PEEK&POKE

January 5, 2005

I've been working on a generic dll for different injection methods, use what you can from it Jon. Its an MS C++ object but Im sure you can rearange it to suit your needs. In your cases you are not injection a dll into the process so you can ignore any reference to ModuleName.

bool CJacker::InitializeJacker(char* ModuleName, char* WindowName, HANDLE hModule) {
    strcpy(this->WindowName,WindowName);
    strcpy(this->ModuleName,ModuleName);
    this->hModule = hModule;
    this->WindowHandle = FindWindow(NULL,this->WindowName);
    if (!this->WindowHandle) {
        MessageBox(0,"Cannot Find Game Window","ERROR",0);
        return false;
    }
    GetWindowThreadProcessId(this->WindowHandle,&this->GameProcessID);
    if (!this->GameProcessID){
        MessageBox(0,"Cannot Get Game Process ID","ERROR",0);
        return false;
    }
    this->ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS,true,this->GameProcessID);
    if(!this->ProcessHandle){
            MessageBox(0,"Cannot open Game Process","ERROR",0);
            return false;
    }
    return true;
}


BYTE* CJacker::WriteMemory(DWORD baseAddress,char* buffer) {
    DWORD w;
    DWORD nSize = strlen(buffer)+1;
    BYTE *oCode = ReadMemory(baseAddress,nSize);
    WriteProcessMemory(this->ProcessHandle,(LPVOID)baseAddress,buffer,nSize,&w);
    return oCode;
}
BYTE* CJacker::WriteMemory(DWORD baseAddress,char* buffer,DWORD nSize) {
    DWORD w;
    BYTE *oCode = ReadMemory(baseAddress,nSize);
    WriteProcessMemory(this->ProcessHandle,(LPVOID)baseAddress,buffer,nSize,&w);
    return oCode;
}
BYTE* CJacker::ReadMemory(DWORD baseAddress,DWORD BytesToRead){
    DWORD r;
    BYTE *oCode = (BYTE *) malloc(BytesToRead);
    ReadProcessMemory(this->ProcessHandle,(LPVOID) baseAddress,(LPVOID) oCode,BytesToRead,&r);
    return oCode;
}

There are two writeMemory processes because poking the value "00" caused the string lenght to be incorredt so I added function to force a specific length. Also note that the writeMemory returns the replaced value incase you want to store it and put it back later.

alexischeng · January 11, 2005

Hi,

I saw BCX have peek & poke function,

RetStr$ = PEEK$(Address%, Count%)

POKE(Destination%, Source$, Count%)

Can it be done to gen dll & use dllcall in Au3?

I still can't under what the gamedll.dll do! Can anyone explain it?

faldo · January 11, 2005

Report from the field:

I acctually made my first AutoIT trainer yesterday and it works GREAT!!!!

The trainer was for LOTR:Battle for middle-earth.

Like Stork said there could be a problem with memory cycles since the game.dll only writes to one byte as a time. The problem would be that when the program/game would write to a 4 byte value, game.dll would only have written the first byte in that cycle and crashing the program/game since the bytes got "out of phase".

I was affraid of crashes, but the funny part is that if you do 4 _ProcessWriteByte after eachother they acctually write them in the same cycle, resulting in no crashes

With my trainer i made some 3rd level basepointer hacks and some static address hacks and they all work GREAT!!!

Right now i'm workng on a "trainer template" so that you can define the addresses, offsets and values from within a ini file. I'll keep you guys updated :idiot:

faldo · January 31, 2005

Hello again...

I've now completed a few options in my new trainer template.

As you can see, you can do alot of stuff with the .dll Jon created and i put the dll function inside a loop for some writes. It works for this particular game but i'm sure it will crash some other games since the function can only write 1 byte at a time ( a normal operation uses 4 bytes).

I know the script is very badly written and i suck at arrays (which would prolly make the script ALOT smaller). But it's my first "advanced" script, so bare with me.

If anyone feels like adding to this lil project by helping me with arrays, please feel free to do so :lmao:

Thanx again Jon for the awsome dll. It made everything so easy now that i can use A3 to make a trainer. I know you don't have alot of time to work on this anymore but i still need to beg you to change the dll so that you can enter 4 bytes instead of 1 (in the same memory cycle). It would be the final touch to make this function perfect! =o)

MPCTT.zip

Edited January 31, 2005 by faldo

DirtyBanditos · February 1, 2005

Hello again...
I've now completed a few options in my new trainer template.
As you can see, you can do alot of stuff with the .dll Jon created and i put the dll function inside a loop for some writes. It works for this particular game but i'm sure it will crash some other games since the function can only write 1 byte at a time ( a normal operation uses 4 bytes).
I know the script is very badly written and i suck at arrays (which would prolly make the script ALOT smaller). But it's my first "advanced" script, so bare with me.
If anyone feels like adding to this lil project by helping me with arrays, please feel free to do so
Thanx again Jon for the awsome dll. It made everything so easy now that i can use A3 to make a trainer. I know you don't have alot of time to work on this anymore but i still need to beg you to change the dll so that you can enter 4 bytes instead of 1 (in the same memory cycle). It would be the final touch to make this function perfect! =o)
<{POST_SNAPBACK}>

Hello faldo your trainer templet looks great!

good job dude,

but i miss the source of the dll can you send me it=?

Or i this The Peek dll from this Tread? o:)

Have you intress to Share your very Great Trainer exampel to my forum out?

Or can i adde it wis credit to you ?

http://www.deinboard4u.de/board/index.php?nxu=13953496nx1930

Edited February 1, 2005 by DirtyBanditos

faldo · February 1, 2005

Sure you can add it wherever you want, but add credits for Jon aswell, he's the mastermind behind it all ;o)

As for the dll, it's the game.dll further up in this thread, i just changed the name of it for fun.

If you want to follow the project i'll be developing it here:

http://www.mpcforum.com/showthread.php?t=72780

Edited February 1, 2005 by faldo

DirtyBanditos · February 1, 2005

Sure you can add it wherever you want, but add credits for Jon aswell, he's the mastermind behind it all ;o)
As for the dll, it's the game.dll further up in this thread, i just changed the name of it for fun.
If you want to follow the project i'll be developing it here:
http://www.mpcforum.com/showthread.php?t=72780
<{POST_SNAPBACK}>

Hi faldo

ok i adde it and i gif the credit to jon and you :lmao:

And thx for info wis the dll)

February 12, 2005

@Jon,

Will it be possible to post the code for the gamedll.dll? Thanks.

Insolence · February 16, 2005

Trying to use this, but apparently the offset i'm looking at returns a WORD... how can I manipulate it with this DLL?

faldo · March 6, 2005

You can allways convert HEX to DEC or the other way round inside the script itself =o)

Pickled · March 6, 2005

You can bet the hacking / games community would LOVE a Read/Write ProcessMemory() in there :lmao:

Insolence · March 6, 2005

I would, but I couldn't get it to work properly :lmao:

petrojelly · April 15, 2005

Hello, I made a mem.dll that can read and write multiple bytes. I think this would help many gamers out there.

Here are the sample codes

$ProcName = "Icq.exe"

$Address = 0x20032

$Data = 0xABCDEF

$NumByte = 3

If MemWrite($ProcName, $Address, $Data) <> 0 Then

msgbox(0, "", "The Result is: " & MemRead($ProcName, $Address, $NumByte) )

EndIf

Func MemRead($ProcessName, $Address, $BytesToRead)

Local $PID, $Result

$PID = ProcessExists($ProcessName)

$Result = DllCall("mem.dll", "long", "ReadMemLoc", "long", $PID, "long", $Address, "long", $BytesToRead)

Return $Result[0]

EndFunc

Func MemWrite($ProcessName, $Address, $DataToWrite)

Local $PID, $Result

$PID = ProcessExists($ProcessName)

$Result = DllCall("mem.dll", "long", "WriteMemLoc", "long", $PID, "long", $Address, "long", $DataToWrite)

Return $Result[0]

EndFunc

Edit: This dll has been removed, The new dll is posted in my new post.

Edited July 23, 2005 by petrojelly

steveR · April 15, 2005

Have yet to try it, but thanks. This will be a welcome tool in addition to the game.dll that was made.

faldo · April 16, 2005

Hello, I made a mem.dll that can read and write multiple bytes. I think this would help many gamers out there.
Here are the sample codes
$ProcName = "Icq.exe"
$Address = 0x20032
$Data = 0xABCDEF
$NumByte = 3
If MemWrite($ProcName, $Address, $Data) <> 0 Then
msgbox(0, "", "The Result is: " & MemRead($ProcName, $Address, $NumByte) )
EndIf
Func MemRead($ProcessName, $Address, $BytesToRead)
Local $PID, $Result
$PID = ProcessExists($ProcessName)
$Result = DllCall("mem.dll", "long", "ReadMemLoc", "long", $PID, "long", $Address, "long", $BytesToRead)
Return $Result[0]
EndFunc
Func MemWrite($ProcessName, $Address, $DataToWrite)
Local $PID, $Result
$PID = ProcessExists($ProcessName)
$Result = DllCall("mem.dll", "long", "WriteMemLoc", "long", $PID, "long", $Address, "long", $DataToWrite)
Return $Result[0]
EndFunc
<{POST_SNAPBACK}>

Thanx ALOT man... this will be most helpfull! =o)

faldo · June 10, 2005

Sorry to bump this thread... but i was wondering is anyone could take a look at these DLL files and try to alter them so that you can write 8 bytes instead of 4, like the mem.dll enables you to. You can only write one byte at a time with game.dll.

I ask, since if you want to change ASM code in a process, the commandlines sometimes uses up to 7 or 8 bytes. If you use mem.dll and devide the command in 2, the process crashes.

Thanx in advance.

petrojelly · June 11, 2005

Modified the dll, but i dont know if it would work properly

- Added a variable $DataSize in the MemWrite function ($DataSize can be 1~8)

- Also add "SeDebugPrivilege" to read/write function so they can access memory to all kinds of process

This call should write "00000ABC" (8 bytes) to the address "20023":

MemWrite("Icq.exe", 0x20023, 0xABC, 8)

This call should write "BC" (1 byte) to the address "20023":

MemWrite("Icq.exe", 0x20023, 0xABC, 1)

Func MemWrite($ProcessName, $Address, $DataToWrite, $DataSize)

Local $PID, $Result

$PID = ProcessExists($ProcessName)

$Result = DllCall("mem.dll", "long", "WriteMemLoc", "long", $PID, "long", $Address, "long", $DataToWrite, "long", $DataSize)

Return $Result[0]

EndFunc

Edit: Sorry the 8byte version of the dll doesnt work, a 4byte working version is in my new post

Edited July 23, 2005 by petrojelly

faldo · June 15, 2005

Great work Petrojelly...

May i ask what "SeDebugPrivilege" does? does it drop privilege blocks on the target process or what?

w0uter · June 15, 2005

- Also add "SeDebugPrivilege" to read/write function so they can access memory to all kinds of process
<{POST_SNAPBACK}>

just a guess. but maby it can access memory of all processes ?

petrojelly · July 9, 2005

just a guess. but maby it can access memory of all processes ?
<{POST_SNAPBACK}>

that is right.

some process requires administrative rights to read/write its memory. it is helpful to access memory for say, world of warcraft.

Sign In

PEEK&POKE

Recommended Posts

Guest Stork

Top Posters In This Topic

Top Posters In This Topic

alexischeng

faldo

faldo

DirtyBanditos

faldo

DirtyBanditos

Guest delapej1

Insolence

faldo

Pickled

Insolence

petrojelly

steveR

faldo

faldo

petrojelly

faldo

w0uter

petrojelly

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta