Sign in to follow this  
Followers 0
DysfunctionaI

Another Memory Question

14 posts in this topic

#1 ·  Posted (edited)

This is, yet again, another memory question. I hate to sound like "this nub" but I'm at wits end after days of searching this entire forum (and others). I would be so relieved if someone could enlighten me.

I'm pretty new with all this stuff, but I've come as far as getting little programs to change addresses in games, like Minesweeper and Pinball etc. I had a couple programs on my old computer like those and they used NomadMemory.au3 as you know. But now on my new computer (windows 7 64bit), after installing AutoIt v3.3.4.0 and downloading NomadMemory.au3 again, I can't get the smallest of scripts to read any sort of memory. I'm ready to believe anything at this point, because I've definitely put a decent amount of time into anything that DOES make sense.

Everytime, it just comes up as zero with no errors. Oh, and the address provided is basically there for example. I know everything about pointers and static addresses, as I've used them many times before in previous scripts.

#include <NomadMemory.au3>
#RequireAdmin
SetPrivilege("SeDebugPrivilege", 1)

$PID=WinGetProcess("Calculator")
$ID=_MemoryOpen($PID)
$Address=0x05AC3328
$value=_MemoryRead($address, $ID)

Msgbox (0, "Test", "Value: "&$value)

_MemoryClose($PID)
Edited by DysfunctionaI

Share this post


Link to post
Share on other sites



I believe _MemoryRead returns an array, does it not?

Share this post


Link to post
Share on other sites

I believe _MemoryRead returns an array, does it not?

;==================================================================================

; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])

; Description: Reads the value located in the memory address specified.

; Parameter(s): $iv_Address - The memory address you want to read from. It must

; be in hex format (0x00000000).

; $ah_Handle - An array containing the Dll handle and the handle

; of the open process as returned by _MemoryOpen().

; $sv_Type - (optional) The "Type" of value you intend to read.

; This is set to 'dword'(32bit(4byte) signed integer)

; by default. See the help file for DllStructCreate

; for all types. An example: If you want to read a

; word that is 15 characters in length, you would use

; 'char[16]' since a 'char' is 8 bits (1 byte) in size.

; Return Value(s): On Success - Returns the value located at the specified address.

; On Failure - Returns 0

; @Error - 0 = No error.

; 1 = Invalid $ah_Handle.

; 2 = $sv_Type was not a string.

; 3 = $sv_Type is an unknown data type.

; 4 = Failed to allocate the memory needed for the DllStructure.

; 5 = Error allocating memory for $sv_Type.

; 6 = Failed to read from the specified process.

; Author(s): Nomad

; Note(s): Values returned are in Decimal format, unless specified as a

; 'char' type, then they are returned in ASCII format. Also note

; that size ('char') for all 'char' types should be 1

; greater than the actual size.

;==================================================================================

Unfortunately not :mellow:

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Oh, maybe I was thinking of read. Let me look...

Try something like this:

#include <NomadMemory.au3>
#RequireAdmin

$Open = OpenMemory("Calculator.exe") ;This may be wrong, I don't know. Fill in what it should be.
$Value = _MemoryRead(0x05AC3328, $Open)
MsgBox(0, "Value", $Value)

Func OpenMemory($Process_Name)
    $PID = ProcessExists($Process_Name)
    $MemoryOpen = _MemoryOpen($PID)
    If $MemoryOpen = 0 Then
        Select
            Case @error = 1
                MsgBox(0, "Error", "Error opening process: " & @CRLF & "Process ID is invalid")
            Case @error = 2
                MsgBox(0, "Error", "Error opening process: " & @CRLF & "Failed to open Kernel32.dll")
            Case @error = 3
                MsgBox(0, "Error", "Error opening the specified process")
        EndSelect
    EndIf
EndFunc

Reply back with any error messages that come up, or if $Value is still wrong.

Edited by darkjohn20

Share this post


Link to post
Share on other sites

Reply back with any error messages that come up, or if $Value is still wrong.

Passed with flying colors. No errors, but $value is still zero! That same plain zero that has been staring me in the face for 2 days straight lol.

Do you think that maybe something is not letting the script access any programs' memory? My computer is only 1 month out of the box and I only have a few games on it, and AutoIt of course. My only form of virus protection is Trend Micro Internet Security, but I don't think that has much to do with it. I'm just slowly running out of ideas.

Again, my OS is Windows 7 Home Premium 64 bit

Share this post


Link to post
Share on other sites

There is nothing I can think of that would prevent it. I am running Windows 7 Ultimate 32 bit and I have no problems whatsoever. Try compiling to an .exe and "Run as Administrator".

Share this post


Link to post
Share on other sites

There is nothing I can think of that would prevent it. I am running Windows 7 Ultimate 32 bit and I have no problems whatsoever. Try compiling to an .exe and "Run as Administrator".

Still get zero, lol. I can't be the only person with this problem o_o

Weird shit.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Alright. Gathering all the information I can about my issue, I have found something relevant! Check this out.

I can use NomadMemory.au3 (or anything that reads memory for that matter, I've tried them all) to read memory ONLY FROM the processes that don't say anything under User Name.

Posted Image

Here, I have Diablo II (Game.exe) and Warcraft III (war3.exe) running and I'm unable to read memory from either of them. The weird thing is that I can read memory from any process that DOES say something under User Name... I know, it sounds kind of odd but I'm desperate for answers. I've tried almost every process in my list and the pattern follows. I just can't read anything from the processes that don't have anything under User Name or Description. Just another note, when I right click those processes and go to Properties, nothing happens. Although I can do that with the rest of them... hmm...

EDIT: Oh man, I'm figuring about a whole buncha fun stuff now... It appears I can't end any processes that don't say "Steve" under User Name. Can't go to file location either; hell I can't do anything with it, no wonder I can't read its memory. Does this have anything to do with 32bit or 64bit programs? My old computer running Windows XP had complete control over the war3.exe process. WTF

If anyone with any knowledge about this could share his genius, I would greatly appreciate it.

Edited by DysfunctionaI

Share this post


Link to post
Share on other sites

That is indeed strange. I've never come across anything like that. Since I don't have the same problem I really can't do any tests or anything to further help you. Does anyone else have a similar problem that would be able to help?

Share this post


Link to post
Share on other sites

Did you run taskmanager as administrator ?

Who?

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

I guess you are dysfunctional and can't manage to read announcements. Thread locked for trying to read the memory of Diablo II and World of Warcraft.

Edit: Typed World of Warcraft out of habit, it's obviously Warcraft 3.

Edited by Valik

Share this post


Link to post
Share on other sites

Dysfunctionl tried to give the argument that reading memory from Diablo II/Warcraft is not explicitly forbidden by the game's respective terms of use. That is correct, it's actually forbidden very explicitly by the Battle.net terms of use (See section 2.C).

Dysfunctional is now taking a 7 day vacation from our lovely forum for ignoring a very clear statement not to PM me as well as trying to argue and justify this thread when it's very clear and obvious (and took me all of 30 seconds) to prove otherwise.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0