Sign in to follow this  
Followers 0
Analyze

MemoryRead Help needed

10 posts in this topic

#1 ·  Posted (edited)

Hallo All short Proplem again with MemoryRead :)

I want to write a Offset dumper but dont know how to start.Because after a Update Offset are patched or changed.

I only want to read the new Offset from hex.

Here is a Example Ce Scripts i used..

[ENABLE]
alloc(DetectGM,512)
label(ReturnName)
registersymbol(DetectGM)

DetectGM:
cmp [eax+70],5D4D475B //[GM]
je 00000000
mov [esi+0c],00000000
jmp ReturnName

00553763: //C7 46 0C 00 00 00 00 89 47 04
jmp DetectGM
nop
nop
ReturnName:

[DISABLE]
dealloc(DetectGM)
unregistersymbol(DetectGM)
00553763:
mov [esi+0c],00000000

Here are the Offset+Hex

00553763: //C7 46 0C 00 00 00 00 89 47 04

I need to serach the hex code ine the .exe to get the new Valve but how i can write a script for it anybody can write a Example Script.

Big thx if you can help me out.

EDIT:

Push I found a script but how to Scan Array of Bytes Valve ?

Here are a example

The HEX Value Need to Array of Bytes Scan:

Auto Pots Hack->->83 78 08 13 0F 84

Speed Hack->->D9 40 08 5F 5E C3

GM Found->-> C7 46 0C 00 00 00 00 89 47 04

My Error

(17) : ==> Unable to parse line.:

MsgBox(4096, $progname, Hex(_MemoryRead(0xC7 46 0C 00 00 00 00 89 47 04,$Nomad_struct)))

MsgBox(4096, $progname, Hex(_MemoryRead(0xC7 46 ^ ERROR

>Exit code: 1 Time: 0.221

#include <NomadMemory.au3>

$progname = "Memory reading"

$target_pid = ProcessExists ( "Game.exe" )
If $target_pid=0 Then 
    MsgBox (16, $progname, "Process not found !")
    Exit
EndIf

$Nomad_struct = _MemoryOpen($target_pid)
If Not @error=0 Then
    MsgBox (16, $progname, "Process could not be opened !")
    Exit
EndIf

MsgBox(4096, $progname, Hex(_MemoryRead(0xC7 46 0C 00 00 00 00 89 47 04,$Nomad_struct)))
Edited by Analyze

Share this post


Link to post
Share on other sites



; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])

; Description: Reads the value located in the memory address specified.

; Parameter(s): $iv_Address - The memory address you want to read from. It must

; be in hex format (0x00000000).

; $ah_Handle - An array containing the Dll handle and the handle

; of the open process as returned by _MemoryOpen().

; $sv_Type - (optional) The "Type" of value you intend to read.

; This is set to 'dword'(32bit(4byte) signed integer)

; by default. See the help file for DllStructCreate

; for all types. An example: If you want to read a

; word that is 15 characters in length, you would use

; 'char[16]' since a 'char' is 8 bits (1 byte) in size.

While I didn't investigate the issue your getting, your input to _MemoryRead is a byte array as opposed to a memory address.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

#include <NomadMemory.au3>

$progname  = "Memory reading"
$ah_Handle = "0xC7 46 0C 00 00 00 00 89 47 04"
$sv_Type   = "char[20]"


$target_pid = ProcessExists ( "Game.exe" )
If $target_pid=0 Then 
    MsgBox (16, $progname, "Process not found !")
    Exit
EndIf

$Nomad_struct = _MemoryOpen($target_pid)
If Not @error=0 Then
    MsgBox (16, $progname, "Process could not be opened !")
    Exit
EndIf

MsgBox(4096, $progname, Hex(_MemoryRead($iv_Address, $ah_Handle[, $sv_Type])

I dont unterstand it -.- !°°°°

Edited by Analyze

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Posted Image

I hope now understand it better.

IF the game.exe updatet then the game change the most offsets.And i need to serach again with CE to get the new Adressse.

Instructions:

* The HEX Value Need to Array of Bytes Scan:

Auto Pots Hack->->83 78 08 13 0F 84

Non Agro Hack->->0F B7 86 54 01 00

Vac Hack->->8B 50 1C 89 51 20

Speed Hack->->D9 40 08 5F 5E C3

Range Hack->->8A 44 24 04 88 81

Map Hack->->0F B7 98 04 01 00

GM Hack->->8B 80 A8 00 00 00

Zoom Hack->->F3 0F 10 47 04 EB

Detect Script Hack->->C7 46 0C 00 00 00 00 89 47 04

Far Eye Hack->->8B 48 08 8B 50 04 51 8B 4C 24

Store Hack->->8A 41 08 C3 CC CC CC CC CC CC CC CC CC CC CC CC 8B 0D

Elusive Hack->->8B 08 8B 50 04 89 4C 24 20

Or The 2 Way to get the new Adresss

Instructions:

* The Codes Need to Assemble Scan:

Auto Pots Hack->->cmp dword ptr [eax+08],13

Non Agro Hack->->movzx eax,word ptr [esi+00000154]

Vac Hack->->mov edx,[eax+1c]

Speed Hack->->fld dword ptr [eax+08]

Range Hack->->mov [ecx+000000a8],al

Map Hack->->movzx ebx,word ptr [eax+00000104]

GM Hack->->mov eax,[eax+000000a8]

Zoom Hack->->movss xmm0,[edi+04]

Detect Script Hack->->mov [esi+0c],00000000

Far Eye Hack->->mov ecx,[eax+08]

Store Hack->->mov al,[ecx+08]

Elusive Hack->->mov ecx,[eax]

Is there a way to Dump the New adresss with autoit ?

Edited by Analyze

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Seeing how your screenshot shows you playing 2moons and you are trying to hack a game that has a TOS policy against it

http://www.acclaim.com/rules_of_conduct.html

game site:

http://2moons.acclaim.com/

For those who want to read the section on what I'm talking about, look here:

Cheats, Bug Exploits and Game Loopholes:

* You are not allowed to use software or game bugs to cheat in our games. If you find a bug or a game weakness that can be exploited to cheat, you should send a private post to a Game Master, Volunteer Game Master or Forums Moderator.

* You are not allowed to modify the game, game memory, or its incoming or outgoing packets in any manner.

* The use of Bots, Key Jamming, Macros and other tools to allow your character to gain levels, skills, etc. without the player physically interacting with the game is strictly forbidden.

* Anyone caught or reported (with proof) to be using Cheats, Bug Exploits and Game Loopholes will be immediately banned without prior warning. This, of course, applies to every member of every community.

edit: added game site

Edited by Volly

Share this post


Link to post
Share on other sites

License is pretty clear. Thread locked. Further threads on attempts to use AutoIt with this game will be met with bans.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0