12 replies to this topic

[Szhlopp]

Haven't posted anything in a while so I suppose it's time

This tool makes it easy to convert a CE pointer in the 'cheat table' to a function that Autoit can use to read memory.

1) Rename the description of the pointer address in the cheat table (So it's not "No Description").
2) Right click on a pointer address in the cheat table (P->012E1544) and click 'copy'.
3) Run this script.

AutoIt        expandcollapse  popup

#include <Array.au3>

$ClipGet = ClipGet()
If StringLeft($ClipGet,12) = "<CheatTable>" Then
    Local $ClipText = "Func _Read" 
    Local $Name
    Local $NameOffset
    Local $InterpretableModule
    

    $_SRE = StringRegExp($ClipGet, "<Description>(.*?)\<", 1)
    $_SRE = StringRegExp($_SRE[0], "(?i)[a-z]*", 1)
    $ClipText &= StringStripWS($_SRE[0], 8) & "($pid)" & @CRLF & @CRLF & @TAB
    
    $Name = StringStripWS($_SRE[0], 8)
    
    $ClipText &= "Global $" & $Name & "Offset"
    $NameOffset = "$" & $Name & "Offset"
    $_SRE = StringRegExp($ClipGet, "<Offset>(.*?)<", 3)
    $ClipText &= "[" & UBound($_SRE) + 1 & "]" & @CRLF & @TAB & $NameOffset & "[0] = 0" & @CRLF & @TAB
    
    _ArrayReverse($_SRE)
    For $I = 0 To UBound($_SRE) - 1
        $ClipText &= $NameOffset & "[" & $I + 1 & '] = Dec("' & $_SRE[$I] & '")' & @CRLF & @TAB
    Next
    
    $_SRE = StringRegExp($ClipGet, "<InterpretableAddress>(.*?)\<", 1)
    If Not @error Then
        $_SS = StringSplit($_SRE[0], "+")
        If $_SS[0] = 1 Then
            MsgBox(16, "Error", "This address is not static. Please make sure you're ending with a 'green address'" & @CRLF & "(Game.exe+Offset)")
        Else
            $InterpretableModule = $_SS[1]
            $ClipText &= '$StaticOffset = Dec("' & $_SS[2] & '")' & @CRLF & @TAB
        EndIf
    EndIf
    
    $ClipText &= '$openmem = _MemoryOpen($pid)' & @CRLF & @TAB
    
    If StringRight($InterpretableModule, 3) = "exe" Then
        $ClipText &= '$baseADDR = _MemoryGetBaseAddress($openmem, 1)' & @CRLF & @TAB
    Else
        $ClipText &= '$baseADDR = _MemoryModuleGetBaseAddress($pid, "' & $InterpretableModule & '")' & @CRLF & @TAB
    EndIf
    
    $ClipText &= '$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)' & @CRLF & @TAB
    $ClipText &= '$MemPointer = _MemoryPointerRead($finalADDR, $openmem, ' & $NameOffset & ')' & @CRLF & @TAB
    $ClipText &= '_MemoryClose($openmem)' & @CRLF  & @CRLF & @TAB
    $ClipText &= 'Return $MemPointer' & @CRLF & 'EndFunc'
    
    ; Finished, return
    ClipPut($ClipText)
Else
    MsgBox(16, "Error", "No Cheat Table data in your clipboard")
EndIf

Ta da! Function you can paste into any script.
Return is an array where
[0] = Address
[1] = Value


Tested on CheatEngine 5.5.


For those who are missing some of the functions...

AutoIt        expandcollapse  popup

Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')
    
    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf
    
    Local $iv_Data[2], $i
    Local $v_Buffer = DllStructCreate('dword')
    
    For $i = 0 To $iv_PointerCount
        
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @error Then
                SetError(@error + 2)
                Return 0
            EndIf
            
            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        Else
            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        EndIf
        
    Next
    
    $iv_Data[0] = $iv_Address
    
    Return $iv_Data

EndFunc   ;==>_MemoryPointerRead


;===================================================================================================
; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                       |0 = Hex (Default)
;                       |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                       |1 = Invalid $ah_Handle.
;                       |2 = Failed to find correct allocation address.
;                       |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  <a href='http://www.autoitscript.com/forum/index.php?showtopic=78834' class='bbc_url' title=''>http://www.autoitscript.com/forum/index.php?showtopic=78834</a>
; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
;===================================================================================================
Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0, $iv_Address = 0x00100000)
    
    Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $vData
    Local $vType
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    

    DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
    
    If Not @Error Then
        
        $vData = Hex(DllStructGetData($v_Buffer, 2))
        $vType = Hex(DllStructGetData($v_Buffer, 3))
        
        While $vType <> "00000080"
            DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
            $vData = Hex(DllStructGetData($v_Buffer, 2))
            $vType = Hex(DllStructGetData($v_Buffer, 3))
            If Hex($iv_Address) = "90000000" Then ExitLoop
            $iv_Address += 65536
            
        WEnd

        If $vType = "00000080" Then
            SetError(0)
            If $iHexDec = 1 Then
                Return Dec($vData)
            Else
                Return $vData
            EndIf
            
        Else
            SetError(2)
            Return 0
        EndIf
        
    Else
        SetError(3)
        Return 0
    EndIf
    
EndFunc   ;==>_MemoryGetBaseAddress


Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    
    Local   $PSAPI = DllOpen("psapi.dll")
    
    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
    
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    
    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
    
EndFunc

Edited by Szhlopp, 11 August 2009 - 05:00 PM.

[bluerein]

nice ..

may come in handy..

thanks

[hot202]

dosnt work get error line 20

[Szhlopp]

dosnt work get error line 20

Bah when I edited the post I forgot to put #include <Array.au3> back in the code. Doing so now...

Edited by Szhlopp, 10 August 2009 - 05:02 PM.

[hot202]

now error line 31

[pokemaster]

Holy macaroni! Thanks a lot for this script, it was immensely useful! At first I was a bit confused about how to use it, as once I ran the script nothing seemed to happen. But then I realized it copies code so you can paste it and use it as a function. Very useful indeed for people who want to design scripts that do stuff based on game memory.

If I bump into memory related problems later, could I possibly contact you?

[hot202]

ok this works but it dont copy the address is it ment to?

[hot202]

oh it dont work with pointers to a static address?

[Szhlopp]

Holy macaroni! Thanks a lot for this script, it was immensely useful! At first I was a bit confused about how to use it, as once I ran the script nothing seemed to happen. But then I realized it copies code so you can paste it and use it as a function. Very useful indeed for people who want to design scripts that do stuff based on game memory.

If I bump into memory related problems later, could I possibly contact you?

Welcome

Yeah sure, feel free to contact me anytime. It sometimes takes me a few days to get back though

[pokemaster]

It works perfectly well on Win XP, but I was wondering why I can't get the correct value using Vista? My CE that's running on Vista shows the right value, but once I use your script with the CE values it ends up returning an incorrect value.

[zEwt]

this actually is not working for me. followed instructions to the T. is it old?

[JohnOne]

"Posted 07 August 2009 - 02:09 AM"

You Decide.

[Melba23]

zEwt,

You have already had a topic locked for asking about memory reads for an aimbot and here you are necroing a thread about a similar thing.

Did you read the Forum Rules to which I linked you?

We are serious about enforcing them. You are not making a good impression so far - please do not continue along the same path in your future posts here.

M23