help!

berkay2578 · 10/26/2013, 11:17

@KDeluxe *your* base is exactly the same as the NomadMemory..

anyways;

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("League of Legends.exe")
$module = "League of Legends.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x2A42A00
$result = _MemoryRead($addr, $access, "float")
ConsoleWrite($result & @CRLF)
_MemoryClose($access)

fear-x · 10/26/2013, 12:26

Quote:

Originally Posted by berkay2578

@KDeluxe *your* base is exactly the same as the NomadMemory..

anyways;

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("League of Legends.exe")
$module = "League of Legends.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x2A42A00
$result = _MemoryRead($addr, $access, "float")
ConsoleWrite($result & @CRLF)
_MemoryClose($access)

true lol

KDeluxe · 10/27/2013, 23:11

Quote:

Originally Posted by berkay2578

@KDeluxe *your* base is exactly the same as the NomadMemory..

You can compare the NomadMemory.au3 with my KDMemory.au3. Both are using the same functions from the Kernel32.dll but there are differences. You may be too ignorant to notice it. Don't say it's the same if you don't know it. It's not the same.

berkay2578 · 10/28/2013, 13:40

Quote:

Originally Posted by KDeluxe

You can compare the NomadMemory.au3 with my KDMemory.au3. Both are using the same functions from the Kernel32.dll but there are differences. You may be too ignorant to notice it. Don't say it's the same if you don't know it. It's not the same.

Pardon me? All you did was add pointer support to everything and use MSDN definitions instead of calling a modified one.. which is completely gibberish.

~~DrexonPl2~~ · 11/04/2013, 17:11

and the offset, for example minesweeper.exe + AAA38
offset = 0x120

berkay2578 · 11/05/2013, 16:46

Code:

#RequireAdmin

#include <NomadMemory.au3>

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

$proc = ProcessExists("minesweeper.exe")
$module = "minesweeper.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0xAAA38
$result = _MemoryRead($addr, $access) + 0x120
ConsoleWrite($result & @CRLF) ;or Hex($result, 8)
_MemoryClose($access)

~~DrexonPl2~~ · 11/06/2013, 07:16

and last:
0x0048C212 (type:long)

berkay2578 · 11/06/2013, 17:58

Nope, not doing it. I gave you 2 examples already..

~~DrexonPl2~~ · 11/07/2013, 06:15

not work:

Spoiler

berkay2578 · 11/07/2013, 14:48

Maybe because your code makes absolutely no sense at all?
*sigh*

Code:

$proc = ProcessExists("S4Client.exe")
$module = "S4Client.exe"
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, $module) + 0x48C212
; I have no idea why are you using a while *infinite* loop but to hell with it..
While 1
	ToolTip((_MemoryRead($addr, $access)), 0, 0)
	Sleep(100)
WEnd

Func _Exit()
	_MemoryClose($access)
	Exit
EndFunc

~~DrexonPl2~~ · 11/08/2013, 13:31

address: 0x0048C212

berkay2578 · 11/08/2013, 17:07

Quote:

Originally Posted by DrexonPl2

address: 0x0048C212

you do know that the two 0's at start doesn't matter, right?

alpines · 11/08/2013, 17:09

berkay2578, I don't understand why you're posting every stuff for him that he could do by himself. It doesn't take a lot of time to change that script.
Try to teach people how to do it and don't do it for them. Next time they won't need your help then.

~~DrexonPl2~~ · 11/09/2013, 08:25

but it shows the value of 0 and a good address.

berkay2578 · 11/09/2013, 09:24

Quote:

Originally Posted by alpines

berkay2578, I don't understand why you're posting every stuff for him that he could do by himself. It doesn't take a lot of time to change that script.
Try to teach people how to do it and don't do it for them. Next time they won't need your help then.

I know these kind of people, they don't want to learn they just want the code..