196 replies to this topic

[Gene]

Hi Valik,

I am able to debug without hacking anything, it is boring though. I haven't been using Scite long. I only came to it because of the syntax autocompletion, parameter ghosting and menu options. I still have Crimson open almost all the time for the quick and dirty macro builder.

I understand the terms you use below, but had no idea those capabilities were in Scite. Apparently I never looked at the bottom half of the tools menu either. I'll have to try those out.

I understand your third point too. But, even if wOuter doesn't update base addresses, it would be nice while it lasted.

Gene

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt. I know with SciTE I can insert trace statements for any variable I want or I can insert a trace of all function calls (Like a call stack) for an entire file just with hotkeys. I rarely use message boxes for debugging and I definitely never needed to hack AutoIt to do it.

In addition, the moment 3.1.1.104 comes out, w0uter will have to give you a new base address. Is this really practical for you to hack AutoIt each release to ensure you can debug code when their are tons of other, more suitable ways of doing it?

Edited by Gene, 23 January 2006 - 01:25 AM.

[strate]

I have the memory location (I think) of a status bar that I can not read with anything. I need help with these functions, bad. I tried looking at your example but it doesn't illistrate how to use _MEMRead().

Do I have to have MemOpen and MemClose before and after every read?

Could I get a example of MemRead being used in common application?

I will owe my first born if I can read the status bar. Its what is stopping me from automating my whole job almost.

[Gene]

Search the Forum for _MEMRead. You will find several posts with examples and discussion.

Gene

I have the memory location (I think) of a status bar that I can not read with anything. I need help with these functions, bad. I tried looking at your example but it doesn't illistrate how to use _MEMRead().

Do I have to have MemOpen and MemClose before and after every read?

Could I get a example of MemRead being used in common application?

I will owe my first born if I can read the status bar. Its what is stopping me from automating my whole job almost.

[strate]

In one of the functions I found for mine sweeper I get this

Unknown function name.:
DllStructDelete ($v_Struct)

What would the fix be?

Running beta with it compiled.

[Gene]

Look it up in the History page of the help file. Don't use the Help Search Tab, go to the History page click the right side of the page then use the Ctrl+F search to find it. DllStructDelete is obsolete when you find it you will also find the replacement.

Gene

In one of the functions I found for mine sweeper I get this

Unknown function name.:
DllStructDelete ($v_Struct)

What would the fix be?

Running beta with it compiled.

[strate]

Look it up in the History page of the help file. Don't use the Help Search Tab, go to the History page click the right side of the page then use the Ctrl+F search to find it. DllStructDelete is obsolete when you find it you will also find the replacement.

Gene

I get a new error:

Memory Read - Mine Sweeper.au3 (53) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:
$ai_Loc[$i_Array][0] = 23 + $x * 16

Here's my code being used:

Plain Text        expandcollapse  popup

opt("MouseClickDelay", 0)
opt("MouseClickDownDelay", 0)
Global Const $MEM_O = 0x8
Global Const $MEM_R = 0x10
Global Const $MEM_W = 0x20
Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)
    $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
    If @error Then
        SetError(1)
        Return 0
    EndIf
    Return $ai_Handle[0]
EndFunc  ;==>_MemOpen
Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '')
    Local $v_Struct = DllStructCreate('byte[' & $i_nSize & ']')
    DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
    Local $v_Return = DllStructGetData($v_Struct, 1)
    $v_Struct = 0
;~  DllStructDelete ($v_Struct)
    Return $v_Return
EndFunc  ;==>_MemRead
Func _MemClose($i_hProcess)
    $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
    Return $av_CloseHandle[0]
EndFunc  ;==>_MemClose

ProcessSetPriority(@AutoItPID, 5)
opt('MouseCoordMode', 0)

$i_pid = Run('winmine.exe')
ProcessWait($i_pid)
$v_Open = _MemOpen($MEM_R, False, $i_pid)
;Width  0x1005334
$i_Width = _MemRead($v_Open, 0x1005334, 1)
$i_Width = RegRead('HKEY_CURRENT_USER\Software\Microsoft\winmine', 'Width')
;Height 0x1005338
$i_Height = _MemRead($v_Open, 0x1005338, 1)
$i_Height = RegRead('HKEY_CURRENT_USER\Software\Microsoft\winmine', 'Height')
;Number 0x1005330
$i_NonMines = $i_Width * $i_Height - _MemRead($v_Open, 0x1005330, 2)
$i_NonMines = $i_Width * $i_Height - RegRead('HKEY_CURRENT_USER\Software\Microsoft\winmine', 'Mines')
Global $i_Array = 0
Dim $ai_Loc[$i_NonMines][2]
For $y = 0 To $i_Height - 1
    For $x = 0 To $i_Width - 1
       ;mine   0x1005340 + 32 * y + x
        If _MemRead($v_Open, 0x1005340 + 32 * ($y + 1) + ($x + 1), 1) = -113 Then
            ConsoleWrite("X ")
            ContinueLoop
        Else
            ConsoleWrite("O ")
            $ai_Loc[$i_Array][0] = 23 + $x * 16
            $ai_Loc[$i_Array][1] = 112 + $y * 16
            $i_Array += 1
        EndIf
    Next;~
    ConsoleWrite(@LF)
Next
_MemClose($v_Open)
$v_Open = UBound($ai_Loc) - 1
opt('WinTitleMatchMode', 4)
For $i = 0 To $v_Open
    MouseClick('left', $ai_Loc[$i][0], $ai_Loc[$i][1], 1, 0)
    If StringInStr(WinGetText('active'), 'OK') Then ExitLoop
Next

[strate]

BUMP

[w0uter]

runs just fine here. WIN XP HOME SP 2

[strate]

WINXP Pro SP2

I'm not sure what is wrong.... Is there any other scripts put together that show the use of these functions?

[strate]

Bump....

[begging]
I need a method for reading the Status bar of a program I use at work and I think this could do it for me could someone assist me. [/begging]

EDIT: Nevermind!!! I didn't have the latest beta I was back a couple versions Sorry.

Edited by strate, 09 February 2006 - 09:33 PM.

[w0uter]

btw if i wanted to read a statusbar i would try to hook the function that sets the text

just an idee.

[strate]

btw if i wanted to read a statusbar i would try to hook the function that sets the text

just an idee.

What do you mean?

[xxd2godxx]

Is it possible to use this function to hack into Diablo II? Is it possible to inject packets to diablo's .dll's thus making it hackable? If so, how would i do this?

[GrungeRocker]

hi!
i've made this lil' script:

Plain Text        expandcollapse  popup

$hwnd = GuiCreate("WhatPulse hacker", 217, 164,(@DesktopWidth-217)/2, (@DesktopHeight-164)/2 , $WS_OVERLAPPEDWINDOW + $WS_VISIBLE + $WS_CLIPSIBLINGS, $WS_EX_TOOLWINDOW + $WS_EX_TOPMOST )

$Label_1 = GuiCtrlCreateLabel("Set Keystats to:", 10, 10, 130, 20)
$keys = GuiCtrlCreateInput("0", 10, 30, 120, 20)
$keygo = GuiCtrlCreateButton("Go", 140, 30, 70, 20)
$Label_4 = GuiCtrlCreateLabel("Set Klickstats to:", 10, 60, 130, 20)
$klicks = GuiCtrlCreateInput("0", 10, 90, 120, 20)
$klickgo = GuiCtrlCreate[attachmentid=6883]Button("Go", 140, 90, 70, 20)
$about = GuiCtrlCreateButton("About", 10, 130, 80, 20)
$exit = GuiCtrlCreateButton("Exit", 130, 130, 80, 20)
$info = GuiCtrlCreateLabel("Please launch Geek window!", 10, 150, 200, 20)

$x = 0

GuiSetState()
While 1
    $msg = GuiGetMsg()
    Select
    Case $msg = $GUI_EVENT_CLOSE OR $msg = $exit
        ExitLoop
    Case $msg = $about
        about()
    case $msg = $keygo AND $x = 1
        $keymem = _MemOpen($pid)
        _MemWrite($keymem, 0x004609F0, guictrlread($keys))
        MsgBox(0, "", _MemRead($keymem, 0x004609F0))
        _MemClose($keymem)
    EndSelect
    if WinExists("WhatPulse Geek window") then 
        $pid = WinGetProcess ( "WhatPulse Geek window" )
        $x = 1
        GUICtrlSetData($info, "Have fun editing!")
    EndIf
WEnd
Exit

but the memread returnes only shit........
pic:

but from memhack i kow, that this address is right and its editable with numbers....
can anyone explain to me why it returnes such ****?

[w0uter]

b/c you write **** to it

you should use _MemCreate() to create a struct and pass that to _MemWrite

i should really doccument my functions more

[jaenster]

Wouter , How you know the address?

[GrungeRocker]

even if i do so

$keymem = _MemOpen($pid)
        $keymem1 = _MemCreate($keymem)
        _MemWrite($keymem, 0x004609F0, guictrlread($keys))
        MsgBox(262144, "", _MemRead($keymem, 0x004609F0))
        _MemClose($keymem)

it won't work -.-'

Edited by Analritter, 12 February 2006 - 07:21 PM.

[xxd2godxx]

Is it possible to transmute these C++ codes into Auto-it and then send them through Diablo with this function? Or is it possible for me to just call them while using auto-it?

GetPlayerID
Code:

DWORD __declspec(naked) GetPlayerID(VOID) { 
   __asm { 
MOV EAX,DWORD PTR DS:[0x6FBCC1E0] 
MOV ECX,DWORD PTR DS:[EAX+0xC] 
mov eax, ecx 
ret 
   } 
}

GetPlayerArea
Code:

DWORD __declspec(naked) GetPlayerArea(void) { 
__asm { 
MOV EAX,DWORD PTR DS:[0x6FBCC1E0] 
push eax 
mov ebx, 0x6FABC0BC 
call ebx 
push eax 
mov ebx, 0x6FABC0B6 
call ebx 
ret 
} 
}

SendGamePacket
Code:

void SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { 
DWORD size1 = PacketSize; 
__asm { 
mov eax, Packet 
push Packet 
mov ebx, size1 
mov edx, 0x6FB0DE40 
call edx 
} 
}

GetCurrentLife
Code:

DWORD __declspec(naked) GetCurrentLife() { 
__asm { 
mov eax, 6 
mov ebx, 0x6FB653A0 
call ebx 
SAR eax,8 
ret 
} 
}

GetMaxLife
Code:

DWORD __declspec(naked) GetMaxLife() { 
__asm 
mov eax, 6 
mov ebx, 0x6FB653A0 
call ebx 
SAR edx,8 
mov eax,edx 
ret 
} 
}

GetCurrentMana
Code:

DWORD __declspec(naked) GetCurrentMana() { 
__asm { 
mov eax, 8 
mov ebx, 0x6FB653A0 
call ebx 
SAR eax,8 
ret 
} 
}

GetMaxMana
Code:

DWORD __declspec(naked) GetMaxMana() { 
__asm { 
mov eax, 8 
mov ebx, 0x6FB653A0 
call ebx 
SAR edx,8 
mov eax,edx 
ret 
} 
}

GamePrintMessage
Code:

enum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; 

typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); 

void GamePrintMessage(char *Message, BYTE color) 
{ 
   pPrint Print = (pPrint)0x6FAC6780; 
   wchar_t Buffer[256]; 
   MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); 
   Print(Buffer, color); 
}

GetPlayerID Code:

DWORD __declspec(naked) GetPlayerID(VOID) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] MOV ECX,DWORD PTR DS:[EAX+0xC] mov eax, ecx ret } }

GetPlayerArea Code:

DWORD __declspec(naked) GetPlayerArea(void) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] push eax mov ebx, 0x6FABC0BC call ebx push eax mov ebx, 0x6FABC0B6 call ebx ret } }

SendGamePacket Code:

void SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { DWORD size1 = PacketSize; __asm { mov eax, Packet push Packet mov ebx, size1 mov edx, 0x6FB0DE40 call edx } }

GetCurrentLife Code:

DWORD __declspec(naked) GetCurrentLife() { __asm { mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } }

GetMaxLife Code:

DWORD __declspec(naked) GetMaxLife() { __asm mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } }

GetCurrentMana Code:

DWORD __declspec(naked) GetCurrentMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } }

GetMaxMana Code:

DWORD __declspec(naked) GetMaxMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } }

GamePrintMessage Code:

enum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); void GamePrintMessage(char *Message, BYTE color) { pPrint Print = (pPrint)0x6FAC6780; wchar_t Buffer[256]; MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); Print(Buffer, color); }

[jaenster]

huh ??

[w0uter]

@Analritter

what is the return from guictrlread($keys) ?

@xxd2godxx

afaik you can only call these functions from within DII so first you should find a method to inject your code into DII