Jump to content

Memory Reading/Editing basics

Zephir

By Zephir,
in AutoIt General Help and Support

 Share

Recommended Posts

Zephir Prodigy

Zephir

Posted
Posted

Hello fellows,

Ive did some research on scripts on memory editing and found quite some. however i do not get the basics of it since it does not only imply autoit but also universal memory structure information which i am not very good at(actually not at all)

so could u help me and point out some good tuts or helpfiles i could read to learn... or even better if someone could give me a crash course for newbies :)

thanks for help!

Zephir

Link to comment
Share on other sites
seandisanti Universalist

seandisanti

Posted
Posted

Hello fellows,

Ive did some research on scripts on memory editing and found quite some. however i do not get the basics of it since it does not only imply autoit but also universal memory structure information which i am not very good at(actually not at all)

so could u help me and point out some good tuts or helpfiles i could read to learn... or even better if someone could give me a crash course for newbies :)

thanks for help!

Zephir

have you tried the UDF's for working with memory? Do you have code? If you have a more specific explanation of what you're trying to do, it may narrow down what you need to learn and make it a little less daunting of a task.
Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted

have you tried the UDF's for working with memory? Do you have code? If you have a more specific explanation of what you're trying to do, it may narrow down what you need to learn and make it a little less daunting of a task.

sorry, let me put myself a little clearer:

I would like to read out game memory. current games like World Of Warcraft or Guild Wars. U dont have to worry whether it is save or not just how to do it. The udfs did not help because i just cant figure out what the parameters are... :D

hope it helped to help :)

Link to comment
Share on other sites
seandisanti Universalist

seandisanti

Posted
Posted

sorry, let me put myself a little clearer:

I would like to read out game memory. current games like World Of Warcraft or Guild Wars. U dont have to worry whether it is save or not just how to do it. The udfs did not help because i just cant figure out what the parameters are... :D

hope it helped to help :)

one program that you can get that may help you, is called 'ArtMoney' it's a nice little memory searching/modifying program. you can use it to identify what addresses or types you're trying to read.
Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted

one program that you can get that may help you, is called 'ArtMoney' it's a nice little memory searching/modifying program. you can use it to identify what addresses or types you're trying to read.

Ok thanks,

prog looks fine. ill try it but first i am gonna do some extreme google.com-ing on memory reading

Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted

well i tried to work with the programm but still i cant get much out of it since i lack the basics of prozess memory reading/writing.

how is e.g. Game memory build up. what does it usually store. where is it stored. how can i influence this memory. can i hide memory editing so that is undetectable by security tools like Warden(World of Warcraft)...

questions like those are a pain in the butt and i just cant find anything on the web to learn from...

please help

Link to comment
Share on other sites
Outshynd Wayfarer

Outshynd

Posted
Posted

well i tried to work with the programm but still i cant get much out of it since i lack the basics of prozess memory reading/writing.

how is e.g. Game memory build up. what does it usually store. where is it stored. how can i influence this memory. can i hide memory editing so that is undetectable by security tools like Warden(World of Warcraft)...

questions like those are a pain in the butt and i just cant find anything on the web to learn from...

please help

Most values are stored in memory in 4-byte variables (integers, or 'int'). That said, some are 2-bytes, some are just a single byte, but, more often than not, the value will occupy four bytes in memory, so you can pretty safely assume that anything you search for will be four bytes.

First, let me explain how you figure out what size your variable is going to be if you search for it using a four byte search and you come up empty.

One byte has a maximum value of 255 (if it's unsigned, 127 if it's signed... more on that later). If you're searching for health and it has a maximum value of 100, chances are you can use a one-byte search and find it just fine. This is because, in memory, values are stored in hexidecimal format, which counts 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. One byte stores two of these numbers/letters. 0xA3 is one byte. It starts at 0x00 and ends at 0xFF. 0xFF = 255. Each F, in hexidecimal, is equal to 15, so 0xFF is equal to 15*15, or 255. I hope that's clear. So, if your value is always going to be less than 255 and you know it will NEVER go above 255--things like facing direction in a 4-directional game which, obviously, will only have four possible values for direction faced--then you can safely assume you're searching for a single byte variable.

Two bytes--or a 'short' type variable--has a maximum value of 65535 for unsigned or 32767 for signed. Most of the time, values will be unsigned, so 65535 is the max value for a short type variable. If you know that the value you're looking for will never go above 65535, search two bytes. An example of this might be x or y coordinate on a tile-based game. If the map has 300x300 tiles in it and you're standing at coordinates 269, 4, obviously your x coordinate is not a single-byte variable (it's > 255), so search for two bytes. Again, minimum value of 0x0000 (0) and maximum value of 0xFFFF (65535).

Four bytes--or an 'int' type variable--has a maximum value of 4294967295 (that's 4.29 billion) unsigned and 2147483647 signed. Most values fall into this category. Your character's identification number or experience points might be more than 65535 but less than 4.3bil. Anything that has a relatively large number--or whose number you just don't know--is (probably) an integer.

Now then, signed or unsigned? Signed variables go into negatives. We said that a signed byte has a max value of 127 but it has a minimum value of (NEGATIVE) -128. If you're looking for a variable, such as damage modifiers or something, that has a maximum value of more than 127, less than 255, but it can go into negatives as well, search two bytes. Just because the max value is less than 255 doesn't mean it's automatically a byte, especially if it can go into negatives. In conclusion for signed/unsigned: unsigned integers do not have negative values while signed integers may.

When I get a little bit more time, I may go into memory searching/reading/writing a bit more in-depth. For now, knowing what type of value to search for will help you astronomically. It'll refine your searches by a lot. Don't search for a byte if you know it's a short; don't search for a short if you know it's an int. Sure, its current value MAY BE less than 65535, but if it has the POSSIBILITY of having a value higher than 65535, it's stored as an integer, so you don't have to look through every two bytes in memory. Something with a value of 1000 that's stored as an integer will just have 00s as its leading two bytes, i.e. 0x000003E8. It's still an int, though.

Hope it was of SOME help, anyway.

Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted

okay,

ive run a search on wow using ArtMoney.

Settings were:

looking for exact value

value = 100

int 1 byte

ive been looking for health bar in per cent (thus 100 when life was fully recovered)

now the prog gives me 500000 entries....how do i know which one is the one i m looking for?

i opened memory editor and tried editing some of the stuff but nothing happened

help!!!

Link to comment
Share on other sites
seandisanti Universalist

seandisanti

Posted
Posted

okay,

ive run a search on wow using ArtMoney.

Settings were:

looking for exact value

value = 100

int 1 byte

ive been looking for health bar in per cent (thus 100 when life was fully recovered)

now the prog gives me 500000 entries....how do i know which one is the one i m looking for?

i opened memory editor and tried editing some of the stuff but nothing happened

help!!!

if you're using ArtMoney, after you search for a known value, wait for the value to change, then filter those results (filter button) for new value... keep doing that until you can narrow the results to 1 or two.
Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted

Editing memory values at random is a sure way to crash your program.

Editing memory values while Warden is active is a sure way to get your account banned.

Well I might be a noob on memory reading but I am not stupid. I try the memory reading and editing on my private WoW server! which means no Warden, no Blizzard, no banns! :)

if you're using ArtMoney, after you search for a known value, wait for the value to change, then filter those results (filter button) for new value... keep doing that until you can narrow the results to 1 or two.

Okay i am gonna try right now! gonna come back in a little!

Thanks so far!

Link to comment
Share on other sites
Zephir Prodigy

Zephir

Posted
  • Author
Posted (edited)

Okay,

i scanned for my hitpoints ingame! and narrowed it down to 4 ints:

;Memory Read for WoW 1.12.1

[life]currentlife1=0BAF1DD0 ;int 2 bytes

maxlife1=0BAF1DE8 ;int 2 bytes

currentlife2=0BAF31C4 ;int 2 bytes

maxlife2=0BAF31DC ;int 2 bytes

maxlife1 and maxlife2 does not change, meaning that they keep the same values. I figured it doesnt matter which one i take.

currentlife1 and currentlife2 do change as i get dmg or raise/lower my current HP. however they are not quite the same.

example:

max. HP are 400

after fighting a mob i am down to 200.

now currentlife1 shows like 201 and currentlife2 197.

I thought that WoW might use 2 kinds of HP calculating systems just to make sure eveythings right.

This would mean to me that currentlife1 and currentlife2 mean the same.

Am i right?

so far so good.

now i want to read this crap out using w0uters _mem() func. my problem is. what info do i need to plug into the parameters?

could anyone provide an example (using values above) how to read out wow life data and save to variable using autoit?

I appreciate ur input very much !!!

greetz,

Zephir

Edited by Zephir
Link to comment
Share on other sites
AzKay Universalist

AzKay

Posted
Posted

I suggest Cheat Engine.

Or, if your just starting out TSearch.

Both have a Tutorial.

( I highly recomend Cheat Engine for functionality, TSearch for speed. )

# MY LOVE FOR YOU... IS LIKE A TRUCK- #
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...