|
You last visited: Today at 04:52
Advertisement
Clearing concepts
Discussion on Clearing concepts within the AutoIt forum part of the Coders Den category.
11/11/2013, 11:46
|
#16
|
elite*gold: 0 
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Quote:
Originally Posted by berkay2578
let's say your address is nfsw.exe+AA14 and your process is nfsw.exe. That means you need to add 0xAA14 to the base address of the nfsw.exe module which runs under the nfsw.exe process. then you just pass it to the $iv_Address parameter..
Code:
$addr = _MemoryModuleGetBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe") + 0xAA14
;or you can use the function from the _ProcessListFunctions
;~ $base = StringTrimLeft(_ProcessGetModulemBaseAddress(ProcessExists("nfsw.exe"), "nfsw.exe"), 2) ;removes the 0x at the start
;~ $addr = Dec($base) + Dec("AA14")
;MemoryWrite($addr, *), MemoryRead($addr, *) etc..
Edit: just tell me your address/pointer and I'll give you an example. |
Sorry for the late reply. Had school and extra classes.
The client which I wanna hack is ac_client.exe
The address is : 02CA8F90. Offset is : 378.
The second one is : 004DF73C. Offset = F4.
|
|
|
|
11/11/2013, 14:36
|
#17
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,397
|
Code:
#RequireAdmin
#include <NomadMemory.au3>
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
$proc = ProcessExists("ac_client.exe")
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, "ac_client.exe") + 0x2CA8F90
$addr = _MemoryRead($addr, $access) + 0x378
;~ if you found the pointer with CE Pointer Scan, there is a high chance this is a decimal.. but I used it as hex
;~ if it is decimal, use 0x17A
$result = _MemoryRead($addr, $access)
ConsoleWrite("Address: " & Hex($addr, 8) & @CRLF & "Result: " & $result & @CRLF)
_MemoryClose($access)
;~ to write to the pointer just use _MemoryWrite($addr, *) after the pointer is read
|
|
|
|
|
11/11/2013, 20:52
|
#18
|
elite*gold: 0
Join Date: May 2013
Posts: 101
Received Thanks: 42
|
I think you are making things harder than they truly are, berkay.
Why don't you simply do a MemWrite at the specified adress ? If he only wants to write to an adress he found with CE, there is no need for all of this BaseAdress stuff.
(You "only" need the base address if you're using the memory viewer)
|
|
|
|
|
11/11/2013, 22:38
|
#19
|
elite*gold: 280
Join Date: May 2007
Posts: 2,818
Received Thanks: 3,483
|
Quote:
Originally Posted by BUNNY!
Sorry for the late reply. Had school and extra classes.
The client which I wanna hack is ac_client.exe
The address is : 02CA8F90. Offset is : 378.
The second one is : 004DF73C. Offset = F4.
|
could be realised like this:
Code:
Global $kernel32 = DllOpen('kernel32.dll')
Global $process_hwnd = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', ProcessExists('ac_client.exe'))
ConsoleWrite(read(read(0x2CA8F90) + 0x378)&@CRLF)
ConsoleWrite(read(read(0x4DF73C) + 0xF4)&@CRLF)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $process_hwnd[0])
DllClose($kernel32)
Func read($adress, $type = 'dword')
Local $struct = DllStructCreate($type)
DllCall($kernel32, 'int', 'ReadProcessMemory', 'int', $process_hwnd[0], 'int', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
Return DllStructGetData($struct, 1)
EndFunc
|
|
|
|
|
11/12/2013, 05:55
|
#20
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,397
|
Quote:
Originally Posted by davydavekk
I think you are making things harder than they truly are, berkay.
Why don't you simply do a MemWrite at the specified adress ? If he only wants to write to an adress he found with CE, there is no need for all of this BaseAdress stuff.
(You "only" need the base address if you're using the memory viewer)
|
Maybe because they are static addresses and for them to work you need to add the given offset to the base address in order to find *the* address. He didn't mention them just being an address so I thought they were static. So I think I know my fcking way around.
And the thing you wrote, "memory viewer" thing, yea that's the stupidest thing I have ever seen/heard.
|
|
|
|
|
11/13/2013, 03:58
|
#21
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Quote:
Originally Posted by berkay2578
Maybe because they are static addresses and for them to work you need to add the given offset to the base address in order to find *the* address. He didn't mention them just being an address so I thought they were static. So I think I know my fcking way around.
And the thing you wrote, "memory viewer" thing, yea that's the stupidest thing I have ever seen/heard.
|
They are static addresses.
Plus, I followed up your post but it ain't working, i used both the decimal and hex one and still no.
|
|
|
|
|
11/13/2013, 06:05
|
#22
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,397
|
Explain "does not work", post your code.
|
|
|
|
|
11/15/2013, 06:47
|
#23
|
elite*gold: 0
Join Date: Oct 2013
Posts: 12
Received Thanks: 0
|
Code:
#include <NomadMemory.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
$Process = "ac_client.exe"
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Hack",300, 69, 192, 124)
$Checkbox1 = GUICtrlCreateCheckbox("Ammo hack", 24, 8, 97, 17)
$Checkbox2 = GUICtrlCreateCheckbox("HP hack", 24, 32, 97, 17)
$Label1 = GUICtrlCreateLabel("Searching for : Assualt Cube ", 140,8)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Checkbox1
Hack()
Case $Process = ProcessExists("ac_client.exe")
If ProcessExists("ac_client.exe") Then
GUICtrlSetData($Label1,"Assualt Cube found.")
EndIf
EndSwitch
WEnd
Func Hack()
$Data = 7331
$Offset = 0
$Process = "ac_client.exe"
$Address = 0x02CA8F90
$MemoryAccess = _MemoryOpen(ProcessExists($Process))
_MemoryWrite($Address ,$MemoryAccess,$Data,'ptr')
_MemoryPointerWrite ($Address + 0x0F4, $MemoryAccess, $Offset, $Data,'ptr')
_MemoryClose($MemoryAccess)
EndFunc
Code:
#RequireAdmin
#include <NomadMemory.au3>
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
$proc = ProcessExists("ac_client.exe")
$access = _MemoryOpen($proc)
$addr = _MemoryModuleGetBaseAddress($proc, "ac_client.exe") + 0x2CA8F90
$addr = _MemoryRead($addr, $access) + 0x17A
;~ if you found the pointer with CE Pointer Scan, there is a high chance this is a decimal.. but I used it as hex
;~ if it is decimal, use 0x17A
$result = _MemoryRead($addr, $access)
ConsoleWrite("Address: " & Hex($addr, 8) & @CRLF & "Result: " & $result & @CRLF)
_MemoryWrite($addr,$proc,'5000','ptr')
;~ to write to the pointer just use _MemoryWrite($addr, *) after the pointer is read
The result is 0 and the address seems too off, it is 0000017A
Well, nevermind, Berkay2578.
You're gonna get irritated by a single person. It is better just to request a close on this topic.
Thanks for all your help.
#RequestClose.
|
|
|
|
|
11/15/2013, 12:35
|
#24
|
elite*gold: 15
Join Date: Aug 2012
Posts: 3,041
Received Thanks: 6,397
|
You are using the memorypointerwrite wrongly.. not even going to mention that you are trying to write 5000(ptr?) to a process' pid. and you forgot to get the base address, add the offset(in this case 2CA8F90) and then write to it.
Try using $addr1 for holding later addr values.
|
|
|
|
 |
|
Similar Threads
|
basic concepts
05/04/2013 - CO2 PServer Guides & Releases - 4 Replies
i don't really think if i should post this to define some basic concepts AS i think even after that people will still ask dumb questions but ill do it anyway
im so open minded , if you want to rephrase anything , add or remove sentences please commend with what you want to edit for better understanding for others
GM/PM commands : a gm/pm commands or commands in general are just a chat packet with special char (most common @) at the very first that process some data to the source to take...
|
[News] Neue APB Concepts
03/28/2012 - All Points Bulletin - 2 Replies
(auf spoiler klicken und thx nich vergessen ;))
http://www.abload.de/img/menu_loginscreen90kxh.jp g
http://www.abload.de/img/ui3wqk45.jpg
http://www.abload.de/img/map1cjjvc.jpg
http://www.abload.de/img/map2uakjr.jpg
http://www.abload.de/img/ui2v5kcm.jpg
http://www.abload.de/img/ui495jut.jpg
http://www.abload.de/img/ui5qrji0.jpg
|
[CLEARING]
09/14/2010 - Soldier Front Hacks, Bots, Cheats & Exploits - 3 Replies
Clear ko lng ung mga nag comment dun sa Thread ni kua Match*Star
about release.bat and renew.bat kung d nyo mapagana b COz default as Notepad ...
just simply open the "release.bat" then file>save as>release.cmd then save.
same operation to "renew .bat"
open first the release then renew then play,
you can play w/ wallhack without DC
|
Clearing Up Downloads - 16/5/09
05/16/2009 - Soldier Front - 0 Replies
CLOSED!!!
THE SITE IS BLOCKING..
|
All times are GMT +1. The time now is 04:52.
|
|
