How calculate "Name.exe"+008DB678

10/24/2017 19:46 edmer#1

Hi again :3 !! ajaja...
now i have other Question :s Searching value to my boy i find this statict adrres in cheat engine "Name"+008DB678 > 0D7D21B0 but.. how calculate this in autoit ??

And other question ...
how go to this all offset using same autoit and NomadMemory
[Only registered and activated users can see links. Click Here To Register...] pliss and ty :3

10/25/2017 03:25 elmarcia#2

Code:

$processName = "Tutorial-i386.exe"
$PID = ProcessExists($processName)
;Base address of Tutorial-i386.exe
$ModuleBaseAddress = _MemoryModuleGetBaseAddress($PID,$processName)
MsgBox(0,"Base address",$ModuleBaseAddress)
$SomeAdress = $ModuleBaseAddress + 0x008DB678

;parameters pid of process
;module name (ex user32.dll)
;From NomadMemory.au3 ->
	Func _MemoryModuleGetBaseAddress($iPID, $sModule)
	If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
	If Not IsString($sModule) Then Return SetError(2, 0, 0)
	Local   $PSAPI = DllOpen("psapi.dll")
	;Get Process Handle

	Local   $hProcess
	Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
	If $iPID > 0 Then
		Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
		If $hProcess[0] Then
			$hProcess = $hProcess[0]
		EndIf
	EndIf
	;EnumProcessModules
	Local   $Modules = DllStructCreate("ptr[1024]")
	Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
	If $aCall[4] > 0 Then
		Local   $iModnum = $aCall[4] / 4
		Local   $aTemp
		For $i = 1 To $iModnum
			$aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
			If $aTemp[3] = $sModule Then
				DllClose($PSAPI)
				Return Ptr(DllStructGetData($Modules, 1, $i))
			EndIf
		Next
	EndIf
	DllClose($PSAPI)
	Return SetError(-1, 0, 0)
EndFunc

10/25/2017 07:23 edmer#3

Bro .. ty .. But .. :/
$ModuleBaseAddress in test give me 0x00400000 and in cheat engine is.. 000004D0
image here :3 !! pliss :c
[Only registered and activated users can see links. Click Here To Register...]

10/25/2017 10:34 florian0#4

4D0 is the process id ... not the module base

You can check the actual module base in "Memory View"

10/25/2017 14:40 edmer#5

and for i calculate this "Name"+008DB678 > 0D7D21B0 whats need?
this [Only registered and activated users can see links. Click Here To Register...]

here change and now is 1E8D5E58 how calculate jaja
no is easy :(

now this [Only registered and activated users can see links. Click Here To Register...]
using the code of elmarcia this give this and cheat engine say this other?? :s

10/25/2017 17:27 florian0#6

You need the module base. Thats what Cheat Engine means by the "Name".

10/25/2017 20:35 edmer#7

ok and is calculate using the code of elmarcia .. But .. same not give the result whats i need ... in this picture the result of Module base + adrres = 1E6B8B38
But the code give 0x00CDB678 :/

10/25/2017 22:48 florian0#8

Because you got a little wrong in understanding what CheatEngine shows in the Dialog.

Code:

Game.exe+008DB678

Will result in "0xCDB678", which is an address. It points to a memory region. And the value it points to is the number CheatEngine shows in the Dialog ("-> 0xVALUE"). In order to resolve your chain of pointers, you need to read the value behind the address from the memory, then add another offset to it and read again. Repeat that until your pointer-chain is complete.

10/26/2017 02:32 edmer#9

All is pretty :3 ty for all !!