Help with reading memory with offsets from game

mlukac89 · 11/18/2013, 19:37

As title say
I have next problem, i have base pointer + adress for solitaire on windows xp 32 bit

but when i enter it in script it returns me 0, but when i start computer and reload cheat engine it shows exact values from game

here is code

Code:

#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <NomadMemory.au3>

$GUI = GUICreate("Test memory", 230, 57, 344, 300)
$score = GUICtrlCreateLabel("Curent score : ", 10, 6, 70, 17)
$displayScore = GUICtrlCreateLabel("", 80, 6, 98, 17)
$gameRunning = GUICtrlCreateLabel("", 8, 30, 134, 17)
GUISetState(@SW_SHOW)

$PID = ProcessExists("sol.exe")
$address = 0x000A9510 ; adress for score

Dim $offset[2] = [0, 0x30] ; offset

#cs
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>11</ID>
      <Description>"pointerscan result"</Description>
      <Color>80000008</Color>
      <VariableType>4 Bytes</VariableType>
      <Address>"sol.exe"+00007170</Address>
      <Offsets>
        <Offset>30</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
#ce

_checkprocess()

While 1

	_getscore()

	$nMsg = GUIGetMsg()

	Switch $nMsg
		Case $GUI_EVENT_CLOSE
			Exit
	EndSwitch
WEnd

Func _getscore()

	$memOpen = _MemoryOpen($PID)
	$val = _MemoryRead($address, $memOpen, 'dword') ; for this it returns me 16798882
	$val2 = _MemoryPointerRead($address, $memOpen, $offset[1]) ; for this returns me 0

	ConsoleWrite($val & @CRLF & $val2)

	;GUICtrlSetData($displayScore, $val)

	_MemoryClose($memOpen)

EndFunc

Func _checkprocess()
	If $PID = 1 Then
		GUICtrlSetData($gameRunning, "Game is running")
	ElseIf $PID = 0 Then
		GUICtrlSetData($gameRunning, "Game is not running")
	EndIf
EndFunc

alpines · 11/18/2013, 19:40

Because _MemoryPointerRead returns an array where the last entry contains the value you want.

Code:

$aPointerValues = _MemoryPointerRead(...)

MsgBox(64, "", $aPointerValues[UBound($aPointerValues) - 1])

Paraly · 11/18/2013, 19:44

try this

Code:

#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <NomadMemory.au3>

$GUI = GUICreate("Test memory", 230, 57, 344, 300)
$score = GUICtrlCreateLabel("Curent score : ", 10, 6, 70, 17)
$displayScore = GUICtrlCreateLabel("", 80, 6, 98, 17)
$gameRunning = GUICtrlCreateLabel("", 8, 30, 134, 17)
GUISetState(@SW_SHOW)

$PID = ProcessExists("sol.exe")
$address = 0x000A9510 ; adress for score

Dim $offset[1] = [ 0x30] ; offset

#cs
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
  <CheatEntries>
    <CheatEntry>
      <ID>11</ID>
      <Description>"pointerscan result"</Description>
      <Color>80000008</Color>
      <VariableType>4 Bytes</VariableType>
      <Address>"sol.exe"+00007170</Address>
      <Offsets>
        <Offset>30</Offset>
      </Offsets>
    </CheatEntry>
  </CheatEntries>
</CheatTable>
#ce

_checkprocess()

While 1

	_getscore()

	$nMsg = GUIGetMsg()

	Switch $nMsg
		Case $GUI_EVENT_CLOSE
			Exit
	EndSwitch
WEnd

Func _calc_offset()
	$address = 0x000A9510
	$var = 0
	do
		$address = _MemoryRead($address, $memOpen) + $offset[$var]
		$var = $var + 1
	until $var = UBound($offset)
EndFunc

Func _getscore()

	$memOpen = _MemoryOpen($PID)
	_calc_offset()
	$val = _MemoryRead($address, $memOpen, 'dword') ; for this it returns me 16798882
	$val2 = _MemoryPointerRead($address, $memOpen, $offset[1]) ; for this returns me 0

	ConsoleWrite($val & @CRLF & $val2)

	;GUICtrlSetData($displayScore, $val)

	_MemoryClose($memOpen)

EndFunc

Func _checkprocess()
	If $PID = 1 Then
		GUICtrlSetData($gameRunning, "Game is running")
	ElseIf $PID = 0 Then
		GUICtrlSetData($gameRunning, "Game is not running")
	EndIf
EndFunc

mlukac89 · 11/18/2013, 19:45

ah with that code my program just open and close it wont stay opened

maybe i have wrong NomadMemory ?

here it is

Spoiler

Code:

#include-once
#region _Memory
;==================================================================================
; AutoIt Version:   3.1.127 (beta)
; Language:   English
; Platform:   All Windows
; Author:         Nomad
; Requirements:  These functions will only work with beta.
;==================================================================================
; Credits:  wOuter - These functions are based on his original _Mem() functions.
;         But they are easier to comprehend and more reliable.  These
;         functions are in no way a direct copy of his functions.  His
;         functions only provided a foundation from which these evolved.
;==================================================================================
;
; Functions:
;
;==================================================================================
; Function:   _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
; Description:    Opens a process and enables all possible access rights to the
;               process.  The Process ID of the process is used to specify which
;               process to open.  You must call this function before calling
;               _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):  $iv_Pid - The Process ID of the program you want to open.
;               $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which
;                              enables all possible access rights to the
;                              process specified by the Process ID.
;               $iv_InheritHandle - (optional) If this value is TRUE, all processes
;                              created by this process will inherit the access
;                              handle.  Set to 1 (TRUE) by default.  Set to 0
;                              if you want it FALSE.
; Requirement(s):   None.
; Return Value(s):  On Success - Returns an array containing the Dll handle and an
;                         open handle to the specified process.
;               On Failure - Returns 0
;               @Error - 0 = No error.
;                      1 = Invalid $iv_Pid.
;                      2 = Failed to open Kernel32.dll.
;                      3 = Failed to open the specified process.
; Author(s):        Nomad
; Note(s):
;==================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)

    If Not ProcessExists($iv_Pid) Then
        SetError(1)
        Return 0
    EndIf

    Local $ah_Handle[2] = [DllOpen('kernel32.dll')]

    If @Error Then
        SetError(2)
        Return 0
    EndIf

    Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)

    If @Error Then
        DllClose($ah_Handle[0])
        SetError(3)
        Return 0
    EndIf

    $ah_Handle[1] = $av_OpenProcess[0]

    Return $ah_Handle

EndFunc

;==================================================================================
; Function:   _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
; Description:    Reads the value located in the memory address specified.
; Parameter(s):  $iv_Address - The memory address you want to read from. It must
;                          be in hex format (0x00000000).
;               $ah_Handle - An array containing the Dll handle and the handle
;                         of the open process as returned by _MemoryOpen().
;               $sv_Type - (optional) The "Type" of value you intend to read.
;                        This is set to 'dword'(32bit(4byte) signed integer)
;                        by default.  See the help file for DllStructCreate
;                        for all types.  An example: If you want to read a
;                        word that is 15 characters in length, you would use
;                        'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):  On Success - Returns the value located at the specified address.
;               On Failure - Returns 0
;               @Error - 0 = No error.
;                      1 = Invalid $ah_Handle.
;                      2 = $sv_Type was not a string.
;                      3 = $sv_Type is an unknown data type.
;                      4 = Failed to allocate the memory needed for the DllStructure.
;                      5 = Error allocating memory for $sv_Type.
;                      6 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):      Values returned are in Decimal format, unless specified as a
;               'char' type, then they are returned in ASCII format.  Also note
;               that size ('char[size]') for all 'char' types should be 1
;               greater than the actual size.
;==================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    Local $v_Buffer = DllStructCreate($sv_Type)

    If @Error Then
        SetError(@Error + 1)
        Return 0
    EndIf

    DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

    If Not @Error Then
        Local $v_Value = DllStructGetData($v_Buffer, 1)
        Return $v_Value
    Else
        SetError(6)
        Return 0
    EndIf

EndFunc

;==================================================================================
; Function:   _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
; Description:    Writes data to the specified memory address.
; Parameter(s):  $iv_Address - The memory address which you want to write to.
;                          It must be in hex format (0x00000000).
;               $ah_Handle - An array containing the Dll handle and the handle
;                         of the open process as returned by _MemoryOpen().
;               $v_Data - The data to be written.
;               $sv_Type - (optional) The "Type" of value you intend to write.
;                        This is set to 'dword'(32bit(4byte) signed integer)
;                        by default.  See the help file for DllStructCreate
;                        for all types.  An example: If you want to write a
;                        word that is 15 characters in length, you would use
;                        'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):  On Success - Returns 1
;               On Failure - Returns 0
;               @Error - 0 = No error.
;                      1 = Invalid $ah_Handle.
;                      2 = $sv_Type was not a string.
;                      3 = $sv_Type is an unknown data type.
;                      4 = Failed to allocate the memory needed for the DllStructure.
;                      5 = Error allocating memory for $sv_Type.
;                      6 = $v_Data is not in the proper format to be used with the
;                         "Type" selected for $sv_Type, or it is out of range.
;                      7 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):      Values sent must be in Decimal format, unless specified as a
;               'char' type, then they must be in ASCII format.  Also note
;               that size ('char[size]') for all 'char' types should be 1
;               greater than the actual size.
;==================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    Local $v_Buffer = DllStructCreate($sv_Type)

    If @Error Then
        SetError(@Error + 1)
        Return 0
    Else
        DllStructSetData($v_Buffer, 1, $v_Data)
        If @Error Then
            SetError(6)
            Return 0
        EndIf
    EndIf

    DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

    If Not @Error Then
        Return 1
    Else
        SetError(7)
        Return 0
    EndIf

EndFunc

;==================================================================================
; Function:   _MemoryClose($ah_Handle)
; Description:    Closes the process handle opened by using _MemoryOpen().
; Parameter(s):  $ah_Handle - An array containing the Dll handle and the handle
;                         of the open process as returned by _MemoryOpen().
; Return Value(s):  On Success - Returns 1
;               On Failure - Returns 0
;               @Error - 0 = No error.
;                      1 = Invalid $ah_Handle.
;                      2 = Unable to close the process handle.
; Author(s):        Nomad
; Note(s):
;==================================================================================
Func _MemoryClose($ah_Handle)

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
    If Not @Error Then
        DllClose($ah_Handle[0])
        Return 1
    Else
        DllClose($ah_Handle[0])
        SetError(2)
        Return 0
    EndIf

EndFunc

;==================================================================================
; Function:   SetPrivilege( $privilege, $bEnable )
; Description:    Enables (or disables) the $privilege on the current process
;                   (Probably) requires administrator privileges to run
;
; Author(s):        Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.ph...st&p=223999
;==================================================================================

Func SetPrivilege( $privilege, $bEnable )
    Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
    Const $TOKEN_QUERY = 0x0008
    Const $SE_PRIVILEGE_ENABLED = 0x0002
    Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
    $nTokens = 1
    $LUID = DLLStructCreate("dword;int")
    If IsArray($privilege) Then    $nTokens = UBound($privilege)
    $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
    $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
            "int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int*",0)
    If $SP_auxret[0] Then
        $hToken = $SP_auxret[3]
        DLLStructSetData($TOKEN_PRIVILEGES,1,1)
        $nTokenIndex = 1
        While $nTokenIndex <= $nTokens
            If IsArray($privilege) Then
                $priv = $privilege[$nTokenIndex-1]
            Else
                $priv = $privilege
            EndIf
            $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
                    "ptr",DLLStructGetPtr($LUID))
            If $ret[0] Then
                If $bEnable Then
                    DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
                Else
                    DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
                EndIf
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
                DLLStructSetData($LUID,1,0)
                DLLStructSetData($LUID,2,0)
            EndIf
            $nTokenIndex += 1
        WEnd
        $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
                "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
                "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
        $f = DLLCall("kernel32.dll","int","GetLastError")
    EndIf
    $NEWTOKEN_PRIVILEGES=0
    $TOKEN_PRIVILEGES=0
    $LUID=0
    If $SP_auxret[0] = 0 Then Return 0
    $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
    If Not $ret[0] And Not $SP_auxret[0] Then Return 0
    return $ret[0]
EndFunc   ;==>SetPrivilege

;=================================================================================================
; Function:   _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type])
; Description:    Reads a chain of pointers and returns an array containing the destination
;               address and the data at the address.
; Parameter(s):  $iv_Address - The static memory address you want to start at. It must be in
;                          hex format (0x00000000).
;               $ah_Handle - An array containing the Dll handle and the handle of the open
;                         process as returned by _MemoryOpen().
;               $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                         offset.  If there is no offset for a pointer, enter 0 for that
;                         array dimension.
;               $sv_Type - (optional) The "Type" of data you intend to read at the destination
;                         address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                         default.  See the help file for DllStructCreate for all types.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns an array containing the destination address and the value
;                         located at the address.
;               On Failure - Returns 0
;               @Error - 0 = No error.
;                      1 = $av_Offset is not an array.
;                      2 = Invalid $ah_Handle.
;                      3 = $sv_Type is not a string.
;                      4 = $sv_Type is an unknown data type.
;                      5 = Failed to allocate the memory needed for the DllStructure.
;                      6 = Error allocating memory for $sv_Type.
;                      7 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):      Values returned are in Decimal format, unless a 'char' type is selected.
;               Set $av_Offset like this:
;               $av_Offset[0] = NULL (not used)
;               $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;               $av_Offset[2] = Offset for pointer 2
;               etc...
;               (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')

    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf

    Local $iv_Data[2], $i
    Local $v_Buffer = DllStructCreate('dword')

    For $i = 0 To $iv_PointerCount

        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @error Then
                SetError(@error + 2)
                Return 0
            EndIf

            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        Else
            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        EndIf

    Next

    $iv_Data[0] = $iv_Address

    Return $iv_Data

EndFunc   ;==>_MemoryPointerRead



;=================================================================================================
; Function:         _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data[, $sv_Type])
; Description:      Reads a chain of pointers and writes the data to the destination address.
; Parameter(s):     $iv_Address - The static memory address you want to start at. It must be in
;                                 hex format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                   $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                offset.  If there is no offset for a pointer, enter 0 for that
;                                array dimension.
;                   $v_Data - The data to be written.
;                   $sv_Type - (optional) The "Type" of data you intend to write at the destination
;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                default.  See the help file for DllStructCreate for all types.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns the destination address.
;                   On Failure - Returns 0.
;                   @Error - 0 = No error.
;                            1 = $av_Offset is not an array.
;                            2 = Invalid $ah_Handle.
;                            3 = Failed to read from the specified process.
;                            4 = $sv_Type is not a string.
;                            5 = $sv_Type is an unknown data type.
;                            6 = Failed to allocate the memory needed for the DllStructure.
;                            7 = Error allocating memory for $sv_Type.
;                            8 = $v_Data is not in the proper format to be used with the
;                                "Type" selected for $sv_Type, or it is out of range.
;                            9 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):          Data written is in Decimal format, unless a 'char' type is selected.
;                   Set $av_Offset like this:
;                   $av_Offset[0] = NULL (not used, doesn't matter what's entered)
;                   $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                   $av_Offset[2] = Offset for pointer 2
;                   etc...
;                   (The number of array dimensions determines the number of pointers)
;=================================================================================================

Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword')

    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf

    Local $iv_StructData, $i
    Local $v_Buffer = DllStructCreate('dword')

    For $i = 0 to $iv_PointerCount
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @Error Then
                SetError(@Error + 3)
                Return 0
            EndIf

            DllStructSetData($v_Buffer, 1, $v_Data)
            If @Error Then
                SetError(8)
                Return 0
            EndIf

            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(9)
                Return 0
            Else
                Return $iv_Address
            EndIf
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf

            $iv_StructData = DllStructGetData($v_Buffer, 1)

        Else
            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf

            $iv_StructData = DllStructGetData($v_Buffer, 1)

        EndIf
    Next

EndFunc


;===================================================================================================

; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                               process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                       |0 = Hex (Default)
;                       |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                  |1 = Invalid $ah_Handle.
;                  |2 = Failed to find correct allocation address.
;                  |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
;===================================================================================================

Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0)

    Local $iv_Address = 0x00100000
    Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $vData
    Local $vType

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf


    DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))

    If Not @Error Then

        $vData = Hex(DllStructGetData($v_Buffer, 2))
        $vType = Hex(DllStructGetData($v_Buffer, 3))

        While $vType <> "00000080"
            DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
            $vData = Hex(DllStructGetData($v_Buffer, 2))
            $vType = Hex(DllStructGetData($v_Buffer, 3))
            If Hex($iv_Address) = "01000000" Then ExitLoop
            $iv_Address += 65536

        WEnd

        If $vType = "00000080" Then
            SetError(0)
            If $iHexDec = 1 Then
                Return Dec($vData)
            Else
                Return $vData
            EndIf

        Else
            SetError(2)
            Return 0
        EndIf

    Else
        SetError(3)
        Return 0
    EndIf

EndFunc   ;==>_MemoryGetBaseAddress
#EndRegion

i get this error

C:\Documents and Settings\tea\Desktop\solitaire memory hack\test.au3 (65) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$val2 = _MemoryPointerRead($address, $memOpen, $offset[1])
$val2 = _MemoryPointerRead($address, $memOpen, ^ ERROR

alpines · 11/18/2013, 20:07

Because $offset is one size big and you request the 2nd entry.
By the way the first entry has to be zero. So $offsets[2] [0, offset] would be correct.

mlukac89 · 11/18/2013, 20:21

thx for that but i know for arrays and it is like that i fixed it now but im still on 0 result idk what to do anymore

berkay2578 · 11/19/2013, 18:40

It's sol.exe+7170 not 0xA9510..

BladeTiger12 · 11/19/2013, 19:42

Try that:

Include by KDeluxe:

Code:

;#AutoIt3Wrapper_UseX64=y ;For 64Bit Process Memory
#RequireAdmin
#include <KDMemory.au3>

Local $pID, $hHandle, $iBase, $mName, $iStatAddr
Dim $iOffsets[1] = [ 0x30 ]

$iStatAddr = 0x00007170

$mName = "sol.exe"

$pID = ProcessExists($mName)

$hHandle = _KDMemory_OpenProcess($pID)

$iBase = _KDMemory_GetModuleBaseAddress($hHandle, $mName) + $iStatAddr

$iRead = _KDMemory_ReadProcessMemory($hHandle, $iBase, 'DWORD', $iOffsets)

KDeluxe · 11/19/2013, 22:11

Spoiler

mlukac89 · 11/20/2013, 00:08

@BladeTiger12
your code return me FALSE

@KDeluxe
your code give me this error

KDeluxe · 11/20/2013, 13:01

The

call fails, but you need a similar function to get the module address. The address is "sol.exe"+00007170 and not 000A9510. The module address is not static for Solitaire.

mlukac89 · 11/20/2013, 13:56

ok but how do i implement that "sol.exe"+0007170 in script to show me current score ?

KDeluxe · 11/20/2013, 15:07

Quote:

Originally Posted by KDeluxe

Spoiler

But

Quote:

Originally Posted by KDeluxe

The call fails

I can't help you because I don't know what error occurs. Replace the _KDMemory_GetModuleBaseAddress() function in the KDMemory.au3 with

Spoiler

Code:

;=================================================================================================
; Function:			_KDMemory_GetModuleBaseAddress ( $handles, $moduleName [, $caseSensitive [, $unicode]] )
; Author(s):		KDeluxe ( http://www.elitepvpers.com/forum/members/1219971-kdeluxe.html )
;=================================================================================================
Func _KDMemory_GetModuleBaseAddress($handles, $moduleName, $caseSensitive = 0, $unicode = 0)
    Local $psapiDll, $modules, $bytesNeeded, $type, $suffix, $baseName, $callResult, $moduleBaseAddress

    If Not IsArray($handles) Then Return SetError(1, 0, False)
    If StringLen($moduleName) == 0 Then Return SetError(2, 0, False)

    Local $psapiDll = DllOpen('Psapi.dll')
    If $psapiDll == -1 Then Return SetError(3, 0, False)

    $modules = DllStructCreate('ptr[1024]')
    If @error Then Return SetError(@error + 3, 0, False)

    $bytesNeeded = DllStructCreate('DWORD')
    If @error Then Return SetError(@error + 7, 0, False)

    If $unicode <> 1 Then
        $type = 'CHAR'
        $suffix = 'A'
    Else
        $type = 'WCHAR'
        $suffix = 'W'
    EndIf

    $baseName = DllStructCreate($type & '[256]')
    If @error Then Return SetError(@error + 11, 0, False)

    $callResult = DllCall($psapiDll, 'BOOL', 'EnumProcessModules', 'ptr', $handles[1], 'ptr', DllStructGetPtr($modules), 'DWORD', DllStructGetSize($modules), 'ptr', DllStructGetPtr($bytesNeeded))
    If @error Then
        Return SetError(@error + 15, 0, False)
    ElseIf $callResult[0] == 0 Then
        $lastError = DllCall($handles[0], 'DWORD', 'GetLastError')
        Return SetError(21, $lastError[0], False)
    Else
        For $i = 1 To DllStructGetData($bytesNeeded, 1)
            $moduleBaseAddress = DllStructGetData($modules, 1, $i)
            $callResult = DllCall($psapiDll, 'DWORD', 'GetModuleBaseName' & $suffix, 'ptr', $handles[1], 'ptr', $moduleBaseAddress, 'ptr', DllStructGetPtr($baseName), 'DWORD', 255)
            If @error Then
                Return SetError(@error + 21, $i, False)
            ElseIf $callResult[0] == 0 Then
                Return SetError(27, $i, False)
            Else
                If StringCompare(DllStructGetData($baseName, 1), $moduleName, $caseSensitive) == 0 Then
                    DllClose($psapiDll)
                    Return $moduleBaseAddress
                EndIf
            EndIf
        Next
    EndIf

    DllClose($psapiDll)
    Return SetError(28, 0, False)
EndFunc

The MsgBox will show you the error. I need the @error code and the @extended code.

mlukac89 · 11/20/2013, 15:34

I replaced that code you gived me in KDMemory.au3

and now msg box says

Can't get ModuleBaseAdress! @error:21 @extended:6

KDeluxe · 11/20/2013, 16:48

Try it with another access right. Replace

Code:

$handles = _KDMemory_OpenProcess($processId)

with

Code:

$handles = _KDMemory_OpenProcess($processId, 0, 0x001F0FFF)