maestro Posted August 27, 2010 Author Posted August 27, 2010 (edited) So Problem !!!SOLVED!!! For anyone else having the same problem as I am, the Memgetbase UDF only works on 32bit OS. So for anyone using a 64bit OS, There is still hope out there!!! I Right clicked the script, and if you are on a 64bit os, click the (run script x86) And it should work! Here is code to get the value from CE tutorial 8. expandcollapse popupinclude <NomadMemory.au3> ;Global $hMemoryOpen,$hMemory,$FinalAddress,$Value ;This line most likely wont be needed Dim $Offset[5] = [0, Dec("C"), Dec(14), 0, Dec(18)] $hMemoryOpen = _OpenMemory("Tutorial.exe") $FinalAddress = _GetFinalAddress($hMemoryOpen,"60C20") $Value = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) MsgBox(0,"Data","Address: " & $Value[0] & @CRLF & "Value: " & $Value[1]) _MemoryClose($hMemoryOpen) Func _OpenMemory($sProcess) $aOpen = _MemoryOpen(ProcessExists($sProcess)) If $aOpen = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error opening Process: Process ID is invalid.") Case 2 MsgBox(0, "Error", "Error opening Process: Failed to open Kernel32.dll.") Case 3 MsgBox(0, "Error", "Error opening " & $aOpen & ".") EndSwitch Exit EndIf Return $aOpen EndFunc Func _GetFinalAddress($hMemory, $xStaticOffset) Local $iStaticOffset, $iBaseAddress $iBaseAddress = _MemoryGetBaseAddress($hMemory, 1) If $iBaseAddress = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error getting Base Address: Invalid Handle to open Process.") Case 2 MsgBox(0, "Error", "Error getting Base Address: Failed to find correct allocation Address.") Case 3 MsgBox(0, "Error", "Error getting Base Address: Failed to read from the specified Process.") EndSwitch Exit EndIf Return "0x" & Hex($iBaseAddress + Dec($xStaticOffset)) EndFunc Func _ReadFromPointer($xFinalAddress,$hMemory,$aOffset,$sType = "dword") Local $aRead $aRead = _MemoryPointerRead($xFinalAddress, $hMemory, $aOffset, $sType) If $aRead = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error reading Pointer: The specified Offset isn't an Array") Case 2 MsgBox(0, "Error", "Error reading Pointer: Invalid Handle to open Process.") Case 3 MsgBox(0, "Error", "Error reading Pointer: Type is not a String") Case 4 MsgBox(0, "Error", "Error reading Pointer: Type is unsupported or unknown") Case 5 MsgBox(0, "Error", "Error reading Pointer: Failed to allocate the memory needed for the DllStructure") Case 6 MsgBox(0, "Error", "Error reading Pointer: Failed to allocate the memory needed for " & $sType) Case 7 MsgBox(0, "Error", "Error reading Pointer: Failed to read from the specified Process") EndSwitch Exit Else Return $aRead EndIf EndFunc Thanks to Darkjohn20 for helping me through this what appeared to be impossible problem. I would alos like to thank majidemo for his assistance as well. Thanks, Ilmaestro. Edited August 27, 2010 by maestro Hello, World!... LAME lol
majidemo Posted August 27, 2010 Posted August 27, 2010 (edited) thats good, but im running on win7 64bit. @darkjon No problem. I noticed that too, i dont know why, but that code works for me.. owyeah, i believe this is the part where it changes the offsets to HEX $finalADDR = "0x" & Hex($baseADDR + $StaticOffset) ; Edited August 27, 2010 by majidemo
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 The problem has been completely resolved. Updated post 2 above.
majidemo Posted August 27, 2010 Posted August 27, 2010 @darkjohn if i had the same code as the topic starter? how do i make the code value REAL TIME? like it would update the value when it changed in the memory? i tried using code below to keep the reading part looping but it gives me an error. While 1 $FinalAddress = _GetFinalAddress($hMemoryOpen,"60C20") $Value = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) Wend
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 thats good, but im running on win7 64bit. @darkjon No problem. I noticed that too, i dont know why, but that code works for me.. owyeah, i believe this is the part where it changes the offsets to HEX $finalADDR = "0x" & Hex($baseADDR + $StaticOffset) ; What do you mean? $Offsets is different from $StaticOffset.
majidemo Posted August 27, 2010 Posted August 27, 2010 owh? LOL! right.. sorry.. still wrong code.. now i dont understand, why my code works correctly w/ the app im reading.
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 (edited) owh? LOL! right.. sorry.. still wrong code.. now i dont understand, why my code works correctly w/ the app im reading. What are your offsets? 0-9 work because 0 = 0x0, 1 = 0x1, etc. A wouldn't work because that's not a Digit. Edit: Also, the code changes depending on whether you use: Process.exe+Offset (Usually only used in a Pointer Scan) StaticPointer (If you find it manually, it will be the one at the bottom of the pointer list) So, for example: $StaticOffset = Dec("406C08") - $BaseAddress ;This line would equal "60C20" $FinalAddress = "0x" & Hex($BaseAddress + $StaticOffset)or $FinalAddress = "0x" & Hex($BaseAddress + "60C20") ;If you already have the Offset, not the Pointer Edited August 27, 2010 by darkjohn20
majidemo Posted August 27, 2010 Posted August 27, 2010 (edited) LOL. thats right.. thanks for clearing that out, im new with this stuff too @darkjohn if i had the same code as the topic starter? how do i make the code value REAL TIME? like it would update the value when it changed in the memory? i tried using code below to keep the reading part looping but it gives me an error. While 1 $FinalAddress = _GetFinalAddress($hMemoryOpen,"60C20") $Value = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) Wend MsgBox(0,"Data","Address: " & $Value[0] & @CRLF & "Value: " & $Value[1]) Edited August 27, 2010 by majidemo
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 (edited) expandcollapse popup#include <NomadMemory.au3> Local $rNew,$rOld Local $Offset[5] = [0, Dec("C"), Dec(14), 0, Dec(18)] $hMemoryOpen = _OpenMemory("Tutorial.exe") $FinalAddress = _GetFinalAddress($hMemoryOpen,"60C20") $rOld = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) While 1 $rNew = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) If $rNew <> $rOld Then MsgBox(0,"Data","Value: " & $rNew) $rOld = $rNew EndIf WEnd _MemoryClose($hMemoryOpen) Func _OpenMemory($sProcess) $aOpen = _MemoryOpen(ProcessExists($sProcess)) If $aOpen = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error opening Process: Process ID is invalid.") Case 2 MsgBox(0, "Error", "Error opening Process: Failed to open Kernel32.dll.") Case 3 MsgBox(0, "Error", "Error opening " & $aOpen & ".") EndSwitch Exit EndIf Return $aOpen EndFunc Func _GetFinalAddress($hMemory, $xStaticOffset) Local $iStaticOffset, $iBaseAddress $iBaseAddress = _MemoryGetBaseAddress($hMemory, 1) If $iBaseAddress = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error getting Base Address: Invalid Handle to open Process.") Case 2 MsgBox(0, "Error", "Error getting Base Address: Failed to find correct allocation Address.") Case 3 MsgBox(0, "Error", "Error getting Base Address: Failed to read from the specified Process.") EndSwitch Exit EndIf Return "0x" & Hex($iBaseAddress + Dec($xStaticOffset)) EndFunc Func _ReadFromPointer($xFinalAddress,$hMemory,$aOffset,$sType = "dword") Local $aRead $aRead = _MemoryPointerRead($xFinalAddress, $hMemory, $aOffset, $sType) If $aRead = 0 Then Switch @error Case 1 MsgBox(0, "Error", "Error reading Pointer: The specified Offset isn't an Array") Case 2 MsgBox(0, "Error", "Error reading Pointer: Invalid Handle to open Process.") Case 3 MsgBox(0, "Error", "Error reading Pointer: Type is not a String") Case 4 MsgBox(0, "Error", "Error reading Pointer: Type is unsupported or unknown") Case 5 MsgBox(0, "Error", "Error reading Pointer: Failed to allocate the memory needed for the DllStructure") Case 6 MsgBox(0, "Error", "Error reading Pointer: Failed to allocate the memory needed for " & $sType) Case 7 MsgBox(0, "Error", "Error reading Pointer: Failed to read from the specified Process") EndSwitch Exit Else Return $aRead[1] EndIf EndFuncThis will run until you select Exit from the Tray. It will call a MsgBox every time the value changes. This is for Step 8 of the CE Tutorial.Here's a stripped version:#include <NomadMemory.au3> Local $rNew,$rOld,$Offset[5] = [0, Dec("C"), Dec(14), 0, Dec(18)] $hMemoryOpen = _MemoryOpen(ProcessExists("Tutorial.exe")) $FinalAddress = _GetFinalAddress($hMemoryOpen,"60C20") $rOld = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) While 1 $rNew = _ReadFromPointer($FinalAddress,$hMemoryOpen,$Offset) If $rNew <> $rOld Then MsgBox(0,"Data","Value: " & $rNew) $rOld = $rNew EndIf WEnd _MemoryClose($hMemoryOpen) Func _GetFinalAddress($hMemory, $xStaticOffset) Return "0x" & Hex(_MemoryGetBaseAddress($hMemory, 1) + Dec($xStaticOffset)) EndFunc Func _ReadFromPointer($xFinalAddress,$hMemory,$aOffset,$sType = "dword") Local $aRead = _MemoryPointerRead($xFinalAddress, $hMemory, $aOffset, $sType) Return $aRead[1] EndFunc Edited August 27, 2010 by darkjohn20
majidemo Posted August 27, 2010 Posted August 27, 2010 thanks man great! can i pm you if i have other questions?
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 thanks man great! can i pm you if i have other questions?Sure. I also have MSN like I said.
majidemo Posted August 27, 2010 Posted August 27, 2010 (edited) i dont get correct value if i dont use [1] gives me error: ==> Subscript used with non-Array variable. While 1 $rNew = _MemoryPointerRead($finalADDR, $openmem, $Offset) If $rNew[1] <> $read[1] Then MsgBox(0,"Data","Value: " & $rNew[1]) $read[1] = $rNew[1] EndIf WEnd this, just returns 0 While 1 $rNew = _MemoryPointerRead($finalADDR, $openmem, $Offset) If $rNew <> $read[1] Then MsgBox(0,"Data","Value: " & $rNew) $read[1] = $rNew EndIf WEnd Edited August 27, 2010 by majidemo
darkjohn20 Posted August 27, 2010 Posted August 27, 2010 i dont get correct value if i dont use [1] gives me error: ==> Subscript used with non-Array variable. While 1 $rNew = _MemoryPointerRead($finalADDR, $openmem, $Offset) If $rNew[1] <> $read[1] Then MsgBox(0,"Data","Value: " & $rNew[1]) $read[1] = $rNew[1] EndIf WEnd Copy the WHOLE script I gave you, I edited the function _MemoryPointerRead to only give [1] instead of the whole array.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now