rockets Posted July 26, 2011 Posted July 26, 2011 Using nomad memory im trying to read the value located at this base "gcswf32.dll"+005DDEE0 how would i represent that so nomad memory knows what it is. (that is what CE returns.) i also need to add on these offsets 4D4 5A8 140 90 34 ive done this before in c++ but forget how its done , and since nomadmem just calls the function readprocessmemory i assume its similar if not the same.
Blue_Drache Posted July 26, 2011 Posted July 26, 2011 (edited) So ... Google Chrome's built in flash playerFarting around with memory addresses?(that is what CE returns.)Cheat Engine (CE) returns?What exactly are you having issues with?Wouldn't happen to be a game, would it? Edited July 26, 2011 by Blue_Drache Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache
goldenix Posted July 26, 2011 Posted July 26, 2011 If you are learning how to read memory with autoit, I can suggest it is using cheat engine tutorial nr 6 (pointers) as an example. & it also has examples, that show how to use pointers you get from ce to read memory with autoitscript. My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]
rockets Posted July 27, 2011 Author Posted July 27, 2011 (edited) If you are learning how to read memory with autoit, I can suggest it is using cheat engine tutorial nr 6 (pointers) as an example. & it also has examples, that show how to use pointers you get from ce to read memory with autoitscript.i know how to read pointers and memory , my question was more "how do i represent "gcswf32.dll" in my script , since it is a dll of chromes flash player ,so i cant use ProcessExists()".would there be a way to search for all modules loaded by that process and get its base? Im pretty sure that is what i did in c++. Edited July 27, 2011 by rockets
Shaggi Posted July 27, 2011 Posted July 27, 2011 Using nomad memory im trying to read the value located at this base "gcswf32.dll"+005DDEE0 how would i represent that so nomad memory knows what it is. (that is what CE returns.) i also need to add on these offsets 4D4 5A8 140 90 34 ive done this before in c++ but forget how its done , and since nomadmem just calls the function readprocessmemory i assume its similar if not the same. You will need to get the base address of the module. There are 3 ways of doing this: 1. Attach cheatengine to the process. Goto "View memory", goto "view" and goto "Enumerate DLLs and symbols". Although DLLs tend to stick to one base, they can move, so doesn't work with 100% certainty all the time. 2. Inject a thread and call GetModuleHandle (my udf processcall has a function that does this - GetRemoteModuleHandle) 3. Use CreateToolHelp32Snapshot - look it up on MSDN. So ... Google Chrome's built in flash player Farting around with memory addresses? Cheat Engine (CE) returns? What exactly are you having issues with? Wouldn't happen to be a game, would it? What is wrong with this forum lol Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now