Sign in to follow this  
Followers 0
Info

Address scanner

5 posts in this topic

I'm trying to do something similiar to the Cheat Engine's scanning function.

I tried this:

#include <NomadMemory.au3>

$Process = 'winmine.exe'

$MemOpen = _MemoryOpen(ProcessExists($Process))

$value = "1"
$add = Hex("0")

MsgBox(64,"Info","Searching for '"&$value&"'"&@CRLF&"Starting from address '"&"0x"&$add&"'")

Do
    If _MemoryRead("0x"&$add,$MemOpen) = $value Then
        TrayTip("0x"&$add&" = "&$value," ",1)
        TrayTip("clears any tray tip","",0)
    EndIf
    $add = Hex(Dec($add)+1)
    ToolTip("0x"&$add)
Until 1+1=3

But it's very slow. :D

Share this post


Link to post
Share on other sites



I'm trying to do something similiar to the Cheat Engine's scanning function.

I tried this:

#include <NomadMemory.au3>

$Process = 'winmine.exe'

$MemOpen = _MemoryOpen(ProcessExists($Process))

$value = "1"
$add = Hex("0")

MsgBox(64,"Info","Searching for '"&$value&"'"&@CRLF&"Starting from address '"&"0x"&$add&"'")

Do
    If _MemoryRead("0x"&$add,$MemOpen) = $value Then
        TrayTip("0x"&$add&" = "&$value," ",1)
        TrayTip("clears any tray tip","",0)
    EndIf
    $add = Hex(Dec($add)+1)
    ToolTip("0x"&$add)
Until 1+1=3

But it's very slow. :D

Yeah it is...

#include <GUIConstants.au3>
#Include <GuiListView.au3>
#include <NomadMemory.au3>
#include <Array.au3>
;

$PID = WinGetProcess("InkBall")
$OpenMem = _MemoryOpen($PID)
ScanMemory($OpenMem, 2)



Func _ScanReadableMemory($Handle)

    Local $StartMemory = Dec("00400000")
    Local $EndMemory = Dec("7FFFFFFF")
    Local $Address, $LastAddress, $Progress
    Local $Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $BufferScan2 = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $ReturnArray[1][2]

    $Address = '0x' & Hex($StartMemory)

    While 1

        DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $Address, 'ptr', DllStructGetPtr($Buffer), 'int', DllStructGetSize($Buffer))

        Local $BaseAddress = '0x' & Hex(DllStructGetData($Buffer, 1)); + 0)
        Local $AllocBase = '0x' & Hex(DllStructGetData($Buffer, 2))
        Local $AllocProtect = Hex(DllStructGetData($Buffer, 3))
        Local $RegionSize = DllStructGetData($Buffer, 4)
        Local $State = '0x' & Hex(DllStructGetData($Buffer, 5))
        Local $Protect = Hex(DllStructGetData($Buffer, 6))
        Local $Type = '0x' & Hex(DllStructGetData($Buffer, 7))

        $LastAddress = $Address
        $Address = '0x' & Hex($BaseAddress + $RegionSize)

        If $Address = $LastAddress Then
            ExitLoop
        EndIf

        #cs
        Select
            Case $AllocProtect = 0x00
                $AllocProtect = ''
            Case $AllocProtect = 0x01
                $AllocProtect = 'No Access'
            Case $AllocProtect = 0x02
                $AllocProtect = 'Read'
            Case $AllocProtect = 0x04
                $AllocProtect = 'Read+Write'
            Case $AllocProtect = 0x08
                $AllocProtect = 'Write-Copy'
            Case $AllocProtect = 0x10
                $AllocProtect = 'Execute'
            Case $AllocProtect = 0x20
                $AllocProtect = 'Exe-Read'
            Case $AllocProtect = 0x40
                $AllocProtect = 'Exe-Read+Write'
            Case $AllocProtect = 0x80
                $AllocProtect = 'Exe-Write-Copy'
        EndSelect

        Select
            Case $State = 0x1000
                $State = 'Commit'
            Case $State = 0x2000
                $State = 'Reserve'
            Case $State = 0x10000
                $State = 'Free'
        EndSelect

        Select
            Case $Protect = 0x00
                $Protect = ''
            Case $Protect = 0x01
                $Protect = 'No Access'
            Case $Protect = 0x02
                $Protect = 'Read'
            Case $Protect = 0x04
                $Protect = 'Read+Write'
            Case $Protect = 0x08
                $Protect = 'Write-Copy'
            Case $Protect = 0x10
                $Protect = 'Execute'
            Case $Protect = 0x20
                $Protect = 'Exe-Read'
            Case $Protect = 0x40
                $Protect = 'Exe-Read+Write'
            Case $Protect = 0x80
                $Protect = 'Exe-Write-Copy'
        EndSelect

        Select
            Case $Type = 0x20000
                $Type = 'Private'
            Case $Type = 0x40000
                $Type = 'Mapped'
            Case $Type = 0x1000000
                $Type = 'Image'
        EndSelect
        #ce

        $AddressScan2 = "0x" & Hex(Dec(StringTrimLeft($BaseAddress, 2)) + $RegionSize)

        DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $AddressScan2, 'ptr', DllStructGetPtr($BufferScan2), 'int', DllStructGetSize($BufferScan2))
        Local $AllocBase2 = '0x' & Hex(DllStructGetData($BufferScan2, 2))
        Local $AllocProtect2 = Hex(DllStructGetData($BufferScan2, 3))
        Local $State2 = '0x' & Hex(DllStructGetData($BufferScan2, 5))
        Local $Protect2 = Hex(DllStructGetData($BufferScan2, 6))
        ;First set
        If $AllocBase <> 0x0 And $State = 0x1000 And $RegionSize > 282624 Then
            If $AllocProtect <> 0 And $AllocProtect <> 0x1 Then
                If $Protect <> 0 And $Protect <> 0x1 Then
                    ReDim $ReturnArray[UBound($ReturnArray) + 1][2]
                    $ReturnArray[UBound($ReturnArray) - 1][0] = $BaseAddress
                    $ReturnArray[UBound($ReturnArray) - 1][1] = Hex($RegionSize)
                EndIf
            EndIf
        EndIf


        If $BaseAddress < 0 Then
            $BaseAddress = 2147483648 + ($BaseAddress) + 2147483648
        EndIf
        If ($BaseAddress + $RegionSize) >= $EndMemory Then
            ExitLoop
        EndIf

    WEnd

    Return $ReturnArray


EndFunc


Func ScanMemory($aOpenMemory, $vValue, $sType = 'dword')

    Local $ReturnAddressList[1][2]
    ; Get the scannable memory
    $aRet = _ScanReadableMemory($OpenMem)
    _ArrayDisplay($aRet)


    For $I = 1 To UBound($aRet) - 1
        $StartMem = Dec(StringTrimLeft($aRet[$I][0], 2))
        $EndMemory = $StartMem + Dec($aRet[$I][1])
        $CurrentAddress = $StartMem
        ;MsgBox(0, "", Hex($StartMem) & "/" & Hex($EndMemory))
        While $CurrentAddress <> $EndMemory
            If _MemoryRead("0x" & Hex($CurrentAddress), $aOpenMemory, $sType) = $vValue Then
                ReDim $ReturnAddressList[UBound($ReturnAddressList) + 1][2]
                $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = "0x" & Hex($CurrentAddress)
                $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = $vValue
            EndIf
            $CurrentAddress += 1
            TrayTip("Address", "0x" & Hex($CurrentAddress), 15)
        WEnd

        _ArrayDisplay($ReturnAddressList)

    Next


EndFunc

This is still slow. But miles faster than what you have now. The problem is, AU3 isn't made to be the fastest programming language on the planet.

Share this post


Link to post
Share on other sites

There must be some other way... :D

Share this post


Link to post
Share on other sites

If AutoIt is too slow, the general answer is to write it in another language. Memory searching seems like typically one of those things. You can write a DLL or a AutoIt plugin in C++.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0