Jump to content

Address scanner


Info
 Share

Recommended Posts

I'm trying to do something similiar to the Cheat Engine's scanning function.

I tried this:

#include <NomadMemory.au3>

$Process = 'winmine.exe'

$MemOpen = _MemoryOpen(ProcessExists($Process))

$value = "1"
$add = Hex("0")

MsgBox(64,"Info","Searching for '"&$value&"'"&@CRLF&"Starting from address '"&"0x"&$add&"'")

Do
    If _MemoryRead("0x"&$add,$MemOpen) = $value Then
        TrayTip("0x"&$add&" = "&$value," ",1)
        TrayTip("clears any tray tip","",0)
    EndIf
    $add = Hex(Dec($add)+1)
    ToolTip("0x"&$add)
Until 1+1=3

But it's very slow. :D

Link to comment
Share on other sites

I'm trying to do something similiar to the Cheat Engine's scanning function.

I tried this:

#include <NomadMemory.au3>

$Process = 'winmine.exe'

$MemOpen = _MemoryOpen(ProcessExists($Process))

$value = "1"
$add = Hex("0")

MsgBox(64,"Info","Searching for '"&$value&"'"&@CRLF&"Starting from address '"&"0x"&$add&"'")

Do
    If _MemoryRead("0x"&$add,$MemOpen) = $value Then
        TrayTip("0x"&$add&" = "&$value," ",1)
        TrayTip("clears any tray tip","",0)
    EndIf
    $add = Hex(Dec($add)+1)
    ToolTip("0x"&$add)
Until 1+1=3

But it's very slow. :D

Yeah it is...

#include <GUIConstants.au3>
#Include <GuiListView.au3>
#include <NomadMemory.au3>
#include <Array.au3>
;

$PID = WinGetProcess("InkBall")
$OpenMem = _MemoryOpen($PID)
ScanMemory($OpenMem, 2)



Func _ScanReadableMemory($Handle)

    Local $StartMemory = Dec("00400000")
    Local $EndMemory = Dec("7FFFFFFF")
    Local $Address, $LastAddress, $Progress
    Local $Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $BufferScan2 = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $ReturnArray[1][2]

    $Address = '0x' & Hex($StartMemory)

    While 1

        DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $Address, 'ptr', DllStructGetPtr($Buffer), 'int', DllStructGetSize($Buffer))

        Local $BaseAddress = '0x' & Hex(DllStructGetData($Buffer, 1)); + 0)
        Local $AllocBase = '0x' & Hex(DllStructGetData($Buffer, 2))
        Local $AllocProtect = Hex(DllStructGetData($Buffer, 3))
        Local $RegionSize = DllStructGetData($Buffer, 4)
        Local $State = '0x' & Hex(DllStructGetData($Buffer, 5))
        Local $Protect = Hex(DllStructGetData($Buffer, 6))
        Local $Type = '0x' & Hex(DllStructGetData($Buffer, 7))

        $LastAddress = $Address
        $Address = '0x' & Hex($BaseAddress + $RegionSize)

        If $Address = $LastAddress Then
            ExitLoop
        EndIf

        #cs
        Select
            Case $AllocProtect = 0x00
                $AllocProtect = ''
            Case $AllocProtect = 0x01
                $AllocProtect = 'No Access'
            Case $AllocProtect = 0x02
                $AllocProtect = 'Read'
            Case $AllocProtect = 0x04
                $AllocProtect = 'Read+Write'
            Case $AllocProtect = 0x08
                $AllocProtect = 'Write-Copy'
            Case $AllocProtect = 0x10
                $AllocProtect = 'Execute'
            Case $AllocProtect = 0x20
                $AllocProtect = 'Exe-Read'
            Case $AllocProtect = 0x40
                $AllocProtect = 'Exe-Read+Write'
            Case $AllocProtect = 0x80
                $AllocProtect = 'Exe-Write-Copy'
        EndSelect

        Select
            Case $State = 0x1000
                $State = 'Commit'
            Case $State = 0x2000
                $State = 'Reserve'
            Case $State = 0x10000
                $State = 'Free'
        EndSelect

        Select
            Case $Protect = 0x00
                $Protect = ''
            Case $Protect = 0x01
                $Protect = 'No Access'
            Case $Protect = 0x02
                $Protect = 'Read'
            Case $Protect = 0x04
                $Protect = 'Read+Write'
            Case $Protect = 0x08
                $Protect = 'Write-Copy'
            Case $Protect = 0x10
                $Protect = 'Execute'
            Case $Protect = 0x20
                $Protect = 'Exe-Read'
            Case $Protect = 0x40
                $Protect = 'Exe-Read+Write'
            Case $Protect = 0x80
                $Protect = 'Exe-Write-Copy'
        EndSelect

        Select
            Case $Type = 0x20000
                $Type = 'Private'
            Case $Type = 0x40000
                $Type = 'Mapped'
            Case $Type = 0x1000000
                $Type = 'Image'
        EndSelect
        #ce

        $AddressScan2 = "0x" & Hex(Dec(StringTrimLeft($BaseAddress, 2)) + $RegionSize)

        DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $AddressScan2, 'ptr', DllStructGetPtr($BufferScan2), 'int', DllStructGetSize($BufferScan2))
        Local $AllocBase2 = '0x' & Hex(DllStructGetData($BufferScan2, 2))
        Local $AllocProtect2 = Hex(DllStructGetData($BufferScan2, 3))
        Local $State2 = '0x' & Hex(DllStructGetData($BufferScan2, 5))
        Local $Protect2 = Hex(DllStructGetData($BufferScan2, 6))
        ;First set
        If $AllocBase <> 0x0 And $State = 0x1000 And $RegionSize > 282624 Then
            If $AllocProtect <> 0 And $AllocProtect <> 0x1 Then
                If $Protect <> 0 And $Protect <> 0x1 Then
                    ReDim $ReturnArray[UBound($ReturnArray) + 1][2]
                    $ReturnArray[UBound($ReturnArray) - 1][0] = $BaseAddress
                    $ReturnArray[UBound($ReturnArray) - 1][1] = Hex($RegionSize)
                EndIf
            EndIf
        EndIf


        If $BaseAddress < 0 Then
            $BaseAddress = 2147483648 + ($BaseAddress) + 2147483648
        EndIf
        If ($BaseAddress + $RegionSize) >= $EndMemory Then
            ExitLoop
        EndIf

    WEnd

    Return $ReturnArray


EndFunc


Func ScanMemory($aOpenMemory, $vValue, $sType = 'dword')

    Local $ReturnAddressList[1][2]
    ; Get the scannable memory
    $aRet = _ScanReadableMemory($OpenMem)
    _ArrayDisplay($aRet)


    For $I = 1 To UBound($aRet) - 1
        $StartMem = Dec(StringTrimLeft($aRet[$I][0], 2))
        $EndMemory = $StartMem + Dec($aRet[$I][1])
        $CurrentAddress = $StartMem
        ;MsgBox(0, "", Hex($StartMem) & "/" & Hex($EndMemory))
        While $CurrentAddress <> $EndMemory
            If _MemoryRead("0x" & Hex($CurrentAddress), $aOpenMemory, $sType) = $vValue Then
                ReDim $ReturnAddressList[UBound($ReturnAddressList) + 1][2]
                $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = "0x" & Hex($CurrentAddress)
                $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = $vValue
            EndIf
            $CurrentAddress += 1
            TrayTip("Address", "0x" & Hex($CurrentAddress), 15)
        WEnd

        _ArrayDisplay($ReturnAddressList)

    Next


EndFunc

This is still slow. But miles faster than what you have now. The problem is, AU3 isn't made to be the fastest programming language on the planet.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...