w0uter Posted June 19, 2005 Posted June 19, 2005 (edited) this is old code see the new one in my signature.well after make'ing those ftp functions i decided to pick up my old memory read func'sthey didnt work at that time. but now they do,since the FTP functions gave me a much clearer understanding of DllCall.ty ejoc for DLL structty CodeProject for the examplety Microsoft (eww) for making winmine.exe that helped me throug testing.next up is Writing (shouldt be that hard)[edit] done. new file attached. [/edit]Mem.au3 Edited February 17, 2006 by w0uter My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
FuryCell Posted June 19, 2005 Posted June 19, 2005 well after make'ing those ftp functions i decided to pick up my old memory read func'sthey didnt work at that time. but now they do,since the FTP functions gave me a much clearer understanding of DllCall.ty ejoc for DLL structty CodeProject for the examplety Microsoft (eww) for making winmine.exe that helped me throug testing.next up is Writing (shouldt be that hard)<{POST_SNAPBACK}>Cool. Can't wait till the writing funcs are done.Nice Job.Going to try them now. HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Knight Posted June 20, 2005 Posted June 20, 2005 Nice, but I already wrote all my stuff with Outshynd's. Might rewrite it all so I don't have to use the external dll. Thanks
Ejoc Posted June 20, 2005 Posted June 20, 2005 neat Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
w0uter Posted June 20, 2005 Author Posted June 20, 2005 i think DLLstruct/COM/DLLcall took almost all limitations away. My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
w0uter Posted June 23, 2005 Author Posted June 23, 2005 i know nothing about memory reading. all i can do is get the nr. of mines out winmine.exe but isnt the size parameter for that ? My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
FuryCell Posted July 4, 2005 Posted July 4, 2005 well after make'ing those ftp functions i decided to pick up my old memory read func'sthey didnt work at that time. but now they do,since the FTP functions gave me a much clearer understanding of DllCall.ty ejoc for DLL structty CodeProject for the examplety Microsoft (eww) for making winmine.exe that helped me throug testing.next up is Writing (shouldt be that hard)[edit] done. new file attached. [/edit]<{POST_SNAPBACK}>I see the writing is complete. Good job. No more using dlls that have to be fileinstalled to read and write memory. HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
w0uter Posted July 4, 2005 Author Posted July 4, 2005 This post has been edited by w0uter: Jun 19 2005, 06:22 PMit was done the same day i posted it.took you long enuf eh My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
rtk217 Posted September 26, 2005 Posted September 26, 2005 (edited) i love u man in my pov this is the only thing left to do in autoit writing to memory address and reading thats all i really needed can u give me some info about the function what variables should i give the functions and what will the functions return? Edited September 26, 2005 by rtk217
rtk217 Posted September 26, 2005 Posted September 26, 2005 ok u must help either something is wrong with my code or something in urs$pid = WinGetProcess($title) msgbox(0,"",$pid) ; check, until here i get the real working pid local $memh = _MemOpen (0x0010 , false , $pid) local $v_life = _MemRead($memh, 0x80D96C, 4) msgbox(0,"",$v_life) ; here i get value -40 when i should get 167909048 local $m_life = $v_life + 1184 $m_life = hex($m_life,8) msgbox(0,"",$m_life) ; here i get zero! $v_life = _MemRead($memh, $m_life, 4) $v_life = Dec($v_life)u seethe program is using DMAmeanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.can u help me???pointer address: 80D96cvalue: 167909048Add: 4A0get: A021B58
w0uter Posted September 26, 2005 Author Posted September 26, 2005 i know nothing about memory reading. all i can do is get the nr. of mines out winmine.exe My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
rtk217 Posted September 26, 2005 Posted September 26, 2005 ohhh anyway the scite compiler reoprt 5 errors in your code so i think u should check that maybe it has something to do with that
w0uter Posted September 26, 2005 Author Posted September 26, 2005 your probly using the au3check STABLE. the script works correct on au3check BETA. My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll
Knight Posted September 27, 2005 Posted September 27, 2005 (edited) ok u must help either something is wrong with my code or something in ursu seethe program is using DMAmeanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.can u help me???pointer address: 80D96cvalue: 167909048Add: 4A0get: A021B58you are supposed to add the offset to the pointer address, not what the pointer returns. So the address where life is stored should be at..$life = 0x80D96C + 0x4A0 $pid = WinGetProcess($title) $memh = _MemOpen (0x0010 , false , $pid) $v_life = _MemRead($memh, $life, 4) msgbox(0,"",$v_life)That should work, if it doesn't then your offset and/or pointer is wrong. Edited September 27, 2005 by Knight
rtk217 Posted September 27, 2005 Posted September 27, 2005 (edited) dude all the values that i wrote are right the life was stored at: A021B58 and the offset is 4a0 found the address with tsearch then did autohack i found ecx+4a0 so i did A021B58-4A0 then i convert it to decimal and searched a memory address with that value what i got was 80D96c so i natulraly assume that this is the pointer. im talking about DMA method for memory address Edited September 27, 2005 by rtk217
Knight Posted September 28, 2005 Posted September 28, 2005 you have to add the offset to the pointer, not to what the pointer returns, that is what I am trying to tell you.
rtk217 Posted October 1, 2005 Posted October 1, 2005 ok now help me the pointer is 6F8B6379 + offset 668 (not hexdecimal) then i get this address 6F8B6615 i know the value of my HP is on 0100579C but when i read 6F8B6615 i get value 0 so how do i get from the offset and the pointer to the address i want
ryeguy Posted October 1, 2005 Posted October 1, 2005 http://www.gamehacking.com/tutorials/TSearchDMA.phphttp://www.gamehacking.com/tutorials/hackdma.php
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now