=sinister= Posted September 24, 2008 Posted September 24, 2008 Hrm, ok well I usually mess around with CE with WoW, and I always find non static addresses that I have to find a pointer for, but I always find on another site the "Player Address" (Which is a address that contains all player data) plus its offset, and I could never find out how to find either of them =\. I always tend to have to do things the hard way when it comes to memory editing.
MasterX Posted December 16, 2008 Posted December 16, 2008 I tried this. #include<NomadMemory.au3> #include<MemoryGetBaseAddressUDF.au3> $ID=_MemoryOpen(ProcessExists("Client.exe")) $pid = ProcessExists("Client.exe") $Offset = Dec("00466BBC") $openmem = _MemoryOpen($pid) $baseADDR = _MemoryGetBaseAddress($openmem, 1) $FinalStatic = "0x" & Hex($baseADDR + $Offset) MsgBox(0,"",$FinalStatic) $read=_memoryread($finalstatic,$openmem) MsgBox(0,"",$read) _MemoryClose($ID) But it returned a false adress :/
ZokNy Posted February 4, 2009 Posted February 4, 2009 "Library.dll+offset" solution:expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFuncFeel free to include!Based on ModuleSpy from wraithdu.
Szhlopp Posted February 22, 2009 Author Posted February 22, 2009 "Library.dll+offset" solution: expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc Feel free to include! Based on ModuleSpy from wraithdu. Sweet!!! Great job! I'm going to test this fairly soon here. If it works I would gladly add this in! RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+'
socal Posted March 9, 2009 Posted March 9, 2009 OK did the tutorial on finding the mulitple level pointers, now I have no idea how to use them. Anyone who can shed some light? [[[[0x02A48048]+0xC]+0x10]+0x14]+0x70 (that's what I got).
TomCat Posted March 20, 2009 Posted March 20, 2009 can someone give me an excample how to use _MemoryModuleGetBaseAddress please I tried this: $iPID = WinGetProcess("Test") $sModule = ("test.dll+1A128") $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) but it doesnt work
ZokNy Posted March 22, 2009 Posted March 22, 2009 Use the func from #23.Then try this:$iPID = WinGetProcess("Test") $sModule = "test.dll" $iOffset = 0x1A128 $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset
TomCat Posted March 26, 2009 Posted March 26, 2009 Tnx for the answer I tryed it but u get a wrong adress Any Idea why ?
ynbIpb Posted May 29, 2009 Posted May 29, 2009 Maybe somebody will show how to use it in Lineage 2, for example, to find HP \ MP (naturally Game Guard will be turned off) Thank you.
avati Posted June 24, 2009 Posted June 24, 2009 After many tests with cheat engine this function DOES NOT work ... If you open a process with cheat engine and after you press memory view, on AlocationBase you see the correct address. That address is different for each process , but using GetBaseAddress function from autoit you took for all exes the same address. Usually 0x00400000 or for games 0x00350000 Any ideas why this happens ????
hot202 Posted August 12, 2009 Posted August 12, 2009 i dont understand how to add this .dll thing can some 1 show a example please?
hot202 Posted August 12, 2009 Posted August 12, 2009 hey can some 1 help me? shouldnt this work? but it dont can some 1 tell me what i have done wrong? Engine.exe is the process name Address is 08FE965C and its a static with cshell.dll+48965C expandcollapse popup#include <NomadMemory.au3> #include <GUIConstants.au3> #include <GUIListBox.au3> #include <Misc.au3> #include <Array.au3> HotKeySet("{F2}","poke") Func poke() $ID=_MemoryOpen(ProcessExists("Engine.exe")) $iPID = WinGetProcess("cshell") $sModule = "cshell.dll" $iOffset = 0x48965C $baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset _MemoryWrite($BaseADDR, $ID, 550) _MemoryClose($iPID) EndFunc While 1 sleep(1000) WEnd Func _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc
Greek Posted October 9, 2009 Posted October 9, 2009 _MemoryModuleGetBaseAddress n1 work, need it for prototype, works create and thx for _MemoryGetBaseAddress too of course
v22 Posted March 1, 2010 Posted March 1, 2010 (edited) update: Thanks to avati for clarifiyng that the code doesn't work, post reported to mods as useless.Allow me to start with stating that i'm a complete utter-n00b when it comes to coding;Thanks for the effort on trying to simplify the whole memory reading thing, gives me headache and imho not only me;OP, could you please point me to the field where I paste Game.dll+000B298C and get the real address ? Since I wasn't able to find such a variable, although this ability is advertised.thanks! Edited March 1, 2010 by v22
v22 Posted March 1, 2010 Posted March 1, 2010 "Library.dll+offset" solution: expandcollapse popupFunc _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc Feel free to include! Based on ModuleSpy from wraithdu. always returns "0"
Szhlopp Posted March 2, 2010 Author Posted March 2, 2010 update: Thanks to avati for clarifiyng that the code doesn't work, post reported to mods as useless.Allow me to start with stating that i'm a complete utter-n00b when it comes to coding;Thanks for the effort on trying to simplify the whole memory reading thing, gives me headache and imho not only me;OP, could you please point me to the field where I paste Game.dll+000B298C and get the real address ? Since I wasn't able to find such a variable, although this ability is advertised.thanks!This DOES work. Let me explain Avati's post...When you see the AllocationBase in CE, it's FOR that memory section. So yes, they don't always match, but it doesn't matter, as this provides you with the one you need. If for some reason it doesn't return the right value(I've seen it twice in all the things I've hacked), edit the IV_start address or whatever it's called. Should be like 0x00100000, change it to 0x00500000. But as I said, that shouldn't be nescessary.If ANYONE is having problems reading the address, use my function http://www.autoitscript.com/forum/index.php?showtopic=99631Sorry I've been gone for 5 months. So I having been on at all=) RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+'
Chaki Posted June 18, 2010 Posted June 18, 2010 (edited) it's FOR that memory section.Before I start studying your script, I would like to know if I'm just going to waste my time.It is my understanding that both Dynamic and Static addresses are called pointers, because they point to a different address, which is inside the Memory Viewer.What I'm trying to do is read the value of that address that is found inside the Memory Viewer.Can your script do that? Or does your script only deal with static addresses? Edited June 18, 2010 by Chaki
XxShadowxX Posted June 18, 2010 Posted June 18, 2010 You probably shouldn't have revived this thread. Anyhow, finding the base address is only useful for static addresses.
Opeth Posted December 23, 2010 Posted December 23, 2010 (edited) Sorry to dig up a old thread. but is their anyway to use this with windows 7? I keep getting Failed to find correct allocation address which is error state 2. A shot of code below.. thanks! this code is working in windows XP just not W7 $BaseAddress = _MemoryGetBaseAddress($hMemory, 1) If $BaseAddress = 0 Then Select Case @error = 1 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Invalid handle to open process") Case @error = 2 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to find correct allocation address") Case @error = 3 MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to read from the specified process") EndSelect EndIf Edited December 23, 2010 by Opeth
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now