Jump to content

NomadMemory - calc.exe: find base pointer


Recommended Posts

Hi all,

 

i startet playing aorung with the NomadMemeory.au3.

I successfull create a small Script to read the Adress Values for the calculation result from calc.exe.

My Problem is, if i restart the calc.exe process the addresses from calc.exe changes.

Here is my small Autoit script. The Script only works if it is compiled and if u change the address to your address.

The function "_MemoryModuleGetBaseAddress" is located here: https://www.autoitscript.com/forum/topic/78834-memory-udf/?page=2

#RequireAdmin ;Needs Admin and the Script only works if you compile it!
#include <NomadMemory.au3>

;Get The Process ID
$PID = ProcessExists('calc.exe')

;Open Memory
$hOpen = _memoryOpen($PID)
;This is the adress wich changes every restart
$adress = '0x0026A58C'


;get The Base Adress. Returns the Base Adress, but it returns another value then the calculated result in calc.exe
$baseAddr = _MemoryModuleGetBaseAddress($PID, "calc.exe")
;Display the Base Adress
MsgBox(0, 'base adress', $baseAddr)

;Read the Memory Address
$read = _MemoryRead($adress, $hOpen, 'dword')
;Display Adress Value
MsgBox(0, 'Adress Value', $read)
;Replace the adress value with '1337'
$write = _MemoryWrite($adress, $hOpen, '1337', 'dword')

;Close memory
_MemoryClose($hOpen)

I attached a image wich show what i mean with "calculation result".

My goal is to get the base pointer and have the ability to read the value without changing the address on every time calc.exe restarts.

 

Unbenannt.png

Link to comment
Share on other sites

  • Moderators

MemoryLearner,

Quote

My goal is to get the base pointer and have the ability to read the value

So why do you have this line in your code:

;Replace the adress value with '1337'
$write = _MemoryWrite($adress, $hOpen, '1337', 'dword')

Why do you need to write to the address if all you want is to read it?

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

13 minutes ago, Melba23 said:

MemoryLearner,

So why do you have this line in your code:

;Replace the adress value with '1337'
$write = _MemoryWrite($adress, $hOpen, '1337', 'dword')

Why do you need to write to the address if all you want is to read it?

M23

As i already mentioned i playing around with Nomadmemory and i also tried to write memory.

My Final Goal is to change the calculation result, but in this thread i only ask for getting the base pointer.

For my purpose it is totally wayne if i playing around with calc.exe or some other PE file, i just wanna have some fun :)

Link to comment
Share on other sites

  • Moderators

MemoryLearner,

Quote

For my purpose it is totally wayne if i playing around with calc.exe or some other PE file

That might be the case for you, but not for us. You might not to have read the Forum rules since your arrival, so please do read them - particularly the bit about not discussing game automation - before you post again. I would like to believe your intentions are as pure as driven snow, but you never know.....

M23

 

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

Just now, Melba23 said:

MemoryLearner,

That might be the case for you, but not for us. You might not to have read the Forum rules since your arrival, so please do read them - particularly the bit about not discussing game automation - before you post again. I would like to believe your intentions are as pure as driven snow, but you never know.....

M23

I already read the forums rules(longer time ago, i am a quite reader) and I also know that some people are very carefull when it comes to asking about potential bots or hacks or other malicous usage, but i dont have any good answer for your question.

the only reason is that i was bored and

The only reason why I'm dealing with it is because I'm interested in it.
I could now google for meaningful purposes to answer your question perfectly, but that would not help us any further.

For the same reason, I started programming at that time, simply because it interested me. That's exactly the motivation with which everyone started to learn and to educate, simply
because he is interested in it.
I was just bored and searched for interesting topics and decided to deal with the NomadMemory.au3.
Most of the autoit libraries can be used for malicious purposes, e.g. the ie.au3 can be used to program bots and the crypt.au3 can be used to create ransomware.

So the only answer I have is: because I'm interested in the topic.:)

Link to comment
Share on other sites

  • Moderators

MemoryLearner,

Delighted to hear it.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

  • Moderators

Aside from the razor-thin tenuous explanation you give, this is simply not the best way to do this. There are numerous topics on the forum about automating the calculator as a learning exercise; the help file even contains a tutorial around building your own. If you are truly interested in learning the language and programming in general, you should be likewise interested in doing things the correct way.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...