PEEK&POKE

[faldo]

Since there seems to be more active codes in this section, i wanna ask this in here aswell:

I think a simple function that reads RAM memory offsets/addresses would be a real good addition to AutoIt. The function i need would read the operation code bytes at a specific address and simply set an AutoIt variable with those byte codes.

Maybe even include a "poke" function where you could enter operation codes or ASM code. That way you could make very nice scripts, changeing behaviour of programs on a lower level even if the program is not commandprompt-based.

Example: Start up a program with the "run" function, then steer the functions of the program with memory alternation.

I admit that you would need a pretty advanced knowlege of ASM, but the function itself could be a simple one. I know you can do this with VB or C++ and i've heard that it's fairly simple, but i'm not very good at those languages and hope AutoIt will save me once again from diving too deep into program language (work takes too much time).

Could some developer/coder please just say if it's possible to make a PEEK and POKE function?

If not... is if possible to include some original C++ snippet inside a A3 script?

[Jon]

Since there seems to be more active codes in this section, i wanna ask this in here aswell:

I think a simple function that reads RAM memory offsets/addresses would be a real good addition to AutoIt. The function i need would read the operation code bytes at a specific address and simply set an AutoIt variable with those byte codes.

Maybe even include a "poke" function where you could enter operation codes or ASM code. That way you could make very nice scripts, changeing behaviour of programs on a lower level even if the program is not commandprompt-based.

Example: Start up a program with the "run" function, then steer the functions of the program with memory alternation.

I admit that you would need a pretty advanced knowlege of ASM, but the function itself could be a simple one. I know you can do this with VB or C++ and i've heard that it's fairly simple, but i'm not very good at those languages and hope AutoIt will save me once again from diving too deep into program language (work takes too much time).

Could some developer/coder please just say if it's possible to make a PEEK and POKE function?

If not... is if possible to include some original C++ snippet inside a A3 script?

Have you got an example in VB? I thought that in windows programs loaded into an unpredicatable memory space so I'm not sure how you could know the value to "poke" into?

[faldo]

Have you got an example in VB?  I thought that in windows programs loaded into an unpredicatable memory space so I'm not sure how you could know the value to "poke" into?

<{POST_SNAPBACK}>

If i knew how to do all of this in VB/C++ i would be glad to tell you but i don't.

However, i have the source of a VB compilation where this POKE function is used.

I found this that might help:

Public Function WriteAByte(gamewindowtext As String, address As Long, value As Byte)
    Dim hwnd As Long, pid As Long, phandle As Long, writepmRet As Long
    
    hwnd = FindWindow(vbNullString, gamewindowtext)
    If (hwnd = 0) Then
        WriteAByte = 1 'If cannot find the window, return 1
        Exit Function
    End If
    GetWindowThreadProcessId hwnd, pid
    phandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
    If (phandle = 0) Then
        WriteAByte = 2 'If cannot get process handle, return 2
        Exit Function
    End If
    writepmRet = WriteProcessMemory(phandle, address, value, 1, 0&)
    CloseHandle phandle
    If writepmRet = 0 Then
        WriteAByte = 3
        Exit Function
    End If
    WriteAByte = 0 'Return 0 on success
End Function

I'm not sure what all this does... i'm not even sure if this is the right part of the sourcecode. I'm not very good at VB.

Anyways, i think what you refer to as "unpredicatable memory space" is what is called DMA (Dynamic Memory Allocation) in right terms. And like you say these allocated places are somewhat random. There are many ways of "defeating" DMAs though.

One way is to find its "basepointer" and read from it and then write another value to the DMA.

Another way to beat DMA is to POKE your own ASM code into the memory, overriding the original operations.

I'm willing to teach you all how to change behaviour in a program just by changeing values in the memory, but right now i have somewhat limited tools and would love to be able to include a PEEK and POKE function into A3 :/

*Edited*

If the snippet is not enough for you to get a general idea how it works, i could send you the entire sourcecode by e-mail or something.

Edited November 26, 2004 by faldo

[Jon]

I think I get it. Looks like "address" is an offset into a process memory area.

[faldo]

Right... by POKEing different offsets you get the desired effects in the program...

Is this something that could be included somehow in A3?

Would be great since you could steer all the functions in a program just by changeing memory values and operations, it's like making a command line program out of a GUI based program. And i believe you can see the possibilities of that

Edited November 26, 2004 by faldo

[Mr.Wizard]

You can't just peek at any memory location, the memory is "owned" by a process, so you would first have to get permission from the OS.

First of all you'd need the process ID of the target process, e.g. using the API call GetWindowThreadProcessId. Then you'd use OpenProcess to get permission to access that process' memory space. Then you'd use ReadProcessMemory or WriteProcessMemory to peek or poke. Finally you'd use CloseHandle to let go of the permission you got with OpenProcess.

I really don't know why you would go through all this trouble

[Marc]

I really don't know why you would go through all this trouble

<{POST_SNAPBACK}>

For example, if you want to write a trainer for computer games... making a nice AutoitGui with the cheating options and poking the according values into the game's memory.

I like the idea and would be happy to have this feature in AutoIt

[Mr.Wizard]

It just worries me that people that don't know vb/c++ want to modify the contents of their computers' memory...

Anyway, somehow this doesn't seem in the remit of a scripting language

And would definately qualify it as a virus

[MHz]

Other then hacking games, has this got any valuable use?

[Jon]

Other then hacking games, has this got any valuable use?

I can't think of any. But then AutoIt is used in games. I've seen game specific utils that use the reading of memory addresses to work out when events happen in a game (rather than a PixelSearch type approach). God knows how you actually find out these addresses though.

Meh, maybe.

As for a virus I actually use similar code to that posted above for the StatusBarText functions and some of the more advanced Control... functions too.

[faldo]

It just worries me that people that don't know vb/c++ want to modify the contents of their computers' memory...

Anyway, somehow this doesn't seem in the remit of a scripting language

And would definately qualify it as a virus 

<{POST_SNAPBACK}>

Lol... if you wanna look at it that way, FileInstall can also be looked at as a virus-tool... ...the whole of AutoIT can be used to produce viruses... but that's not really the point.

Not in the rimit of scripting language? I don't know if you've taken a look at the alpha recently... AutoIt left the definition of scripting language when A3 was released... it's SO much more!

Why do you get worried? I'm willing to bet that more than 50% of the people useing AutoIT uses it because they find it easy to write your own .exe WITHOUT knowing VB/C++.

Other then hacking games, has this got any valuable use?

<{POST_SNAPBACK}>

Ofcourse, every single program running in windows uses your RAM to inject Operationcodes that steer the programs actions. If this function could be apart of AutoIT, you can pretty much change every single behavior of a program (within the limit of the programs original function calls) to fit your needs.

Games is a good example, but games use the basic rules of any other program aswell.

Edited November 26, 2004 by faldo

[Mr.Wizard]

Anyway in theory you should be able to do all of that using DllCall

[faldo]

Anyway in theory you should be able to do all of that using DllCall

<{POST_SNAPBACK}>

I bet you could do ALOT useing DLLcalls... it's a good idea... but there arn't many users of AutoIT that knows how to use a DLL file.

Maybe you could explain how to PEEK&POKE with a DLL?

Edited November 26, 2004 by faldo

[Jon]

Anyway in theory you should be able to do all of that using DllCall

I think it is the sort of thing that would be suitable for a utility dll (or plugin when I get those working right) - it's an interesting "thing" that I'd like to play with but I don't think it fits in the core exe.

peekpoke.dll or something with nice and simple wrappers for DllCall. I coded a simple dll framework for this-is-me for use with DevCpp a couple of days ago which I should upload somewhere.

Edit: Or even a generic "gamer" dll that has fast routines for all the stuff gamers want but the rest of us don't use peek/poke would fit right in there.

Edited November 26, 2004 by Jon

[faldo]

I think it is the sort of thing that would be suitable for a utility dll (or plugin when I get those working right) - it's an interesting "thing" that I'd like to play with but I don't think it fits in the core exe.

peekpoke.dll or something with nice and simple wrappers for DllCall.  I coded a simple dll framework for this-is-me for use with DevCpp a couple of days ago which I should upload somewhere.

Edit: Or even a generic "gamer" dll that has fast routines for all the stuff gamers want but the rest of us don't use   peek/poke would fit right in there.

<{POST_SNAPBACK}>

Now that would be AWSOME... get back to me if you need ideas on functions that games would need... i happen to know a few things on making trainers for games. However... i'm stuck with some public tools and i want to develop the trainres further. Also, work keeps me from diving into a programming language and i havn't even decided which one would suit my needs most. Anyways a memory peek&poke function would revolutionise the game-trainer world, that's for sure, since you can make a A3 script reacting on changes in the memory by the game process Edited November 26, 2004 by faldo

[faldo]

I found the sourcecode for a simple trainer for a game, maybe it could spawn some ideas... it's in C language i believe though.

expandcollapse popup

#include <windows.h> 
#include <iostream.h> 
#include <stdio.h> 

int main(int argc, char* argv[]) 
{ 
   long godmode=999;
   long speed=4;
   long address=0; 
   long basepointer=0x0060AA98;
   bool god=false;
   bool spd=false; 
   DWORD read=0;    
   DWORD written=0;
   DWORD gamepid=0; 
   HWND gamehwnd; 
   HANDLE gamehandle; 
   

   cout<<"FairLight Maple Hook\n";
   cout<<"Recoded by phaze \n";
   cout<<"------------------------------\n\n";
   cout<<"Godmode      on/off = F1\n";
   cout<<"attack speed on/off = F2\n\n"; 
   cout<<"Locating Maple Story...\n"; 
   cout.flush(); 

   do { 
      gamehwnd=FindWindow("MapleStoryClass","MapleStory"); 
   } while(gamehwnd==0); 
   cout<<"Maple Story detected in memory!\n"; 
   cout.flush(); 

   GetWindowThreadProcessId(gamehwnd,&gamepid); 
   gamehandle=OpenProcess(PROCESS_ALL_ACCESS,false,ga  mepid); 
    
   if(gamehandle==0) { 
      cout<<"Error: Cannot open process\n"; 
      cout.flush(); 
      getchar(); 
      return -1; 
   } 

   while(1) { 
      if(GetAsyncKeyState(VK_F1)) { 
         if(god==false) 
            god=true; 
         else 
            god=false; 
      } 

      if(GetAsyncKeyState(VK_F2)) { 
         if(spd==false) 
            spd=true; 
         else 
            spd=false; 
      } 

      ReadProcessMemory(gamehandle,(void*)basepointer,&address,sizeof(address),&read); 
      if(read==0) { 
         cout<<"Error: Cannot read from memory\n"; 
         cout.flush(); 
         getchar(); 
         return -1; 
      }
      
      if((god==true)&&(address!=0x0)) { 
         WriteProcessMemory(gamehandle,(void*)(address+0x68  D),&godmode,sizeof(godmode),&written);
         if(written==0) { 
            cout<<"Error: Cannot write to memory\n"; 
            cout.flush(); 
            getchar(); 
            return -1; 
      } 
      
      if((spd==true)&&(address!=0x0)) { 
         WriteProcessMemory(gamehandle,(void*)(address+0xD0  ),&speed,sizeof(speed),&written);          
         if(written==0) { 
            cout<<"Error: Cannot write to memory\n";
            cout.flush(); 
            getchar(); 
            return -1; 
         }
      } 
      cout.flush(); 
      Sleep(100); 
   } 
     } 
   return 0; 
}

[Nutster]

I found the sourcecode for a simple trainer for a game, maybe it could spawn some ideas... it's in C language i believe though.

It is actually an older verions of C++. All the uses of cout is definately C++, but using #include <aaa.h> is indicative of older C++ or C, not the recent C++ versions.

If you want to reverse the value of a boolean, just use !.

if(god==false)
           god=true;
        else
           god=false;

could be written as

god = ! god;

[Jon]

I found the sourcecode for a simple trainer for a game, maybe it could spawn some ideas... it's in C language i believe though.

Cheers. I'd always wondered how peek/poke was done in this day and age. The last time i used a Poke was in my ZX Spectrum days

[Jon]

I don't know if the DLL works properly (I couldn't get it to change anything, but you need to know the right addresses - which I don't). The DLL contains two functions for reading/writing bytes given a process PID (you can get this from the RUN function as shown)

$pid = Run("notepad.exe")

_ProcessWriteByte($pid, 6335173, 0x00)
$byte = _ProcessReadByte($pid, 6335173)


Func _ProcessReadByte($mypid, $myoffset)
   $result = DllCall("gamedll.dll", "int", "ProcessReadByte", "int", $mypid, "long", $myoffset) 
   Return $result[0]
EndFunc

Func _ProcessWriteByte($mypid, $myoffset, $mybyte)
   $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) 
EndFunc

Put the attached dll in the the working directory.

gamedll.dll

[layer]

how do you make .dll's? only c and c++ or.......?