Sign in to follow this  
Followers 0
rockets

memory pointers

5 posts in this topic

Using nomad memory im trying to read the value located at this base

"gcswf32.dll"+005DDEE0
how would i represent that so nomad memory knows what it is. (that is what CE returns.) i also need to add on these offsets

4D4
5A8
140
90
34

ive done this before in c++ but forget how its done , and since nomadmem just calls the function readprocessmemory i assume its similar if not the same.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

So ... Google Chrome's built in flash player

Farting around with memory addresses?

(that is what CE returns.)

Cheat Engine (CE) returns?

What exactly are you having issues with?

Wouldn't happen to be a game, would it?

Edited by Blue_Drache

Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache

Share this post


Link to post
Share on other sites

If you are learning how to read memory with autoit, I can suggest it is using cheat engine tutorial nr 6 (pointers) as an example. & it also has examples, that show how to use pointers you get from ce to read memory with autoitscript.


My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

If you are learning how to read memory with autoit, I can suggest it is using cheat engine tutorial nr 6 (pointers) as an example. & it also has examples, that show how to use pointers you get from ce to read memory with autoitscript.

i know how to read pointers and memory , my question was more "how do i represent "gcswf32.dll" in my script , since it is a dll of chromes flash player ,so i cant use ProcessExists()".

would there be a way to search for all modules loaded by that process and get its base? Im pretty sure that is what i did in c++.

Edited by rockets

Share this post


Link to post
Share on other sites

Using nomad memory im trying to read the value located at this base

"gcswf32.dll"+005DDEE0
how would i represent that so nomad memory knows what it is. (that is what CE returns.) i also need to add on these offsets

4D4
5A8
140
90
34

ive done this before in c++ but forget how its done , and since nomadmem just calls the function readprocessmemory i assume its similar if not the same.

You will need to get the base address of the module. There are 3 ways of doing this:

1. Attach cheatengine to the process. Goto "View memory", goto "view" and goto "Enumerate DLLs and symbols". Although DLLs tend to stick to one base, they can move, so doesn't work with 100% certainty all the time.

2. Inject a thread and call GetModuleHandle (my udf processcall has a function that does this - GetRemoteModuleHandle)

3. Use CreateToolHelp32Snapshot - look it up on MSDN.

So ... Google Chrome's built in flash player

Farting around with memory addresses?

Cheat Engine (CE) returns?

What exactly are you having issues with?

Wouldn't happen to be a game, would it?

What is wrong with this forum lol

Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0