multi level pointers

[lolkop]

ConsoleWrite(Hex(read($adress))&@crlf)

[fear-x]

Quote:

Originally Posted by lolkop

ConsoleWrite(Hex(read($adress))&@crlf)

Code:

00000000

thats all i get omg :/
wtf is wrong ;//
maybe my MEMORY UDF sucks ?

Code:

ConsoleWrite($Address & @CRLF)

this gives an adress

Code:

Global $Address, $Handle, $Offset
Local $prozessname = "fixedmain.exe"
Local $PID = ProcessExists("fixedmain.exe")
	If $PID > 0 Then
		$Handle = _MemoryOpen($PID)
		$Address = _MemoryModuleGetBaseAddress("" & $PID & "", '' & $prozessname & '')
;~ 		$Address = _WinAPI_ReadProcessMemory($prozessname,
		$Address = "0x" & Hex($Address + Dec("B609D4"))
		Dim $Offset[5]
		$Offset[0] = 0x104
		$Offset[1] = 0x010
		$Offset[2] = 0x108
		$Offset[3] = 0x304
		$Offset[4] = 0x114
	EndIf
	Dim $Read[2]
	$Read[0] = $Address
	$Read[1] = _MemoryPointerRead($Read[0], $Handle, $Offset, "dword")
;~ 	$Read = _MemoryPointerRead($Address, $Handle, $Offset, "dword")
	_MemoryClose($Handle)

thats wat i got

[lolkop]

try using the dlls directly:

Code:

$pid = ProcessExists(<processName>)

$process_hwnd = OpenProcess($pid)
ConsoleWrite($process_hwnd&@CRLF)

$read = ReadProcessMemory($process_hwnd, <adress>)
ConsoleWrite(Hex($read)&@CRLF)

CloseHandle($process_hwnd)

Func OpenProcess($pid)
	Local $mid = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'dword', 0x1F0FFF, 'bool', True, 'dword', $pid)
	Return $mid[0]
EndFunc

Func ReadProcessMemory($process_hwnd, $adress, $type = 'dword')
	Local $struct = DllStructCreate($type)
	DllCall('kernel32.dll', 'bool', 'ReadProcessMemory', 'handle', $process_hwnd, 'ptr', $adress, 'ptr', DllStructGetPtr($struct), 'long', DllStructGetSize($struct), 'int', 0)
	Return DllStructGetData($struct, 1)
EndFunc

Func CloseHandle($hwnd)
	DllCall('kernel32.dll', 'bool', 'CloseHandle', 'hwnd', $hwnd)
EndFunc

[fear-x]

OK .. THIS is FKn annoying
still gives 0 for adress but pid has value of adress...

maybe u know completely different way than this? maybe my memory udf is mesed up ?

[lolkop]

if that returns 0 for your adress, there are only 2 possible reasons.

1. your adress is wrong
2. you do not have the permissions to access the memory of your target.

[fear-x]

well adress cant be wrong its in cheat engine showign a value for the adress...
and um how can i not have permision to access teh memory target? because ive disabled the gameguard anticheat . no security on the game.

[summoner01]

Memory reading is something I've had a hard time with too. I'm on Windows 7 64 bit, and everything I try returns a value of 0 like you. What windows are you on? If your on Windows 7 64bit, then maybe it has something to do with 64 bit vs 32 bit windows.

[K1ramoX]

Try it with SeDebugPrivilege O;

[fear-x]

Quote:

Originally Posted by summoner01

Memory reading is something I've had a hard time with too. I'm on Windows 7 64 bit, and everything I try returns a value of 0 like you. What windows are you on? If your on Windows 7 64bit, then maybe it has something to do with 64 bit vs 32 bit windows.

yes im on win7 64bit too

Quote:

Originally Posted by Applecode

Try it with SeDebugPrivilege O;

how ? what do i add? and most important , where?

[K1ramoX]

Code:

#include <WinAPI.au3>

Func _SeDebug()
	Local $tagluidandattrib = "int64 Luid;dword Attributes"
	Local $count = 1
	Local $tagtokenprivileges = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"
	Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 32, "int*", "")
	Local $htoken = $call[3]
	$call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "")
	Local $iluid = $call[3]
	Local $tp = DllStructCreate($tagtokenprivileges)
	Local $luid = DllStructCreate($tagluidandattrib, DllStructGetPtr($tp, "LUIDandATTRIB"))
	DllStructSetData($tp, "PrivilegeCount", $count)
	DllStructSetData($luid, "Luid", $iluid)
	DllStructSetData($luid, "Attributes", 2)
	$call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $htoken, "int", 0, "ptr", DllStructGetPtr($tp), "dword", 0, "ptr", "", "ptr", "")
EndFunc

[fear-x]

Quote:

Originally Posted by Applecode

Code:

#include <WinAPI.au3>

Func _SeDebug()
	Local $tagluidandattrib = "int64 Luid;dword Attributes"
	Local $count = 1
	Local $tagtokenprivileges = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]"
	Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", _WinAPI_GetCurrentProcess(), "dword", 32, "int*", "")
	Local $htoken = $call[3]
	$call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", "SeDebugPrivilege", "int64*", "")
	Local $iluid = $call[3]
	Local $tp = DllStructCreate($tagtokenprivileges)
	Local $luid = DllStructCreate($tagluidandattrib, DllStructGetPtr($tp, "LUIDandATTRIB"))
	DllStructSetData($tp, "PrivilegeCount", $count)
	DllStructSetData($luid, "Luid", $iluid)
	DllStructSetData($luid, "Attributes", 2)
	$call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $htoken, "int", 0, "ptr", DllStructGetPtr($tp), "dword", 0, "ptr", "", "ptr", "")
EndFunc

i called this func and continue with the last code u gave me.. but still returned 0 for the adress i need but for pid adress it gave value still.

okay i found this. for most people it worked they sayd .but for me it still doesnt work.

Code:

#include <MemoryConstants.au3>
#include <NomadMemory.au3>
SetPrivilege("SeDebugPrivilege", 1)
HotKeySet('{ESC}', '_TerminateLoop')

$pid = ProcessExists("fixedmain.exe") ;Step 8: Multilevel pointers: (PW=525927)

Global $fLoop = True
Global $Offset1[5]
$Offset1[0] = 0 ; Is ALWAYS 0.
$Offset1[1] = Dec("104")
$Offset1[2] = Dec("10")
$Offset1[3] = Dec("108")
$Offset1[4] = Dec("304")

$StaticOffset = Dec("114")

$openmem = _MemoryOpen($pid) ; Open the memory
$baseADDR = _MemoryGetBaseAddress($openmem, 1)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset) ; Creates the final static address you read from.

$Value = _MemoryPointerRead($finalADDR, $openmem, $Offset1)
ConsoleWrite ( "Address = " & $Value[0] & @CRLF & "Value = " & $Value[1] & @CRLF)

; Click change pointer and press Esc before 3 seconds passes away. :)
While $fLoop
    Sleep(10)
WEnd

$Value = _MemoryPointerRead($finalADDR, $openmem, $Offset1)
ConsoleWrite ( "Address = " & $Value[0] & @CRLF & "Value = " & $Value[1] & @CRLF)
;~ _MemoryWrite($Value[0], $openmem, 5000)
_MemoryClose($openmem)
;~ MsgBox(0, "",

Func _TerminateLoop()
    $fLoop = False
EndFunc

;~ <?xml version="1.0"?>
;~ <CheatTable>
;~   <CheatEntries>
;~     <CheatEntry>
;~       <ID>49</ID>
;~       <Description>"Current HP"</Description>
;~       <Color>80000008</Color>
;~       <VariableType>Float</VariableType>
;~       <Address>"fixedmain.exe"+00B609D4</Address>
;~       <Offsets>
;~         <Offset>104</Offset>
;~         <Offset>10</Offset>
;~         <Offset>108</Offset>
;~         <Offset>304</Offset>
;~         <Offset>114</Offset>
;~       </Offsets>
;~     </CheatEntry>
;~   </CheatEntries>
;~ </CheatTable>

[summoner01]

Well, I was able to get memory reading to work. But, not for multi-level pointers, only single pointers. Maybe you guys can figure it out. Also, I was messing around with one address that needed to show some text I type in a chatbox, but it only shows 4 letters that I type, instead of the whole string... not quite sure how to increase that. I'm also trying to convert one of the values into a float value, but not sure on that either. The dllstructure is what I was looking at, but haven't quite understood it yet.

Code:

#include <NomadMemory.au3>

Global $PLAYER_COUNT_POINTER = 0x00794004
Global $PLAYER_COUNT_OFFSET = 0x22028

Func _FindNewAddress(ByRef $P, ByRef $OSet)
   $ID=_MemoryOpen(ProcessExists("TRose.exe"))
   $New_Address=_MemoryRead($P,$ID) +$OSet
   _MemoryClose($ID)
Return $New_Address
EndFunc

Do
   $Client = _MemoryOpen(ProcessExists("TRose.exe"))

   $PLAYER_COUNT_ADDRESS = _FindNewAddress($PLAYER_COUNT_POINTER, $PLAYER_COUNT_OFFSET)
   $PlayerCount = _MemoryRead($PLAYER_COUNT_ADDRESS, $Client)
   _MemoryClose($Client)
Until False

[lolkop]

Quote:

Originally Posted by summoner01

Code:

#include <NomadMemory.au3>

Global $PLAYER_COUNT_POINTER = 0x00794004
Global $PLAYER_COUNT_OFFSET = 0x22028

Func _FindNewAddress(ByRef $P, ByRef $OSet)
   $ID=_MemoryOpen(ProcessExists("TRose.exe"))
   $New_Address=_MemoryRead($P,$ID) +$OSet
   _MemoryClose($ID)
Return $New_Address
EndFunc

Do
   $Client = _MemoryOpen(ProcessExists("TRose.exe"))

   $PLAYER_COUNT_ADDRESS = _FindNewAddress($PLAYER_COUNT_POINTER, $PLAYER_COUNT_OFFSET)
   $PlayerCount = _MemoryRead($PLAYER_COUNT_ADDRESS, $Client)
   _MemoryClose($Client)
Until False

that's a huge amount of totally useless code...

this is how you would do it better:

Code:

$mid = _MemoryOpen(ProcessExists("TRose.exe"))
$playerCount = _MemoryRead(_MemoryRead(0x00794004, $mid) + 0x22028, $mid)
_MemoryClose($mid)

pointers and offsets, allways get used like this:

Code:

read([...]read(read(read(<base>)+<offset_1>)+<offset_2>)[...]+<offset_N>)

[summoner01]

Thanks for the simplified version man.

read(read(read(<base>, mid) +offset1, mid) +offset2, mid)

Works perfect for multi pointers. Then for converting the values, i'll just use dllstruct, or do you have a better way to do that? Say to convert between formats. What I was going for mainly on this was to memory coordinates, so I memory read and used _Lib_Inttofloat() to convert the value to float. Worked perfectly.

[lolkop]

if i was you, i would simplify the memory reading functions for your needs.

f.e.:

Code:

open(ProcessExists("TRose.exe"))
$playerCount = read(read(0x00794004)+0x22028)
close()

Func open($pid)
	Local $mid = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', 0x1F0FFF, 'bool', True, 'int', $pid)
	Assign("processHwnd", $mid[0], 2)
EndFunc

Func read($adress, $type = 'dword')
	Local $struct = DllStructCreate($type)
	DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'hwnd', Eval("processHwnd"), 'ptr', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
	Return DllStructGetData($struct, 1)
EndFunc

Func close()
	DllCall('kernel32.dll', 'bool', 'CloseHandle', 'hwnd', Eval("processHwnd"))
EndFunc