Jump to content
Sign in to follow this  
hot202

MemoryWrite help.

Recommended Posts

hot202

hey can some 1 help me? shouldnt this work? but it dont can some 1 tell me what i have done wrong?

Engine.exe is the process name

Address is 08FE965C

and its a static with cshell.dll+48965C

#include <NomadMemory.au3>
 #include <GUIConstants.au3>
 #include <GUIListBox.au3>
 #include <Misc.au3>
 #include <Array.au3>
 HotKeySet("{F2}","poke")
 
 
 Func poke()
$ID=_MemoryOpen(ProcessExists("Engine.exe"))
$iPID = WinGetProcess("cshell")
$sModule = "cshell.dll"
$iOffset = 0x48965C
$baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset
 _MemoryWrite($BaseADDR, $ID, 550)
 _MemoryClose($iPID)
 EndFunc 
 
 While 1
     sleep(1000)
 WEnd
 
 
 
 Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    
    Local   $PSAPI = DllOpen("psapi.dll")
    
    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
    
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    
    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
    
EndFunc

Share this post


Link to post
Share on other sites
hot202

please any1 any help will help me.

Edited by hot202

Share this post


Link to post
Share on other sites
wolf9228

hey can some 1 help me? shouldnt this work? but it dont can some 1 tell me what i have done wrong?

Engine.exe is the process name

Address is 08FE965C

and its a static with cshell.dll+48965C

#include <NomadMemory.au3>
 #include <GUIConstants.au3>
 #include <GUIListBox.au3>
 #include <Misc.au3>
 #include <Array.au3>
 HotKeySet("{F2}","poke")
 
 
 Func poke()
$ID=_MemoryOpen(ProcessExists("Engine.exe"))
$iPID = WinGetProcess("cshell")
$sModule = "cshell.dll"
$iOffset = 0x48965C
$baseADDR = _MemoryModuleGetBaseAddress($iPID, $sModule) + $iOffset
 _MemoryWrite($BaseADDR, $ID, 550)
 _MemoryClose($iPID)
 EndFunc 
 
 While 1
     sleep(1000)
 WEnd
 
 
 
 Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    
    Local   $PSAPI = DllOpen("psapi.dll")
    
    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
    
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    
    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
    
EndFunc

#Include <Array.au3>

$array =  ProcessList("IEXPLORE.exe")
$all_modules = all_modules_process($array[1][1])
_ArrayDisplay($all_modules,"")

Func all_modules_process($processID )
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
Local $MAX_PATH   = 260 , $Arrayresult[1][3] , $FileNameEx ,$hModsElement,$lpBaseName
$Arrayresult[0][0] = 0
$hProcess = WINAPI_OpenProcess($PERMISSION,0,$processID)
$hMods = DllStructCreate("hwnd[1024]")
WINAPI_EnumProcessModules($hProcess,DllStructGetPtr($hMods),DllStructGetSize($hMods))
$i = 0
While 1
$i +=1
$hModsElement = DllStructGetData($hMods,1,$i)
if $hModsElement <> 0 Then
$FileNameEx = WINAPI_GetModuleFileNameEx($hProcess,$hModsElement,$MAX_PATH)
$lpBaseName = WINAPI_GetModuleBaseName($hProcess,$hModsElement,$MAX_PATH)
ReDim $Arrayresult[$Arrayresult[0][0] + 2][3]
$Arrayresult[$Arrayresult[0][0] + 1][0] = $hModsElement
$Arrayresult[$Arrayresult[0][0] + 1][1] = $lpBaseName
$Arrayresult[$Arrayresult[0][0] + 1][2] = $FileNameEx
$Arrayresult[0][0] +=1
Else
ExitLoop
EndIf
WEnd
Return $Arrayresult
EndFunc



Func WINAPI_OpenProcess( _
             $dwDesiredAccess, _
             $bInheritHandle, _
             $dwProcessId)
$HANDLE = DllCall("Kernel32.dll","hwnd","OpenProcess","long",$dwDesiredAccess,"int",$bInheritHandle _
,"int",$dwProcessId)
Return $HANDLE[0]
EndFunc

Func WINAPI_EnumProcessModules( _
                  $hProcess, _
                  $lphModule, _
                  $cb)

$BOOL = DllCall("Psapi.dll","int","EnumProcessModules","hwnd",$hProcess,"ptr",$lphModule,"long" _
,$cb,"int*",0)
Return $BOOL[4]
EndFunc

Func WINAPI_GetModuleFileNameEx( _
                    $hProcess, _
                    $hModule, _
                    $nSize)
$Strlength = DllCall("Psapi.dll","long","GetModuleFileNameEx","hwnd",$hProcess,"ptr",$hModule,"str" _
,0,"int",$nSize)
Return $Strlength[3]
EndFunc

Func WINAPI_GetModuleBaseName( _
                    $hProcess, _
                    $hModule, _
                    $nSize)
$Strlength = DllCall("Psapi.dll","long","GetModuleBaseName","hwnd",$hProcess,"ptr",$hModule,"str" _
,0,"int",$nSize)
Return $Strlength[3]
EndFunc
Edited by wolf9228

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites
hot202

I dont understand that it dont have +Offset in it how do i add my address to it?

Share this post


Link to post
Share on other sites
wolf9228

I dont understand that it dont have +Offset in it how do i add my address to it?

Address is 08FE965C

What do you mean by this Address

Edited by wolf9228

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites
hot202

well in cheat engine i find the static address witch is 08FE965C but it also uses cshell.dll+48965c

the process name i search is Engine.exe

Share this post


Link to post
Share on other sites
Szhlopp

well in cheat engine i find the static address witch is 08FE965C but it also uses cshell.dll+48965c

the process name i search is Engine.exe

Here:

#include <NomadMemory.au3>
#include <GUIConstants.au3>
#include <GUIListBox.au3>
#include <Misc.au3>
#include <Array.au3>
;

HotKeySet("{F2}","poke")
 
 
Func poke()
    ; PID
    $pid = ProcessExists("Engine.exe")
    
    ; Open memory
    $OpenMemory =_MemoryOpen($pid)
    
    ; Cshell.dll+
    $StaticOffset = Dec("0x48965C")
    
    ; Get the Cshell baseaddress
    $baseADDR = _MemoryModuleGetBaseAddress($pid, "cshell.dll")
    
    ; Convert it to something autoit can use
    $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
    
    ; Write and close
    _MemoryWrite($finalADDR, $OpenMemory, 550)
    _MemoryClose($OpenMemory)

EndFunc 
 
 While 1
    sleep(1000)
 WEnd
 
 
 
 Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    
    Local   $PSAPI = DllOpen("psapi.dll")
    
    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
    
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    
    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
    
EndFunc

I highly suggest you look through some of the memory posts I've made(In signature) to get a better understanding of how this all works >_<

Share this post


Link to post
Share on other sites
hot202

that dosnt seem to work >_

Share this post


Link to post
Share on other sites
hounder

yea it doesnt. ive read most of Szhlopp's posts about memory in autoit, but nothing is helping me with the dll issue.

_MemoryModuleGetBaseAddress doesnt seem to work for this issue, nor _MemoryModuleGetBaseAddress.

Share this post


Link to post
Share on other sites
hot202

bump

Share this post


Link to post
Share on other sites
demandnothing

LMAO Combat Arms is a bitch like that.. try _WinApiHook UDF in the example scripts "Windows Hooking Inject Dll"

at the time of this post it is on Page 2.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×