AutoIt nested pointer read

[dumbfck]

I know I'm not supposed to post questions in this forum, but I figured that this is the place where the relevant people who might know what I'm talking about are likely to read... And are likely to have come accross the same problem. So, sorry about that :P

Just wondering if anyone knows a cleaner way to read deeply nested pointers in AutoIt? In C# I made a function which can have a variable number of arguments passed to it by using:

Code:

params uint[] p

As one of the arguments....

So, basically, this is the whole function:

Code:

    // Resolves a nested pointer, i.e., [[[[someAddress]+24]+28]+4]
    // To return the data referenced by the pointer (uint only) use 0 as the last param.
    public static uint resolveNestedPointer(IntPtr processHandle, uint firstAddr, params uint[] p)
    {
        uint val = MemReadUInt(processHandle, firstAddr);

        for (int i = 0; i < p.Length - 1; i++)
        {
            val = MemReadUInt(processHandle, val + p[i]);
        }

        return (uint)(val + p[p.Length - 1]);
    }

Which I can call like this:

Code:

uint chatClassPtr = MemFunctions.resolveNestedPointer(pr_processHandle, baseCall, 0x1C, 0x18, 0x8, 0xC4, 0x20, 0);

I can have any amount of nested offsets in that list at the end. Looks much neater than this, don't you agree?

Code:

$pointer = _MemoryRead(_MemoryRead(_MemoryRead(_MemoryRead(_MemoryRead(_MemoryRead(_MemoryRead(_MemoryRead($baseCall, $pHandle) + 0x1C, $pHandle) + 0x18, $pHandle) + 0x8, $pHandle) + 0xC4, $pHandle) + 0x20, $pHandle) + 0x0, $pHandle)

Does anybody have a more elegant solution that I could please "borrow"?

Thanks in advance
dumbfck

P.S., There's a clue in the C# example call code snippet above about something potentially quite exciting that I shall be posting within the next few days

[amineurin]

better use _MemoryPointerRead then _MemoryRead
its in nomadmemory.au3 too

Quote:

;================================================= ================================================
; Function: _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type])
; Description: Reads a chain of pointers and returns an array containing the destination
; address and the data at the address.
; Parameter(s): $iv_Address - The static memory address you want to start at. It must be in
; hex format (0x00000000).
; $ah_Handle - An array containing the Dll handle and the handle of the open
; process as returned by _MemoryOpen().
; $av_Offset - An array of offsets for the pointers. Each pointer must have an
; offset. If there is no offset for a pointer, enter 0 for that
; array dimension.
; $sv_Type - (optional) The "Type" of data you intend to read at the destination
; address. This is set to 'dword'(32bit(4byte) signed integer) by
; default. See the help file for DllStructCreate for all types.
; Requirement(s): The $ah_Handle returned from _MemoryOpen.
; Return Value(s): On Success - Returns an array containing the destination address and the value
; located at the address.
; On Failure - Returns 0
; @Error - 0 = No error.
; 1 = $av_Offset is not an array.
; 2 = Invalid $ah_Handle.
; 3 = $sv_Type is not a string.
; 4 = $sv_Type is an unknown data type.
; 5 = Failed to allocate the memory needed for the DllStructure.
; 6 = Error allocating memory for $sv_Type.
; 7 = Failed to read from the specified process.
; Author(s): Nomad
; Note(s): Values returned are in Decimal format, unless a 'char' type is selected.
; Set $av_Offset like this:
; $av_Offset[0] = NULL (not used)
; $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
; $av_Offset[2] = Offset for pointer 2
; etc...
; (The number of array dimensions determines the number of pointers)
;================================================= ================================================
Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')

If IsArray($av_Offset) Then
If IsArray($ah_Handle) Then
Local $iv_PointerCount = UBound($av_Offset) - 1
Else
SetError(2)
Return 0
EndIf
Else
SetError(1)
Return 0
EndIf

Local $iv_Data[2], $i
Local $v_Buffer = DllStructCreate('dword')

For $i = 0 To $iv_PointerCount

If $i = $iv_PointerCount Then
$v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 2)
Return 0
EndIf

$iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If @error Then
SetError(7)
Return 0
EndIf

$iv_Data[1] = DllStructGetData($v_Buffer, 1)

ElseIf $i = 0 Then
DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If @error Then
SetError(7)
Return 0
EndIf

$iv_Data[1] = DllStructGetData($v_Buffer, 1)

Else
$iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If @error Then
SetError(7)
Return 0
EndIf

$iv_Data[1] = DllStructGetData($v_Buffer, 1)

EndIf

Next

$iv_Data[0] = $iv_Address

Return $iv_Data

EndFunc ;==>_MemoryPointerRead

cheers

[dumbfck]

Thanks amineurin.
I was thinking about doing it with an array kind of like that... Didn't realise the nomadmemory pointer reading function already had the nested stuff!
It's not ideal, but from what I've read, AutoIt doesn't support an undefined number of function arguments, so I guess I'll have to go with this.

Thanks again

Really not enjoying AutoIt so far lol.... I much prefer C# but everyone around here seems to like AutoIt... And I know people are gonna want an AutoIt version of what I'm going to post within the next few days so I'm preparing myself hehe.

[maniack88]

what will u post in next few days :3

[dumbfck]

It's highly confidential / top secret.... lol.
I might even have it finished by tonight actually. You'll find out then ^_^
I think it will be a nice surprise for some people though... I know there have been a few requests for it previously.

[amineurin]

your welcome and im happy i can help you too.
since im a little beginner, i profit alot of people like you here

i know your secret, its a zen generator with a realy invisible keylogger
no, just kidding.

if it has something to do with the chatstuff, maybe a way to remove system messages.
i will wait and shure its worth.

maybe you or interrest07 can then write a tutorial on how to find sendpacket adresses.
i read the thread often now, but i dont get the point
dont want to use it only, better to know how did find it myself.

[Interest07]

Quote:

Originally Posted by amineurin

your welcome and im happy i can help you too.
since im a little beginner, i profit alot of people like you here

i know your secret, its a zen generator with a realy invisible keylogger
no, just kidding.

if it has something to do with the chatstuff, maybe a way to remove system messages.
i will wait and shure its worth.

maybe you or interrest07 can then write a tutorial on how to find sendpacket adresses.
i read the thread often now, but i dont get the point
dont want to use it only, better to know how did find it myself.

what do you mean by sendpacket addresses? do you mean the opcodes of the packets?

I've explained a couple of times how to get those by setting a breakpoint on the sendpacket function.

And naturally I'm curious what dumbfck has in store for us

I personally don't use a function to resolve nested pointers as I tend to form my classes a bit like they are in pwi. So if I'd want to know the typeId of item i in the inventory for example I'd get it by going the player.inventory[i].typeId route. Each class contains the necessary offsets so I'd generally not be chaining large numbers of offsets together in my programs.

[amineurin]

yes, sorry i mean opcode and the struct.
with breakpoint i read, start downloading mhs 6.1 and get lost.
dont understand were the breakpoint is set and how do i get the struct.

i try searching the board for breakpoint and see what i find.
since heres so much new info and my last visits are months ago.
so i read only the sendpacket thread and dumfck chat message.

and what should i say, lots of new info, ideas and now i start programing to much at all *lol*

edit: omg
i read with mhs here:

and with search i found here with olydbg and screens:

and im stupid...u wrote often: breakpoint on sendpacket adress like this 0x659450
im sorry if i nerved, i take a try now and thanks for the infos !

[Interest07]

Quote:

Originally Posted by amineurin

yes, sorry i mean opcode and the struct.
with breakpoint i read, start downloading mhs 6.1 and get lost.
dont understand were the breakpoint is set and how do i get the struct.

i try searching the board for breakpoint and see what i find.
since heres so much new info and my last visits are months ago.
so i read only the sendpacket thread and dumfck chat message.

and what should i say, lots of new info, ideas and now i start programing to much at all *lol*

edit: omg
i read with mhs here:

and with search i found here with olydbg and screens:

and im stupid...u wrote often: breakpoint on sendpacket adress like this 0x659450
im sorry if i nerved, i take a try now and thanks for the infos !

Glad you have found what you are looking for

[dumbfck]

Quote:

Originally Posted by amineurin

i know your secret, its a zen generator with a realy invisible keylogger
no, just kidding.

Damnit! Busted lol

@Interest07 - I'd be quite interesting seeing how you structure your classes in AutoIt if you wouldn't mind sharing?
I'm still an AutoIt noob at the moment... I only really do the bare minimum that is necessary :P

[Interest07]

Quote:

Originally Posted by dumbfck

Damnit! Busted lol

@Interest07 - I'd be quite interesting seeing how you structure your classes in AutoIt if you wouldn't mind sharing?
I'm still an AutoIt noob at the moment... I only really do the bare minimum that is necessary :P

Ohhhh lmao, AutoIt.... erm well, that's not my thing

You could technically use arrays as classes I think, just a slight issue with not being able to add functions to them... AutoIt is just a nightmare for structured programming

[dumbfck]

Quote:

Originally Posted by Interest07

AutoIt is just a nightmare for structured programming

It definitely is lol - I really don't like it much at all. However, most people around here seem to prefer examples in AutoIt.
I just don't get it... C# or VB are actually easier to write code in plus the development environments are free () and the best thing.... Excellent debugging features.
I could list the advantages all day....
Smart code completion / suggestion
On-the-fly error highlighting
Syntax highlighting
More efficient compiled exes
Structured / object oriented code
Massive libraries
Can just do more things with it
Massive technical support all over the internet (Seems to be hard to find AutoIt information for some stuff)
Etc, etc...

And no, I don't work for Microsoft :P ... I just really like C#

[amineurin]

i like autoit, to make qick a bot its ideal for.
no need to make functions like pixelsearch or others.
the only thing i miss is multithreading.

autoit works in a line, so no chance to run 2 or more functions in the background at the same time.
c# or vb might be much better to program, but hey: for a simple bot or other simple tools you can make them such quick.
as not to be a real programmer.

[Interest07]

The thing is, you add more features over time with any program. If you don't have nicely structured code, it will introduce more and more bugs that are increasingly hard to locate.

For simple macros languages like AutoIt are fine, but once you go over a few hundred lines of code it becomes a nightmare

Current line count for my PW project is 8574 lines ( comment / empty line / single brace are not counted)

You definitely want some structure in that. (Spread over 48 files lol)

And of course, yay for multithreading