Jump to content
Sign in to follow this  
majidemo

_MemoryRead

Recommended Posts

majidemo

how do i use this function? thank you ;)

i want to use this function as a $s=_MemoryRead($*****, $pid, "Char[31]"), where i want to read a specific value in the memory.

i dont know the correct format nor the correct code, please advice..

please do help. thanks.

Func _Readpointerscan($pid)

    Global $pointerscanOffset[6]
    $pointerscanOffset[0] = 0
    $pointerscanOffset[1] = Dec("017C")
    $pointerscanOffset[2] = Dec("0108")
    $pointerscanOffset[3] = Dec("0004")
    $pointerscanOffset[4] = Dec("0004")
    $pointerscanOffset[5] = Dec("0020")
    $StaticOffset = Dec("0030EA80")
    $openmem = _MemoryOpen($pid)
    $baseADDR = _MemoryGetBaseAddress($openmem, 1)
    $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
    $MemPointer = _MemoryPointerRead($finalADDR, $openmem, $pointerscanOffset)
    _MemoryClose($openmem)

    Return $MemPointer
EndFunc
Edited by majidemo

Share this post


Link to post
Share on other sites
majidemo

uhmmm.. you might be thinking im gonna make a bot? but im relly not.. seriously im even having a hardtime with this simple one.

so, yeah i have successfully read the static/green addresses, but i cant seem to get a value if i use the offset/pointer.

could someone correct my code? please thanks..

im trying to get the value w/c is in TEXT so its gonna be char[22], but w/ this code im just getting 0

#include <NomadMemory.au3>

Global $pointerscanOffset[6]
$pointerscanOffset[0] = 0
$pointerscanOffset[1] = Dec("04C4")
$pointerscanOffset[2] = Dec("0004")
$pointerscanOffset[3] = Dec("0000")
$pointerscanOffset[4] = Dec("0004")
$pointerscanOffset[5] = Dec("00E0")
$StaticOffset = Dec("0014AC24")
$pid = ProcessExists("KhanClient.exe")
$openmem = _MemoryOpen($pid)
$baseADDR = _MemoryGetBaseAddress($openmem, 1)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
$MemPointer = _MemoryPointerRead($finalADDR, $openmem, $pointerscanOffset)
MsgBox(0, "Info", $MemPointer)
;_MemoryClose($openmem)

Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')
    
    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf
    
    Local $iv_Data[2], $i
    Local $v_Buffer = DllStructCreate('dword')
    
    For $i = 0 To $iv_PointerCount
        
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @error Then
                SetError(@error + 2)
                Return 0
            EndIf
            
            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        Else
            $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        EndIf
        
    Next
    
    $iv_Data[0] = $iv_Address
    
    Return $iv_Data

EndFunc   ;==>_MemoryPointerRead


;===================================================================================================
; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                       |0 = Hex (Default)
;                       |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                       |1 = Invalid $ah_Handle.
;                       |2 = Failed to find correct allocation address.
;                       |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
;===================================================================================================
Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0, $iv_Address = 0x00100000)
    
    Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $vData
    Local $vType
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    

    DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
    
    If Not @Error Then
        
        $vData = Hex(DllStructGetData($v_Buffer, 2))
        $vType = Hex(DllStructGetData($v_Buffer, 3))
        
        While $vType <> "00000080"
            DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
            $vData = Hex(DllStructGetData($v_Buffer, 2))
            $vType = Hex(DllStructGetData($v_Buffer, 3))
            If Hex($iv_Address) = "90000000" Then ExitLoop
            $iv_Address += 65536
            
        WEnd

        If $vType = "00000080" Then
            SetError(0)
            If $iHexDec = 1 Then
                Return Dec($vData)
            Else
                Return $vData
            EndIf
            
        Else
            SetError(2)
            Return 0
        EndIf
        
    Else
        SetError(3)
        Return 0
    EndIf
    
EndFunc   ;==>_MemoryGetBaseAddress


Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    
    Local   $PSAPI = DllOpen("psapi.dll")
    
    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
    
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    
    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)
    
EndFunc

Share this post


Link to post
Share on other sites
targeter

It sure seems like a bot based on a 1 minute google search.

KhanClient.exe

http://www.elitepvpers.de/forum/epvp-coders/259443-c-winsock-ws_32-dll-hook.html, you posted there a while back....

Though it doesn't seem like I can find a TOS for that dev....

It doesn't look they are supporting your game anymore, so I am not sure if this still applies.

https://support.levelupgames.ph/policy/pol_penalty.asp

They issue a very strong warning on bots for one of their other games it seems.

http://rohan.levelupgames.ph/20090421/botting-the-official-statement-and-course-of-action/

Edited by targeter

Share this post


Link to post
Share on other sites
majidemo

ooh, im not gonna defend myself, but thats not completely true, i have my own khan server emulator here ->http://gamepeesart.com and theres no point of making a bot, for this game doesnt even have developer support because mirinae is long gone.. like i said im doing it for educational purposes.. thanks ;)

i just need to understand how the above code works, please do help? :)

im not making a bot, i cant even make this one.. what im trying to make is get what the current map name is, thats all.. im making a simple script for my players to be included on my client..

its for memories, khan online was my game since 2006, but i dont know why, but all official servers are now gone.

i hope you understand.. and my other post @ epvp is long ago.. its on C++ im not doing it anymore.. &* that was the time i was making a server emulator w/ C

Edited by majidemo

Share this post


Link to post
Share on other sites
Theri

If you're not making a bot why do you have this same question listed on epvp in their autoit section? (If you don't know, epvp is all about cheating and hacking).

http://www.elitepvpers.de/forum/autoit/706784-memory-offsets.html

Where you're talking about reading the current health and mana values of your character?

(and I'm not going to mention your other threads on epvp, just don't come on here and lie about your intentions.)

Edited by Theri

Share this post


Link to post
Share on other sites
majidemo

im posting at other forums because i need help ;)

and let me please quote this "i have my own khan server emulator here ->http://gamepeesart.com and theres no point of making a bot"

thank you :) please.. i feel like im not welcome here anymore.. ;))

i just need some explaination of the codes sir :P

Edited by majidemo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.