
	MsgBox ( 0, "test", MemReadDLL("138B03C"))
EndFunc



Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local   $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc


Func MemReadDLL($offset)
    $StaticOffset = Dec($offset)
    Global $pid
    Global $CUROffset[1]
    $CUROffset[0] = 0
    $baseADDR = _MemoryModuleGetBaseAddress($pid, "Game.dll")
    $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
    $MemTest = _MemoryRead($finaladdr,$openmem)

    Return $MemTest
EndFunc

Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')

	If Not IsArray($ah_Handle) Then
		SetError(1)
        Return 0
	EndIf

	Local $v_Buffer = DllStructCreate($sv_Type)

	If @Error Then
		SetError(@Error + 1)
		Return 0
	EndIf

	DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

	If Not @Error Then
		Local $v_Value = DllStructGetData($v_Buffer, 1)
		Return $v_Value
	Else
		SetError(6)
        Return 0
	EndIf

EndFunc

Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)

	If Not ProcessExists($iv_Pid) Then
		SetError(1)
        Return 0
	EndIf

	Local $ah_Handle[2] = [DllOpen('kernel32.dll')]

	If @Error Then
        SetError(2)
        Return 0
    EndIf

	Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)

	If @Error Then
        DllClose($ah_Handle[0])
        SetError(3)
        Return 0
    EndIf

	$ah_Handle[1] = $av_OpenProcess[0]

	Return $ah_Handle

EndFunc

any help would be good.

02/14/2016 11:47 Paraly#2

Try this

Spoiler

PHP Code:


			
#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.3.14.1
 Author:         myName

 Script Function:
    Template AutoIt script.

#ce ----------------------------------------------------------------------------

; Script Start - Add your code below here



HotKeySet("{ESC}","Exit1");
HotKeySet("{F1}","test2");


$pid = ProcessExists("AION.bin")

Global $openmem = 0

$openmem = _MemoryOpen($pid)
Global $GameDLL_Base = _MemoryModuleGetBaseAddress($pid, "Game.dll")
Global $Addr_HP = $GameDLL_Base + 0x138B03C


Func Exit1()
   Exit 1

EndFunc


while 1
   Sleep(250)
WEnd



Func test2()
    MsgBox ( 0, "test", _MemoryRead($Addr_HP, $openmem, "DWORD")
EndFunc



Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local   $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

02/14/2016 17:12 jin76#3

Hello,
I used this method however i am still returning a value of 0, this could mean that the offset i have is wrong. Do you have a known offset that I can test this with? I want to understand if my offset is wrong or something with the code.

[Only registered and activated users can see links. Click Here To Register...]

just an update, okay so i took the real address as seen from the image (0x490E56D4) in cheat enigne and dumped it into the memory function to read from the game and print it to my console, that worked wonderfully. However when i use the offset (as you can see i found a green memory address so i think thats going to remain constant?? , Game.dll + 0x13956D4 seems to give me a value of 0.

still wondering why the second one is not working.

thanks

02/14/2016 21:34 Paraly#4

Quote:

Originally Posted by jin76

Hello,
I used this method however i am still returning a value of 0, this could mean that the offset i have is wrong. Do you have a known offset that I can test this with? I want to understand if my offset is wrong or something with the code.

just an update, okay so i took the real address as seen from the image (0x490E56D4) in cheat enigne and dumped it into the memory function to read from the game and print it to my console, that worked wonderfully. However when i use the offset (as you can see i found a green memory address so i think thats going to remain constant?? , Game.dll + 0x13956D4 seems to give me a value of 0.

still wondering why the second one is not working.

thanks

be sure your program uses the same architecture as your client.
example if you're running the 64 bit client run your tool also as 64 bit.

I used 0x138B03C as address cause you posted this address before but at your latest post the address is 0x13956D4, so you should adjust my snipped with the right address

02/15/2016 04:29 jin76#5

Thanks so much paraly, i used your 32bit launching tool,and refound the memory address pointers. This time it worked perfectly. I will now start developing an open source autoit bot hopefully the guys from the community will add on functionality to it.