Reading A Proccess Memory.

[w0uter]

this is old code

see the new one in my signature.

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

Mem.au3

Edited February 17, 2006 by w0uter

[FuryCell]

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

<{POST_SNAPBACK}>

Cool. Can't wait till the writing funcs are done.

Nice Job.

Going to try them now.

[layer]

COOOOOOOOOOOOL!!!!!! !!!!

[Knight]

Nice, but I already wrote all my stuff with Outshynd's. Might rewrite it all so I don't have to use the external dll. Thanks

[Ejoc]

neat

[w0uter]

i think DLLstruct/COM/DLLcall took almost all limitations away.

[Knight]

Can I read Floats or Doubles with this?

[w0uter]

i know nothing about memory reading.

all i can do is get the nr. of mines out winmine.exe

but isnt the size parameter for that ?

[FuryCell]

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

<{POST_SNAPBACK}>

I see the writing is complete. Good job.

No more using dlls that have to be fileinstalled to read and write memory.

[w0uter]

This post has been edited by w0uter: Jun 19 2005, 06:22 PM

it was done the same day i posted it.

took you long enuf eh

[rtk217]

i love u man

in my pov this is the only thing left to do in autoit

writing to memory address and reading

thats all i really needed

can u give me some info about the function

what variables should i give the functions and what will the functions return?

Edited September 26, 2005 by rtk217

[rtk217]

ok u must help either something is wrong with my code or something in urs

$pid = WinGetProcess($title)

msgbox(0,"",$pid) ; check, until here i get the real working pid

local $memh = _MemOpen (0x0010 , false , $pid)

local $v_life = _MemRead($memh, 0x80D96C, 4)

msgbox(0,"",$v_life) ; here i get value -40 when i should get 167909048

local $m_life = $v_life + 1184

$m_life = hex($m_life,8)

msgbox(0,"",$m_life) ; here i get zero!

$v_life = _MemRead($memh, $m_life, 4)

$v_life = Dec($v_life)

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

[w0uter]

i know nothing about memory reading.

all i can do is get the nr. of mines out winmine.exe

[rtk217]

ohhh

anyway the scite compiler reoprt 5 errors in your code

so i think u should check that maybe it has something to do with that

[w0uter]

your probly using the au3check STABLE.

the script works correct on au3check BETA.

[Knight]

ok u must help either something is wrong with my code or something in urs

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

you are supposed to add the offset to the pointer address, not what the pointer returns. So the address where life is stored should be at..

$life = 0x80D96C + 0x4A0
$pid = WinGetProcess($title)
$memh = _MemOpen (0x0010 , false , $pid)
$v_life = _MemRead($memh, $life, 4)
msgbox(0,"",$v_life)

That should work, if it doesn't then your offset and/or pointer is wrong.

Edited September 27, 2005 by Knight

[rtk217]

dude all the values that i wrote are right

the life was stored at: A021B58

and the offset is 4a0

found the address with tsearch

then did autohack

i found ecx+4a0

so i did A021B58-4A0

then i convert it to decimal

and searched a memory address with that value

what i got was 80D96c

so i natulraly assume that this is the pointer.

im talking about DMA method for memory address

Edited September 27, 2005 by rtk217

[Knight]

you have to add the offset to the pointer, not to what the pointer returns, that is what I am trying to tell you.

[rtk217]

ok now help me

the pointer is 6F8B6379

+

offset 668 (not hexdecimal)

then i get this address

6F8B6615

i know the value of my HP is on 0100579C

but when i read 6F8B6615 i get value 0

so how do i get from the offset and the pointer to the address i want

[ryeguy]

http://www.gamehacking.com/tutorials/TSearchDMA.php

http://www.gamehacking.com/tutorials/hackdma.php