Jump to content

new _Mem functions


Recommended Posts

Well I'd have to restart EQ2, but I tried returning $Array[0], [1], [2], etc. in the first set of tests I did... The offset was wrong then and I haven't returned to it with the new offset yet.

It might take 5 mins or so, but want me to?

EDIT: It returned -30300

Grrrrr

$Process = "EverQuest2.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$Read = _MemRead($h_open,0xF4798A,4)
MsgBox(0, "Test Box", "TEst: " & $Read[0] & $Read[1] & $Read[2] & $Read[3])
_MemClose($h_open)
Edited by JoshDB
Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
Link to post
Share on other sites
  • Replies 198
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I agree that reviving old topics with a valid request is fine. I also agree that a certain politeness should be adhered to in all topics. But following the board (see "General Help"), this is the thir

Posted Images

Well I'd have to restart EQ2, but I tried returning $Array[0], [1], [2], etc. in the first set of tests I did... The offset was wrong then and I haven't returned to it with the new offset yet.

It might take 5 mins or so, but want me to?

EDIT: It returned -30300

Grrrrr

$Process = "EverQuest2.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$Read = _MemRead($h_open,0xF4798A,4)
MsgBox(0, "Test Box", "TEst: " & $Read[0] & $Read[1] & $Read[2] & $Read[3])
_MemClose($h_open)

Grrrrr

Yep. Iv'e tried the same thing you did. :o

w0uter please give a simple example of how to read a number. Mem functions is somthing iv'e wanted in AutoIt since I started using it. :geek:

Thanks, Hallman

Link to post
Share on other sites

The arrays never returned anything of value to me, so I removed it all together. I get the result I've been looking for for about 3 months now. Heres a example:

#include 'Memory Functions.au3'
Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)
    $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
    If @error Then
        SetError(1)
        Return 0
    EndIf
    Return $ai_Handle[0]
EndFunc;==>_MemOpen
Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '')
    Local $v_Struct = DllStructCreate('byte[' & $i_nSize & ']')
    DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
    Local $v_Return = DllStructGetData($v_Struct, 1)
    $v_Struct = 0
;~; Comment out;    DllStructDelete ($v_Struct)
    Return $v_Return
EndFunc;==>_MemRead
Func _MemClose($i_hProcess)
    $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
    Return $av_CloseHandle[0]
EndFunc;==>_MemClose
;||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

$i_pid = WinGetProcess('VMS EB2')
$v_Open = _MemOpen($i_pid)
$MemRead_results = _MemRead( $v_Open, 0x746041)
ConsoleWrite($MemRead_results&@LF)
_MemClose($v_Open)
Not sure if this will help anyone but the array idea kept me from getting what I wanted.

Edited by strate
INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
Link to post
Share on other sites

<memory functions here>

$i_pid = WinGetProcess('EverQuest II (Feb 13 2006 19:03:07) USER OPTIMIZED: SOEBuild=2767L')
$v_Open = _MemOpen($i_pid)
$MemRead_results = _MemRead( $v_Open, 0xF4798A)
MsgBox(0,"Test",$MemRead_results)
_MemClose($v_Open)

That returns gibberish :o

Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
Link to post
Share on other sites

<memory functions here>

$i_pid = WinGetProcess('EverQuest II (Feb 13 2006 19:03:07) USER OPTIMIZED: SOEBuild=2767L')
$v_Open = _MemOpen($i_pid)
$MemRead_results = _MemRead( $v_Open, 0xF4798A)
MsgBox(0,"Test",$MemRead_results)
_MemClose($v_Open)

That returns gibberish :o

This is a shot in the dark but your title has the time in it, is this static? To be more certain that your getting a good PID try using $i_pid = ProcessExist(Process Name)

Just a guess though.

INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
Link to post
Share on other sites

hello,

if you ask _MemRead to read n bytes, it would return an array of n bytes starting from the address you specified. however, the value you want will actually be stored in the array in reverse order. i.e. if you're expecting a value of 43707 (0xAABB in hex), the array you would get is [0xBB,0xAA,00,00] or [187,170,0,0] in dec. i dunno why it's reversed, i thought at first it was intentionally reversed by the programmer, but i tried reading stuff from other programs and they're all like that. anyway, you can use the _MemRev function to get the reversed hex representation of the array returned by _MemRead.

Edited by monji
Link to post
Share on other sites

What does all this mean for me?

All I want to do is read the hex adress 0xF4798A, type 4 bytes, of the program PID EverQuest2.exe.

Cheat Engine lets me do this easily.

$Process = "EverQuest2.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$Read = _MemRead($h_open,0xF4798A,4)
MsgBox(0, "Test Box", "Test: " & $Read[0] & " - " & $Read[1] & " - " & $Read[2] & " - " & $Read[3])
MsgBox(0, "Test Box", "Test: " & _MemRev($Read))
_MemClose($h_open)

This results in two messageboxes, one holding -30 - 3 - 0 - 0 (The " - " was for me to see better the seperation of the arrays.) and the other holding 0x000003E2. Neither of these yield anything more then -1 when put through HexToString or StringToHex...

:o

EDIT EDIT EDIT: Alright in Cheat Engine I displayed the value as Hexidecimal and it was the same as in the Messagebox... Now to convert it.

Edited by JoshDB
Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
Link to post
Share on other sites

Alright guys - Sorry for double post - I figured it out.

#include <String.au3>

Func _HexadecimalToDecimal($var)
    $result = 0
    $sum = 0
    $power=0
    
    Do
        $currentDigit = StringRight(_MemRev($var),$power+1)
        $currentDigit = StringLeft($currentDigit,1)
        If $currentDigit = "A" Then
            $currentDigit = 10
        ElseIf $currentDigit = "B" Then
            $currentDigit = 11
        ElseIf $currentDigit = "C" Then
            $currentDigit = 12
        ElseIf $currentDigit = "D" Then
            $currentDigit = 13
        ElseIf $currentDigit = "E" Then
            $currentDigit = 14
        ElseIf $currentDigit = "F" Then
            $currentDigit = 15
        EndIf
        $result=$currentDigit*16^$power
        $power = $power + 1
        $sum = $sum + $result
    Until $currentDigit = "x"
    
    Return $sum
EndFunc;==>_HexadecimalToDecimal by joshdb

Example:

$Process = "EverQuest2.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$Read = _MemRead($h_open,0xF4798A,4)
MsgBox(0, "Test Box", "Test: " & _HexadecimalToDecimal($Read))
_MemClose($h_open)

Big huge thanks to: http://www.permadi.com/tutorial/numHexToDec/

Whew... :">

Ha, I haven't been on these forums since... 2006, almost. Behold, my legacy signature:My AutoIt idol is Valuater. You know you love him, too.My Stuff: D&D AGoT Tools Suite
Link to post
Share on other sites

I don't understand, is it possible to write to the game memory. For example, use this function to find a byte for Diablo II then write over it, so kind of like HACKING into Diablo?

These functions read and/or edit what a process stores in memory. So, it's kinda like hacking. :o

Anyone have any write functions that work?

Edited by Hallman
Link to post
Share on other sites

This is C++ but is it possible to send packets kind of like this with auto-it?

GetPlayerID 
Code: 

CODEDWORD __declspec(naked) GetPlayerID(VOID) { 
   __asm { 
MOV EAX,DWORD PTR DS:[0x6FBCC1E0] 
MOV ECX,DWORD PTR DS:[EAX+0xC] 
mov eax, ecx 
ret 
   } 
} 



GetPlayerArea 
Code: 

CODEDWORD __declspec(naked) GetPlayerArea(void) { 
__asm { 
MOV EAX,DWORD PTR DS:[0x6FBCC1E0] 
push eax 
mov ebx, 0x6FABC0BC 
call ebx 
push eax 
mov ebx, 0x6FABC0B6 
call ebx 
ret 
} 
} 



SendGamePacket 
Code: 

CODEvoid SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { 
DWORD size1 = PacketSize; 
__asm { 
mov eax, Packet 
push Packet 
mov ebx, size1 
mov edx, 0x6FB0DE40 
call edx 
} 
} 



GetCurrentLife 
Code: 

CODEDWORD __declspec(naked) GetCurrentLife() { 
__asm { 
mov eax, 6 
mov ebx, 0x6FB653A0 
call ebx 
SAR eax,8 
ret 
} 
} 



GetMaxLife 
Code: 

CODEDWORD __declspec(naked) GetMaxLife() { 
__asm 
mov eax, 6 
mov ebx, 0x6FB653A0 
call ebx 
SAR edx,8 
mov eax,edx 
ret 
} 
} 



GetCurrentMana 
Code: 

CODEDWORD __declspec(naked) GetCurrentMana() { 
__asm { 
mov eax, 8 
mov ebx, 0x6FB653A0 
call ebx 
SAR eax,8 
ret 
} 
} 


GetMaxMana 
Code: 

CODEDWORD __declspec(naked) GetMaxMana() { 
__asm { 
mov eax, 8 
mov ebx, 0x6FB653A0 
call ebx 
SAR edx,8 
mov eax,edx 
ret 
} 
} 


GamePrintMessage 
Code: 

CODEenum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; 

typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); 

void GamePrintMessage(char *Message, BYTE color) 
{ 
   pPrint Print = (pPrint)0x6FAC6780; 
   wchar_t Buffer[256]; 
   MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); 
   Print(Buffer, color); 
} 

GetPlayerID Code: 
CODEDWORD __declspec(naked) GetPlayerID(VOID) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] MOV ECX,DWORD PTR DS:[EAX+0xC] mov eax, ecx ret } } 

GetPlayerArea Code: 
CODEDWORD __declspec(naked) GetPlayerArea(void) { __asm { MOV EAX,DWORD PTR DS:[0x6FBCC1E0] push eax mov ebx, 0x6FABC0BC call ebx push eax mov ebx, 0x6FABC0B6 call ebx ret } } 

SendGamePacket Code: 
CODEvoid SendGAMEPacket(BYTE* Packet,DWORD PacketSize) { DWORD size1 = PacketSize; __asm { mov eax, Packet push Packet mov ebx, size1 mov edx, 0x6FB0DE40 call edx } }

GetCurrentLife Code: 
CODEDWORD __declspec(naked) GetCurrentLife() { __asm { mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } } 

GetMaxLife Code: 
CODEDWORD __declspec(naked) GetMaxLife() { __asm mov eax, 6 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } 

GetCurrentMana Code: 
CODEDWORD __declspec(naked) GetCurrentMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR eax,8 ret } }

GetMaxMana Code: 
CODEDWORD __declspec(naked) GetMaxMana() { __asm { mov eax, 8 mov ebx, 0x6FB653A0 call ebx SAR edx,8 mov eax,edx ret } } 

GamePrintMessage Code: 
CODEenum { colWhite, colRed, codGreen, colBlue, colGold, colGrey, colBlack, colBrown, colOrange, colYellow }; typedef void (_stdcall *pPrint)(wchar_t* Text, BYTE Color); void GamePrintMessage(char *Message, BYTE color) { pPrint Print = (pPrint)0x6FAC6780; wchar_t Buffer[256]; MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, Message, sizeof(Message), Buffer, sizeof(Buffer)); Print(Buffer, color); }
Link to post
Share on other sites

you don't need that function, you can simply Int() the result of _MemRev to get the decimal representation.

Alright guys - Sorry for double post - I figured it out.

#include <String.au3>

Func _HexadecimalToDecimal($var)
    $result = 0
    $sum = 0
    $power=0
    
    Do
        $currentDigit = StringRight(_MemRev($var),$power+1)
        $currentDigit = StringLeft($currentDigit,1)
        If $currentDigit = "A" Then
            $currentDigit = 10
        ElseIf $currentDigit = "B" Then
            $currentDigit = 11
        ElseIf $currentDigit = "C" Then
            $currentDigit = 12
        ElseIf $currentDigit = "D" Then
            $currentDigit = 13
        ElseIf $currentDigit = "E" Then
            $currentDigit = 14
        ElseIf $currentDigit = "F" Then
            $currentDigit = 15
        EndIf
        $result=$currentDigit*16^$power
        $power = $power + 1
        $sum = $sum + $result
    Until $currentDigit = "x"
    
    Return $sum
EndFunc;==>_HexadecimalToDecimal by joshdb

Example:

$Process = "EverQuest2.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$Read = _MemRead($h_open,0xF4798A,4)
MsgBox(0, "Test Box", "Test: " & _HexadecimalToDecimal($Read))
_MemClose($h_open)

Big huge thanks to: http://www.permadi.com/tutorial/numHexToDec/

Whew... :">

Link to post
Share on other sites

These functions read and/or edit what a process stores in memory. So, it's kinda like hacking. :o

Anyone have any write functions that work?

_MemWrite seems to work okay. you first have to call _MemCreate then pass the result to _MemWrite

i tried these last night and i checked with ollydbg, they we're all written properly

$hMem = _MemOpen( ProcessExists( 'game.exe' ) )
$len = _MemCreate( 0x04 )
$txt = _MemCreate( 'test' )
_MemWrite( $hMem, 0x109F8788, $len )
_MemWrite( $hMem, 0x109F8794, $txt )
_MemWrite( $hMem, 0x109F9138, $txt )
_MemClose( $hMem )

btw, i re-read the last few pages, you probably wrote the right thing before but read it back incorrectly. try outputting Int( _MemRev( _MemRead(...) ) ) after _MemWrite()ing to see if it really was written.

Edited by monji
Link to post
Share on other sites

_MemWrite seems to work okay. you first have to call _MemCreate then pass the result to _MemWrite

i tried these last night and i checked with ollydbg, they we're all written properly

$hMem = _MemOpen( ProcessExists( 'game.exe' ) )
$len = _MemCreate( 0x04 )
$txt = _MemCreate( 'test' )
_MemWrite( $hMem, 0x109F8788, $len )
_MemWrite( $hMem, 0x109F8794, $txt )
_MemWrite( $hMem, 0x109F9138, $txt )
_MemClose( $hMem )

btw, i re-read the last few pages, you probably wrote the right thing before but read it back incorrectly. try outputting Int( _MemRev( _MemRead(...) ) ) after _MemWrite()ing to see if it really was written.

Do I have to write it as a hex though? I would like to have a GUI Input Ctrl with a number And just do:

_MemWrite( $Mem, 0x000000,_MemCreate(GuiCtrlRead($Input1)))

How am i supposed to do that? Do I need to convert the number to something first? I'm confused :o

Hallman

Edited by Hallman
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...