=sinister= Posted September 24, 2008 Share Posted September 24, 2008 Hrm, ok well I usually mess around with CE with WoW, and I always find non static addresses that I have to find a pointer for, but I always find on another site the "Player Address" (Which is a address that contains all player data) plus its offset, and I could never find out how to find either of them =\. I always tend to have to do things the hard way when it comes to memory editing. Link to comment Share on other sites More sharing options...
MasterX Posted December 16, 2008 Share Posted December 16, 2008 I tried this. #include<NomadMemory.au3> #include<MemoryGetBaseAddressUDF.au3> $ID=_MemoryOpen(ProcessExists("Client.exe")) $pid = ProcessExists("Client.exe") $Offset = Dec("00466BBC") $openmem = _MemoryOpen($pid) $baseADDR = _MemoryGetBaseAddress($openmem, 1) $FinalStatic = "0x" & Hex($baseADDR + $Offset) MsgBox(0,"",$FinalStatic) $read=_memoryread($finalstatic,$openmem) MsgBox(0,"",$read) _MemoryClose($ID) But it returned a false adress :/ Link to comment Share on other sites More sharing options...
ZokNy Posted February 4, 2009 Share Posted February 4, 2009 "Library.dll+offset" solution:expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFuncFeel free to include!Based on ModuleSpy from wraithdu. Link to comment Share on other sites More sharing options...
Szhlopp Posted February 22, 2009 Author Share Posted February 22, 2009 "Library.dll+offset" solution: expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc Feel free to include! Based on ModuleSpy from wraithdu. Sweet!!! Great job! I'm going to test this fairly soon here. If it works I would gladly add this in! RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
socal Posted March 9, 2009 Share Posted March 9, 2009 OK did the tutorial on finding the mulitple level pointers, now I have no idea how to use them. Anyone who can shed some light? [[[[0x02A48048]+0xC]+0x10]+0x14]+0x70 (that's what I got). Link to comment Share on other sites More sharing options...
socal Posted March 9, 2009 Share Posted March 9, 2009 Disregard the above, I sorted it out. Link to comment Share on other sites More sharing options...
TomCat Posted March 20, 2009 Share Posted March 20, 2009 can someone give me an excample how to use _MemoryModuleGetBaseAddress please I tried this: $iPID = WinGetProcess("Test") $sModule = ("test.dll+1A128") $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) but it doesnt work Link to comment Share on other sites More sharing options...
ZokNy Posted March 22, 2009 Share Posted March 22, 2009 Use the func from #23.Then try this:$iPID = WinGetProcess("Test") $sModule = "test.dll" $iOffset = 0x1A128 $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset Link to comment Share on other sites More sharing options...
TomCat Posted March 26, 2009 Share Posted March 26, 2009 Tnx for the answer I tryed it but u get a wrong adress Any Idea why ? Link to comment Share on other sites More sharing options...
ynbIpb Posted May 29, 2009 Share Posted May 29, 2009 Maybe somebody will show how to use it in Lineage 2, for example, to find HP \ MP (naturally Game Guard will be turned off) Thank you. Link to comment Share on other sites More sharing options...
avati Posted June 24, 2009 Share Posted June 24, 2009 After many tests with cheat engine this function DOES NOT work ... If you open a process with cheat engine and after you press memory view, on AlocationBase you see the correct address. That address is different for each process , but using GetBaseAddress function from autoit you took for all exes the same address. Usually 0x00400000 or for games 0x00350000 Any ideas why this happens ???? Link to comment Share on other sites More sharing options...
hot202 Posted August 12, 2009 Share Posted August 12, 2009 i dont understand how to add this .dll thing can some 1 show a example please? Link to comment Share on other sites More sharing options...
hot202 Posted August 12, 2009 Share Posted August 12, 2009 hey can some 1 help me? shouldnt this work? but it dont can some 1 tell me what i have done wrong? Engine.exe is the process name Address is 08FE965C and its a static with cshell.dll+48965C expandcollapse popup#include <NomadMemory.au3> #include <GUIConstants.au3> #include <GUIListBox.au3> #include <Misc.au3> #include <Array.au3> HotKeySet("{F2}","poke") Func poke() $ID=_MemoryOpen(ProcessExists("Engine.exe")) $iPID = WinGetProcess("cshell") $sModule = "cshell.dll" $iOffset = 0x48965C $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset _MemoryWrite($BaseADDR, $ID, 550) _MemoryClose($iPID) EndFunc While 1 sleep(1000) WEnd Func _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc Link to comment Share on other sites More sharing options...
Greek Posted October 9, 2009 Share Posted October 9, 2009 _MemoryModuleGetBaseAddress n1 work, need it for prototype, works create and thx for _MemoryGetBaseAddress too of course Link to comment Share on other sites More sharing options...
v22 Posted March 1, 2010 Share Posted March 1, 2010 (edited) update: Thanks to avati for clarifiyng that the code doesn't work, post reported to mods as useless.Allow me to start with stating that i'm a complete utter-n00b when it comes to coding;Thanks for the effort on trying to simplify the whole memory reading thing, gives me headache and imho not only me;OP, could you please point me to the field where I paste Game.dll+000B298C and get the real address ? Since I wasn't able to find such a variable, although this ability is advertised.thanks! Edited March 1, 2010 by v22 Link to comment Share on other sites More sharing options...
v22 Posted March 1, 2010 Share Posted March 1, 2010 "Library.dll+offset" solution: expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc Feel free to include! Based on ModuleSpy from wraithdu. always returns "0" Link to comment Share on other sites More sharing options...
Szhlopp Posted March 2, 2010 Author Share Posted March 2, 2010 update: Thanks to avati for clarifiyng that the code doesn't work, post reported to mods as useless.Allow me to start with stating that i'm a complete utter-n00b when it comes to coding;Thanks for the effort on trying to simplify the whole memory reading thing, gives me headache and imho not only me;OP, could you please point me to the field where I paste Game.dll+000B298C and get the real address ? Since I wasn't able to find such a variable, although this ability is advertised.thanks!This DOES work. Let me explain Avati's post...When you see the AllocationBase in CE, it's FOR that memory section. So yes, they don't always match, but it doesn't matter, as this provides you with the one you need. If for some reason it doesn't return the right value(I've seen it twice in all the things I've hacked), edit the IV_start address or whatever it's called. Should be like 0x00100000, change it to 0x00500000. But as I said, that shouldn't be nescessary.If ANYONE is having problems reading the address, use my function http://www.autoitscript.com/forum/index.php?showtopic=99631Sorry I've been gone for 5 months. So I having been on at all=) RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
Chaki Posted June 18, 2010 Share Posted June 18, 2010 (edited) it's FOR that memory section.Before I start studying your script, I would like to know if I'm just going to waste my time.It is my understanding that both Dynamic and Static addresses are called pointers, because they point to a different address, which is inside the Memory Viewer.What I'm trying to do is read the value of that address that is found inside the Memory Viewer.Can your script do that? Or does your script only deal with static addresses? Edited June 18, 2010 by Chaki Link to comment Share on other sites More sharing options...
XxShadowxX Posted June 18, 2010 Share Posted June 18, 2010 You probably shouldn't have revived this thread. Anyhow, finding the base address is only useful for static addresses. Link to comment Share on other sites More sharing options...
Opeth Posted December 23, 2010 Share Posted December 23, 2010 (edited) Sorry to dig up a old thread. but is their anyway to use this with windows 7? I keep getting Failed to find correct allocation address which is error state 2. A shot of code below.. thanks! this code is working in windows XP just not W7 $BaseAddress = _MemoryGetBaseAddress($hMemory, 1) If $BaseAddress = 0 Then Select Case @error = 1 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Invalid handle to open process") Case @error = 2 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to find correct allocation address") Case @error = 3 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to read from the specified process") EndSelect EndIf Edited December 23, 2010 by Opeth Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now