WSCPorts Posted December 6, 2005 Share Posted December 6, 2005 (edited) im trying to write a dynamic trainer/Memory editor :: BY THIS I MEAN that it requires u to know hacks u add them into it and click execute and it excutes the hack or it execute a event based hack which would be like if read pointer value = such and such a # then writehere and here and here and then on to next read and write if there is one... but yea thats not clse to being implented yet thats just my general direction.. as of now teh only thing started is the read section and its still not fully complete im gonna place this up here in the hopes i can get some direction and some Tips on how to start the writing to Memory section expandcollapse popup#include <GuiConstants.au3> $MEM_ALL_ACCESS = 0x1F0FFF Dim $l_Process, $i_BaseAddy, $i_OffSet, $l_TypeList, $i_Size, $b_HackList, $r_RetInput, $l_Hacks, _ $i_SecID GUICreate("AutoItMemTool", 500, 450) GUICtrlCreateGroup("Read Section", 10, 0, 460, 200); Read Group GUICtrlCreateLabel("Process List", 15, 15) $l_Process = GUICtrlCreateList("", 15, 30, 90, 60);ProcessList for ReadGroup GUICtrlCreateLabel("BaseAddress", 105, 15) $i_BaseAddy = GUICtrlCreateInput("", 105, 30, 70, 40);BaseAddress to read From GUICtrlCreateLabel("OffSet to Add to Base", 175, 15) $i_OffSet = GUICtrlCreateInput("", 175, 30, 110, 40);OffSet To Add To Base GUICtrlCreateLabel("Type of Data", 285, 15) $l_TypeList = GUICtrlCreateList("", 285, 30, 90, 60); type of Data to Read ;$s_Type can be any of the struct types specified in DllStructCreate in your help file. GUICtrlCreateLabel("Size of Data", 355, 15) $l_Size = GUICtrlCreateList("", 375, 30, 90, 60);Size of the data to Read GUICtrlCreateLabel("SectionID", 15, 85);IMPORTANT TO SET!! $i_SecID = GUICtrlCreateInput("", 15, 100, 70, 40) $b_HackList = GUICtrlCreateButton("Save This Section", 115, 150, 98, 40);Save a Read $b_ExecReadSection = GUICtrlCreateButton("Read Section", 215, 150, 80, 40) GUICtrlCreateLabel("Data Read", 265, 85) $r_RetInput = GUICtrlCreateInput("", 265, 100, 70, 40);a return area for the read data GUICtrlCreateLabel("Current Complete Sections", 335, 85) $l_Hacks = GUICtrlCreateList("", 335, 98, 130, 60);Hack List from ini File $b_LoadHackList = GUICtrlCreateButton("Load list", 15, 150, 98, 40) $tPL = ProcessList() For $i = 1 To $tPL[0][0] GUICtrlSetData($l_Process, $tPL[$i][0], 0) next For $i = 1 To 0 Step - 1 GUICtrlSetData($l_Size, 1) GUICtrlSetData($l_Size, 2) GUICtrlSetData($l_Size, 4) GUICtrlSetData($l_Size, 8) Next GUICtrlCreateGroup("Write Section", 20, 210, 420, 150) GuiSetState( ) ;hProcess BaseAddy Offset Result Type Size For $iType = 1 to 0 Step - 1 GUICtrlSetData($l_TypeList, "byte") GUICtrlSetData($l_TypeList, "ubyte") GUICtrlSetData($l_TypeList, "short") GUICtrlSetData($l_TypeList, "ushort") GUICtrlSetData($l_TypeList, "int") GUICtrlSetData($l_TypeList, "uint") GUICtrlSetData($l_TypeList, "dword") GUICtrlSetData($l_TypeList, "udword") GUICtrlSetData($l_TypeList, "ptr") GUICtrlSetData($l_TypeList, "float") GUICtrlSetData($l_TypeList, "double") Next Func _MemReadSaver($SectionId, $Key, $Value) IniWrite(@ScriptDir & "/SavedHacks.ini", $SectionId & "ReadValue", $Key, $Value) EndFunc Dim $Process, $BaseAddy, $OffSet, $ResAddress, $Type, $Size, $iSecId, $iSecData, $hPID Func _CastMRI() $iSecId = GUICtrlRead( $i_SecID ) $Process = GUICtrlRead( $l_Process ) _MemReadSaver( $iSecId, "ProcessName", $Process ) $hPID = OpenProcess($MEM_ALL_ACCESS, 0, ProcessExists( $Process )) _MemReadSaver( $iSecId, "ProcessHandle", $hPID) ;$tBaseAddy MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL! $gBaseAddy = GUICtrlRead( $i_BaseAddy ) $BaseAddy = Number( $gBaseAddy );Decimal Value of the address.. _MemReadSaver( $iSecId, "BaseAddy", $BaseAddy) $gOffSet = GUICtrlRead( $i_OffSet ) ;$p_OffSet MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL! $OffSet = Number( $gOffSet );Decimal Value of the Offset _MemReadSaver( $iSecId, "OffSet", $OffSet) $ResAddress = $BaseAddy + $OffSet _MemReadSaver( $iSecId, "ResultingPointer", Hex($ResAddress, 8)) $gType = GUICtrlRead( $l_TypeList ) _MemReadSaver( $iSecId, "Type", $gType) $gSize = GUICtrlRead( $i_Size ) ;$p_Size MUST START WITH A NUMBER FOR if IT STARTS WITH A Char THEN IT STRIPS IT ALL! $Size = Number( $gSize ) _MemReadSaver( $iSecId, "Size", $Size) Sleep(500) $iSecData = IniReadSectionNames(@ScriptDir & "/SavedHacks.ini") Return $iSecData EndFunc Dim $SecData, $SecId Func _HackListSaver() $SecId = GuiCtrlRead( $i_SecID ) $SecData = _CastMRI() for $i = 1 To $SecData[0] GUICtrlSetData($l_Hacks, $SecData[$i]) next EndFunc Func _LoadHackList() $SecNames = IniReadSectionNames(@ScriptDir & "/SavedHacks.ini") for $i = 1 To $SecNames[0] GUICtrlSetData($l_Hacks, $SecNames[$i]) next EndFunc Func _ExecRead() EndFunc Func OpenProcess($dwDesiredAccess, $bInheritHandle, $dwProcessId) $Handle = DllCall("Kernel32.dll", "ptr", "OpenProcess", "int", $dwDesiredAccess, "int", $bInheritHandle, "int", $dwProcessId) If @error Then SetError(1) Return 0 EndIf Return $Handle[0] EndFunc Func _ReadProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$i_nSize) Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') Local $v_lpNumberOfBytesRead = '' DllCall($hDll, 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf Local $v_Return = DllStructGetData ($v_Struct, 1) DllStructDelete ($v_Struct) DllClose($hDll) Return $v_Return EndFunc Func _WriteProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$v_Inject, $i_nSize) Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf $v_lpNumberOfBytesRead = '' Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') DllStructSetData ($v_Struct, 1, $v_Inject) $i_Call = DllCall($hDll, 'int', 'WriteProcessMemory', 'int', _ $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf DllStructDelete ($v_Struct) DllClose($hDll) Return $i_Call[0] EndFunc Do $HMsg = GUIGetMsg( ) If $HMsg = $b_HackList Then _HackListSaver() ElseIf $HMsg = $b_LoadHackList Then _LoadHackList() ;load the current list ElseIf $HMsg = $b_ExecReadSection Then ;use the Name Selected in The HackLIST to execute a Read Operation EndIf Until $HMsg = $GUI_EVENT_CLOSE Edited December 14, 2005 by WSCPorts http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32] Link to comment Share on other sites More sharing options...
=sinister= Posted December 14, 2005 Share Posted December 14, 2005 (edited) Good job, but how do I scan then edit the memory? Any tutorials? Edited December 14, 2005 by =sinister= Link to comment Share on other sites More sharing options...
WSCPorts Posted December 14, 2005 Author Share Posted December 14, 2005 well to be quite honest with u ive been doing alot of reading on the subject and scanning memory is a whole other ball game for autoit. i got my hands on CE 's source code and decided to see if i could figure out how he does it, i think he uses LCC but i could be mistaken.. what has to be done is that u get a image of the process virtualprotect a memory chunk, search it deprotect it and move on to the next chunk... this all involves recurrent use of pointers and all kinds of other fun stuff... so to make a memory searcher would be something i would need help on i also looked at alot of CE's DLLs and was wondering how u could start a driver for use of a dll... the driver Section name is CEDRIVER51 and DRIVER1111 in ur registry :go to system info to find a list of current drivers on ur machine: conversly the nname of the dll is dbk32.dll and driver name is dbk32.sys dbk32.dll has many useful memory editing functions but it relys on dbk32.sys to be loaded into memory .. now supposedly DB[DarkByte] told me that the dll loaded the driver automatically upon static linking of the dll but this is not the case... with autoit it seems ... ive gotten all kinds of errors but i also had a idea if i could create a shared kernal service for the driver and get a refernce to so i decided to pick up asm masm32 to be exact and see what i could start learning the mysteriose world of asm.. i finally see teh asnwers i have so long for sought... but yea im going to code something up ;] for use with autoit http://www.myclanhosting.com/defiasVisit Join and contribute to a soon to be leader in Custumized tools development in [C# .Net 1.1 ~ 2.0/C/C++/MFC/AutoIt3/Masm32] Link to comment Share on other sites More sharing options...
lol98 Posted December 20, 2005 Share Posted December 20, 2005 (edited) banme i will help to the best of mu ability. i still am looking for an api wrapper dll so i can use windows api with autoit. right now im trying to mod a send/recv hook to decrypt a games packets to output to whatever gui is calling the dll right now its about 20% complete i have a source to modify , a gui source (which i wont use because its vb ill make one in autoit) the encrpyt routine / decrypt routine the subroutines (all internal in the dll as well as client) once i get it working to where it sucessfully hooks it. ill be able to predefine and send packets with autoit as if i were the game itself. i know its teh 1337sauce (because the dll source came from god himself Debugx2) Edited December 20, 2005 by lol98 Link to comment Share on other sites More sharing options...
MrSpacely Posted December 20, 2005 Share Posted December 20, 2005 (edited) banme i will help to the best of mu ability. i still am looking for an api wrapper dll so i can use windows api with autoit.right now im trying to mod a send/recv hook to decrypt a games packets to output to whatever gui is calling the dll right now its about 20% complete i have a source to modify , a gui source (which i wont use because its vb ill make one in autoit)the encrpyt routine / decrypt routinethe subroutines (all internal in the dll as well as client)once i get it working to where it sucessfully hooks it.ill be able to predefine and send packets with autoit as if i were the game itself. i know its teh 1337sauce (because the dll source came from god himself Debugx2)Uhm autoit was written to work with the windows api thats the whole concept Edited December 20, 2005 by MrSpacely Link to comment Share on other sites More sharing options...
killaz219 Posted December 21, 2005 Share Posted December 21, 2005 (edited) Looks good so far. I always wanted to see how those scanners worked, but I could never find the source. Edited December 21, 2005 by killaz219 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now