JoshDB Posted February 15, 2006 Posted February 15, 2006 (edited) Well I'd have to restart EQ2, but I tried returning $Array[0], [1], [2], etc. in the first set of tests I did... The offset was wrong then and I haven't returned to it with the new offset yet. It might take 5 mins or so, but want me to? EDIT: It returned -30300 Grrrrr $Process = "EverQuest2.exe" $Pid = ProcessExists($Process) $h_open = _MemOpen($pid) $Read = _MemRead($h_open,0xF4798A,4) MsgBox(0, "Test Box", "TEst: " & $Read[0] & $Read[1] & $Read[2] & $Read[3]) _MemClose($h_open) Edited February 15, 2006 by JoshDB Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
CoderDunn Posted February 15, 2006 Posted February 15, 2006 Well I'd have to restart EQ2, but I tried returning $Array[0], [1], [2], etc. in the first set of tests I did... The offset was wrong then and I haven't returned to it with the new offset yet. It might take 5 mins or so, but want me to? EDIT: It returned -30300 Grrrrr $Process = "EverQuest2.exe" $Pid = ProcessExists($Process) $h_open = _MemOpen($pid) $Read = _MemRead($h_open,0xF4798A,4) MsgBox(0, "Test Box", "TEst: " & $Read[0] & $Read[1] & $Read[2] & $Read[3]) _MemClose($h_open) Grrrrr Yep. Iv'e tried the same thing you did. w0uter please give a simple example of how to read a number. Mem functions is somthing iv'e wanted in AutoIt since I started using it. Thanks, Hallman
JoshDB Posted February 15, 2006 Posted February 15, 2006 I've read the same hex address from two programs, both wielding the same value. So it's something we're doing for sure now Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
CoderDunn Posted February 15, 2006 Posted February 15, 2006 I've read the same hex address from two programs, both wielding the same value. So it's something we're doing for sure now hmm . . . w0uter please give a simple example of how to read a number.
strate Posted February 15, 2006 Posted February 15, 2006 (edited) The arrays never returned anything of value to me, so I removed it all together. I get the result I've been looking for for about 3 months now. Heres a example:#include 'Memory Functions.au3' Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId) $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId) If @error Then SetError(1) Return 0 EndIf Return $ai_Handle[0] EndFunc;==>_MemOpen Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '') Local $v_Struct = DllStructCreate('byte[' & $i_nSize & ']') DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) Local $v_Return = DllStructGetData($v_Struct, 1) $v_Struct = 0 ;~; Comment out; DllStructDelete ($v_Struct) Return $v_Return EndFunc;==>_MemRead Func _MemClose($i_hProcess) $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess) Return $av_CloseHandle[0] EndFunc;==>_MemClose ;|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| $i_pid = WinGetProcess('VMS EB2') $v_Open = _MemOpen($i_pid) $MemRead_results = _MemRead( $v_Open, 0x746041) ConsoleWrite($MemRead_results&@LF) _MemClose($v_Open)Not sure if this will help anyone but the array idea kept me from getting what I wanted. Edited February 15, 2006 by strate INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
JoshDB Posted February 15, 2006 Posted February 15, 2006 <memory functions here> $i_pid = WinGetProcess('EverQuest II (Feb 13 2006 19:03:07) USER OPTIMIZED: SOEBuild=2767L') $v_Open = _MemOpen($i_pid) $MemRead_results = _MemRead( $v_Open, 0xF4798A) MsgBox(0,"Test",$MemRead_results) _MemClose($v_Open) That returns gibberish Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
strate Posted February 15, 2006 Posted February 15, 2006 <memory functions here> $i_pid = WinGetProcess('EverQuest II (Feb 13 2006 19:03:07) USER OPTIMIZED: SOEBuild=2767L') $v_Open = _MemOpen($i_pid) $MemRead_results = _MemRead( $v_Open, 0xF4798A) MsgBox(0,"Test",$MemRead_results) _MemClose($v_Open) That returns gibberish This is a shot in the dark but your title has the time in it, is this static? To be more certain that your getting a good PID try using $i_pid = ProcessExist(Process Name) Just a guess though. INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
JoshDB Posted February 15, 2006 Posted February 15, 2006 Yes, the time is static. That was the time of the latest update. Today is the 15th Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
monji Posted February 16, 2006 Posted February 16, 2006 (edited) hello, if you ask _MemRead to read n bytes, it would return an array of n bytes starting from the address you specified. however, the value you want will actually be stored in the array in reverse order. i.e. if you're expecting a value of 43707 (0xAABB in hex), the array you would get is [0xBB,0xAA,00,00] or [187,170,0,0] in dec. i dunno why it's reversed, i thought at first it was intentionally reversed by the programmer, but i tried reading stuff from other programs and they're all like that. anyway, you can use the _MemRev function to get the reversed hex representation of the array returned by _MemRead. Edited February 16, 2006 by monji
Marc Posted February 16, 2006 Posted February 16, 2006 i dunno why it's reversed, i thought at first it was intentionally reversed by the programmerThe "wrong order" of the bytes is caused by Intel, see Little Endian vs Big Endianbest regards,Marc Any of my own codes posted on the forum are free for use by others without any restriction of any kind. (WTFPL)
JoshDB Posted February 16, 2006 Posted February 16, 2006 (edited) What does all this mean for me? All I want to do is read the hex adress 0xF4798A, type 4 bytes, of the program PID EverQuest2.exe. Cheat Engine lets me do this easily. $Process = "EverQuest2.exe" $Pid = ProcessExists($Process) $h_open = _MemOpen($pid) $Read = _MemRead($h_open,0xF4798A,4) MsgBox(0, "Test Box", "Test: " & $Read[0] & " - " & $Read[1] & " - " & $Read[2] & " - " & $Read[3]) MsgBox(0, "Test Box", "Test: " & _MemRev($Read)) _MemClose($h_open) This results in two messageboxes, one holding -30 - 3 - 0 - 0 (The " - " was for me to see better the seperation of the arrays.) and the other holding 0x000003E2. Neither of these yield anything more then -1 when put through HexToString or StringToHex... EDIT EDIT EDIT: Alright in Cheat Engine I displayed the value as Hexidecimal and it was the same as in the Messagebox... Now to convert it. Edited February 16, 2006 by JoshDB Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
JoshDB Posted February 16, 2006 Posted February 16, 2006 Alright guys - Sorry for double post - I figured it out.#include <String.au3> Func _HexadecimalToDecimal($var) $result = 0 $sum = 0 $power=0 Do $currentDigit = StringRight(_MemRev($var),$power+1) $currentDigit = StringLeft($currentDigit,1) If $currentDigit = "A" Then $currentDigit = 10 ElseIf $currentDigit = "B" Then $currentDigit = 11 ElseIf $currentDigit = "C" Then $currentDigit = 12 ElseIf $currentDigit = "D" Then $currentDigit = 13 ElseIf $currentDigit = "E" Then $currentDigit = 14 ElseIf $currentDigit = "F" Then $currentDigit = 15 EndIf $result=$currentDigit*16^$power $power = $power + 1 $sum = $sum + $result Until $currentDigit = "x" Return $sum EndFunc;==>_HexadecimalToDecimal by joshdbExample:$Process = "EverQuest2.exe" $Pid = ProcessExists($Process) $h_open = _MemOpen($pid) $Read = _MemRead($h_open,0xF4798A,4) MsgBox(0, "Test Box", "Test: " & _HexadecimalToDecimal($Read)) _MemClose($h_open)Big huge thanks to: http://www.permadi.com/tutorial/numHexToDec/Whew... :"> Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
CoderDunn Posted February 17, 2006 Posted February 17, 2006 Now that you have reading done . . . What about writing?
xxd2godxx Posted February 17, 2006 Posted February 17, 2006 I don't understand, is it possible to write to the game memory. For example, use this function to find a byte for Diablo II then write over it, so kind of like HACKING into Diablo?
CoderDunn Posted February 17, 2006 Posted February 17, 2006 (edited) I don't understand, is it possible to write to the game memory. For example, use this function to find a byte for Diablo II then write over it, so kind of like HACKING into Diablo?These functions read and/or edit what a process stores in memory. So, it's kinda like hacking. Anyone have any write functions that work? Edited February 17, 2006 by Hallman
xxd2godxx Posted February 17, 2006 Posted February 17, 2006 This is C++ but is it possible to send packets kind of like this with auto-it? expandcollapse popupGetPlayerID Code: CODEDWORD __declspec(naked) GetPlayerID(VOID) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] MOV ECX,DWORD PTR DS:[EAX+0xC] mov eax, ecx ret } } GetPlayerArea Code: CODEDWORD __declspec(naked) GetPlayerArea(void) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] push eax mov ebx, 0x6FABC0BC call ebx push eax mov ebx, 0x6FABC0B6 call ebx ret } } SendGamePacket Code: CODEvoid SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { DWORD size1 = PacketSize; __asm { mov eax, Packet push Packet mov ebx, size1 mov edx, 0x6FB0DE40 call edx } } GetCurrentLife Code: CODEDWORD __declspec(naked) GetCurrentLife() { __asm { mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } } GetMaxLife Code: CODEDWORD __declspec(naked) GetMaxLife() { __asm mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } GetCurrentMana Code: CODEDWORD __declspec(naked) GetCurrentMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } } GetMaxMana Code: CODEDWORD __declspec(naked) GetMaxMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } GamePrintMessage Code: CODEenum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); void GamePrintMessage(char *Message, BYTE color) { pPrint Print = (pPrint)0x6FAC6780; wchar_t Buffer[256]; MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); Print(Buffer, color); } GetPlayerID Code: CODEDWORD __declspec(naked) GetPlayerID(VOID) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] MOV ECX,DWORD PTR DS:[EAX+0xC] mov eax, ecx ret } } GetPlayerArea Code: CODEDWORD __declspec(naked) GetPlayerArea(void) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] push eax mov ebx, 0x6FABC0BC call ebx push eax mov ebx, 0x6FABC0B6 call ebx ret } } SendGamePacket Code: CODEvoid SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { DWORD size1 = PacketSize; __asm { mov eax, Packet push Packet mov ebx, size1 mov edx, 0x6FB0DE40 call edx } } GetCurrentLife Code: CODEDWORD __declspec(naked) GetCurrentLife() { __asm { mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } } GetMaxLife Code: CODEDWORD __declspec(naked) GetMaxLife() { __asm mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } GetCurrentMana Code: CODEDWORD __declspec(naked) GetCurrentMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } } GetMaxMana Code: CODEDWORD __declspec(naked) GetMaxMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } GamePrintMessage Code: CODEenum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); void GamePrintMessage(char *Message, BYTE color) { pPrint Print = (pPrint)0x6FAC6780; wchar_t Buffer[256]; MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); Print(Buffer, color); }
monji Posted February 17, 2006 Posted February 17, 2006 you don't need that function, you can simply Int() the result of _MemRev to get the decimal representation. Alright guys - Sorry for double post - I figured it out. #include <String.au3> Func _HexadecimalToDecimal($var) $result = 0 $sum = 0 $power=0 Do $currentDigit = StringRight(_MemRev($var),$power+1) $currentDigit = StringLeft($currentDigit,1) If $currentDigit = "A" Then $currentDigit = 10 ElseIf $currentDigit = "B" Then $currentDigit = 11 ElseIf $currentDigit = "C" Then $currentDigit = 12 ElseIf $currentDigit = "D" Then $currentDigit = 13 ElseIf $currentDigit = "E" Then $currentDigit = 14 ElseIf $currentDigit = "F" Then $currentDigit = 15 EndIf $result=$currentDigit*16^$power $power = $power + 1 $sum = $sum + $result Until $currentDigit = "x" Return $sum EndFunc;==>_HexadecimalToDecimal by joshdb Example: $Process = "EverQuest2.exe" $Pid = ProcessExists($Process) $h_open = _MemOpen($pid) $Read = _MemRead($h_open,0xF4798A,4) MsgBox(0, "Test Box", "Test: " & _HexadecimalToDecimal($Read)) _MemClose($h_open) Big huge thanks to: http://www.permadi.com/tutorial/numHexToDec/ Whew... :">
monji Posted February 17, 2006 Posted February 17, 2006 (edited) These functions read and/or edit what a process stores in memory. So, it's kinda like hacking. Anyone have any write functions that work? _MemWrite seems to work okay. you first have to call _MemCreate then pass the result to _MemWrite i tried these last night and i checked with ollydbg, they we're all written properly $hMem = _MemOpen( ProcessExists( 'game.exe' ) ) $len = _MemCreate( 0x04 ) $txt = _MemCreate( 'test' ) _MemWrite( $hMem, 0x109F8788, $len ) _MemWrite( $hMem, 0x109F8794, $txt ) _MemWrite( $hMem, 0x109F9138, $txt ) _MemClose( $hMem ) btw, i re-read the last few pages, you probably wrote the right thing before but read it back incorrectly. try outputting Int( _MemRev( _MemRead(...) ) ) after _MemWrite()ing to see if it really was written. Edited February 17, 2006 by monji
CoderDunn Posted February 17, 2006 Posted February 17, 2006 (edited) _MemWrite seems to work okay. you first have to call _MemCreate then pass the result to _MemWrite i tried these last night and i checked with ollydbg, they we're all written properly $hMem = _MemOpen( ProcessExists( 'game.exe' ) ) $len = _MemCreate( 0x04 ) $txt = _MemCreate( 'test' ) _MemWrite( $hMem, 0x109F8788, $len ) _MemWrite( $hMem, 0x109F8794, $txt ) _MemWrite( $hMem, 0x109F9138, $txt ) _MemClose( $hMem ) btw, i re-read the last few pages, you probably wrote the right thing before but read it back incorrectly. try outputting Int( _MemRev( _MemRead(...) ) ) after _MemWrite()ing to see if it really was written. Do I have to write it as a hex though? I would like to have a GUI Input Ctrl with a number And just do: _MemWrite( $Mem, 0x000000,_MemCreate(GuiCtrlRead($Input1))) How am i supposed to do that? Do I need to convert the number to something first? I'm confused Hallman Edited February 17, 2006 by Hallman
JoshDB Posted February 17, 2006 Posted February 17, 2006 you don't need that function, you can simply Int() the result of _MemRev to get the decimal representation.Aw crap. And I thought I was so smart Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now