Sign in to follow this  
Followers 0
WSCPorts

Memory trainer maker

6 posts in this topic

#1 ·  Posted (edited)

im trying to write a dynamic trainer/Memory editor ::

BY THIS I MEAN that it requires u to know hacks u add them into it and click execute and it excutes the hack or it execute a event based hack which would be like if read pointer value = such and such a # then writehere and here and here and then on to next read and write if there is one... but yea thats not clse to being implented yet thats just my general direction..

as of now teh only thing started is the read section and its still not fully complete

im gonna place this up here in the hopes i can get some direction and some Tips on how to start the writing to Memory section :P

#include <GuiConstants.au3>
$MEM_ALL_ACCESS = 0x1F0FFF
Dim $l_Process, $i_BaseAddy, $i_OffSet, $l_TypeList, $i_Size, $b_HackList, $r_RetInput, $l_Hacks, _
$i_SecID
GUICreate("AutoItMemTool", 500, 450)
GUICtrlCreateGroup("Read Section", 10, 0, 460, 200); Read Group
GUICtrlCreateLabel("Process List", 15, 15)
$l_Process = GUICtrlCreateList("", 15, 30, 90, 60);ProcessList for ReadGroup
GUICtrlCreateLabel("BaseAddress", 105, 15)
$i_BaseAddy = GUICtrlCreateInput("", 105, 30, 70, 40);BaseAddress to read From
GUICtrlCreateLabel("OffSet to Add to Base", 175, 15)
$i_OffSet = GUICtrlCreateInput("", 175, 30, 110, 40);OffSet To Add To Base
GUICtrlCreateLabel("Type of Data", 285, 15)
$l_TypeList = GUICtrlCreateList("", 285, 30, 90, 60); type of Data to Read 
;$s_Type can be any of the struct types specified in DllStructCreate in your help file.
GUICtrlCreateLabel("Size of Data", 355, 15)
$l_Size = GUICtrlCreateList("", 375, 30, 90, 60);Size of the data to Read
GUICtrlCreateLabel("SectionID", 15, 85);IMPORTANT TO SET!!
$i_SecID = GUICtrlCreateInput("", 15, 100, 70, 40)
$b_HackList = GUICtrlCreateButton("Save This Section", 115, 150, 98, 40);Save a Read 
$b_ExecReadSection = GUICtrlCreateButton("Read Section", 215, 150, 80, 40)
GUICtrlCreateLabel("Data Read", 265, 85)
$r_RetInput = GUICtrlCreateInput("", 265, 100, 70, 40);a return area for the read data
GUICtrlCreateLabel("Current Complete Sections", 335, 85)
$l_Hacks = GUICtrlCreateList("", 335, 98, 130, 60);Hack List from ini File
$b_LoadHackList = GUICtrlCreateButton("Load list", 15, 150, 98, 40)
$tPL = ProcessList()
For $i = 1 To $tPL[0][0]
  GUICtrlSetData($l_Process, $tPL[$i][0], 0)
next
For $i = 1 To 0 Step - 1
    GUICtrlSetData($l_Size, 1)
    GUICtrlSetData($l_Size, 2)
    GUICtrlSetData($l_Size, 4)
    GUICtrlSetData($l_Size, 8)
Next
GUICtrlCreateGroup("Write Section", 20, 210, 420, 150)
GuiSetState( )
;hProcess BaseAddy Offset Result Type Size 
For $iType = 1 to 0 Step - 1
GUICtrlSetData($l_TypeList, "byte")
GUICtrlSetData($l_TypeList, "ubyte")
GUICtrlSetData($l_TypeList, "short")
GUICtrlSetData($l_TypeList, "ushort")
GUICtrlSetData($l_TypeList, "int")
GUICtrlSetData($l_TypeList, "uint")
GUICtrlSetData($l_TypeList, "dword")
GUICtrlSetData($l_TypeList, "udword")
GUICtrlSetData($l_TypeList, "ptr")
GUICtrlSetData($l_TypeList, "float")
GUICtrlSetData($l_TypeList, "double")
Next
Func _MemReadSaver($SectionId, $Key, $Value)
    IniWrite(@ScriptDir & "/SavedHacks.ini", $SectionId & "ReadValue", $Key, $Value)
EndFunc
Dim $Process, $BaseAddy, $OffSet, $ResAddress, $Type, $Size, $iSecId, $iSecData, $hPID
Func _CastMRI()
    $iSecId = GUICtrlRead( $i_SecID )
    $Process = GUICtrlRead( $l_Process )
    _MemReadSaver( $iSecId, "ProcessName", $Process )
    $hPID = OpenProcess($MEM_ALL_ACCESS, 0, ProcessExists( $Process ))
    _MemReadSaver( $iSecId, "ProcessHandle", $hPID)
;$tBaseAddy MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL!
    $gBaseAddy = GUICtrlRead( $i_BaseAddy )
    $BaseAddy = Number( $gBaseAddy );Decimal Value of the address..
    _MemReadSaver( $iSecId, "BaseAddy", $BaseAddy)
    $gOffSet = GUICtrlRead( $i_OffSet ) 
;$p_OffSet MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL!
    $OffSet = Number( $gOffSet );Decimal Value of the Offset
    _MemReadSaver( $iSecId, "OffSet", $OffSet)
    $ResAddress = $BaseAddy + $OffSet
    _MemReadSaver( $iSecId, "ResultingPointer", Hex($ResAddress, 8))
    $gType = GUICtrlRead( $l_TypeList )
    _MemReadSaver( $iSecId, "Type", $gType)
    $gSize = GUICtrlRead( $i_Size )
;$p_Size  MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL!
    $Size = Number( $gSize )
    _MemReadSaver( $iSecId, "Size", $Size)
    Sleep(500)
    $iSecData = IniReadSectionNames(@ScriptDir & "/SavedHacks.ini")
Return $iSecData
EndFunc
Dim $SecData, $SecId
Func _HackListSaver()
    $SecId = GuiCtrlRead( $i_SecID )
    $SecData = _CastMRI()
    for $i = 1 To $SecData[0]
        GUICtrlSetData($l_Hacks, $SecData[$i])
    next
EndFunc
Func _LoadHackList()
    $SecNames = IniReadSectionNames(@ScriptDir & "/SavedHacks.ini")
    for $i = 1 To $SecNames[0]
        GUICtrlSetData($l_Hacks, $SecNames[$i])
    next
EndFunc 
Func _ExecRead()
EndFunc
Func OpenProcess($dwDesiredAccess, $bInheritHandle, $dwProcessId)
$Handle = DllCall("Kernel32.dll", "ptr", "OpenProcess", "int", $dwDesiredAccess, "int", $bInheritHandle, "int", $dwProcessId)
    If @error Then
        SetError(1)
        Return 0
    EndIf
    Return $Handle[0]
EndFunc
Func _ReadProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$i_nSize)
   Local $hDll = DllOpen("kernel32.dll")
   If @error Then
      SetError(1)
      Return 0
   EndIf
   Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']')
   Local $v_lpNumberOfBytesRead = ''
   DllCall($hDll, 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
   If @error Then
      SetError(1)
      Return 0
   EndIf
   Local $v_Return = DllStructGetData ($v_Struct, 1)
   DllStructDelete ($v_Struct)
   DllClose($hDll)
   Return $v_Return
EndFunc

Func _WriteProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$v_Inject, $i_nSize)
   Local $hDll = DllOpen("kernel32.dll")
   If @error Then
      SetError(1)
      Return 0
   EndIf
   $v_lpNumberOfBytesRead = ''
   Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']')
   DllStructSetData ($v_Struct, 1, $v_Inject)
    
   $i_Call = DllCall($hDll, 'int', 'WriteProcessMemory', 'int', _
   $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
   If @error Then
      SetError(1)
      Return 0
   EndIf
   DllStructDelete ($v_Struct)
   DllClose($hDll)
   Return $i_Call[0]
EndFunc
Do 
    $HMsg = GUIGetMsg( )
    If $HMsg = $b_HackList Then
        _HackListSaver()
    ElseIf $HMsg = $b_LoadHackList Then
        _LoadHackList()
;load the current list 
    ElseIf $HMsg = $b_ExecReadSection Then
;use the Name Selected in The HackLIST to execute a Read Operation  
    EndIf   
Until $HMsg = $GUI_EVENT_CLOSE
Edited by WSCPorts

http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Good job, but how do I scan then edit the memory? Any tutorials?

Edited by =sinister=

Share this post


Link to post
Share on other sites

well to be quite honest with u ive been doing alot of reading on the subject and scanning memory is a whole other ball game for autoit. i got my hands on CE 's source code and decided to see if i could figure out how he does it, i think he uses LCC but i could be mistaken..

what has to be done is that u get a image of the process virtualprotect a memory chunk, search it deprotect it and move on to the next chunk... this all involves recurrent use of pointers and all kinds of other fun stuff...

so to make a memory searcher would be something i would need help on i also looked at alot of CE's DLLs and was wondering how u could start a driver for use of a dll... the driver Section name is CEDRIVER51 and DRIVER1111 in ur registry :go to system info to find a list of current drivers on ur machine: conversly the nname of the dll is dbk32.dll and driver name is dbk32.sys dbk32.dll has many useful memory editing functions but it relys on dbk32.sys to be loaded into memory ..

now supposedly DB[DarkByte] told me that the dll loaded the driver automatically upon static linking of the dll but this is not the case... with autoit it seems ...

ive gotten all kinds of errors but i also had a idea if i could create a shared kernal service for the driver and get a refernce to so i decided to pick up asm masm32 to be exact and see what i could start learning the mysteriose world of asm..

i finally see teh asnwers i have so long for sought... but yea im going to code something up ;] for use with autoit


http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32]

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

banme i will help to the best of mu ability. i still am looking for an api wrapper dll so i can use windows api with autoit.

right now im trying to mod a send/recv hook to decrypt a games packets to output to whatever gui is calling the dll :lmao:

right now its about 20% complete i have a source to modify , a gui source (which i wont use because its vb ill make one in autoit)

the encrpyt routine / decrypt routine

the subroutines (all internal in the dll as well as client)

once i get it working to where it sucessfully hooks it.

ill be able to predefine and send packets with autoit as if i were the game itself. :P

i know its teh 1337sauce (because the dll source came from god himself Debugx2)

Edited by lol98

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

banme i will help to the best of mu ability. i still am looking for an api wrapper dll so i can use windows api with autoit.

right now im trying to mod a send/recv hook to decrypt a games packets to output to whatever gui is calling the dll :lmao:

right now its about 20% complete i have a source to modify , a gui source (which i wont use because its vb ill make one in autoit)

the encrpyt routine / decrypt routine

the subroutines (all internal in the dll as well as client)

once i get it working to where it sucessfully hooks it.

ill be able to predefine and send packets with autoit as if i were the game itself. :P

i know its teh 1337sauce (because the dll source came from god himself Debugx2)

Uhm autoit was written to work with the windows api thats the whole concept

Edited by MrSpacely

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Looks good so far. I always wanted to see how those scanners worked, but I could never find the source.

Edited by killaz219

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0