Sign in to follow this  
Followers 0
Archman

Memory Reading Problem

13 posts in this topic

Using Cheat Engine 5.2 i can determin the health of a selected mob is 872

Cheat Engine Details of this data are:

Address = 0CB425D0 Type = 4 Bytes Value = 872

Reading through the forum i have used the following script to read this in AutoIt

#include <mem.au3>

$Process = 'test.exe' ;-> Target process
$PID = ProcessExists($Process) ;-> Get Process ID
$Address = 0x0CB425D0 ;-> Read/write address


$OpenProcess = _MemOpen(0x38, False, $PID) ;-> Enable reading/writing to the process and get the handle

    $v_Read = _MemRead($OpenProcess, $Address, 1) ;-> Read a 1 byte value from the defined address
    MsgBox(0,"Info", "The value of address "&HEX($Address, 8)&" is now: "&$v_Read)

_MemClose($OpenProcess) ;-> Disable reading/writing to the processoÝ÷ Øíz¸º)]x(­Ê&¦)^¶nÞ±Êâ¦Ö§vØ^»§Ø­+Þ²Ø^~e£§­¦ëSåZç¨|]­ë,Ð xÛôÉèÃ]8!ø©àzØ^r^¶®¶­sbb33c·eõ&VBÒôÖVÕ&VBb33c´÷Vå&ö6W72Âb33c´FG&W72ÂB
as the value in Cheat engine is 4 Bytes

I then get:

The Value of Address 0CB425D0 is now: h

The output i expected and what it should be is -- The Value of Address 0CB425D0 is now: 872

What am i doing wrong ? :whistle:

Share this post


Link to post
Share on other sites



What am i doing wrong ? :whistle:

_MemRead() returns an array, with the four bytes you read!


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

So $v_Read will have multiple Values ?

If that is so how do i take those values and end up with 872 like Cheat Engine shows?

Share this post


Link to post
Share on other sites

So $v_Read will have multiple Values ?

If that is so how do i take those values and end up with 872 like Cheat Engine shows?

so, what are the single values? Run the code below,note the values and post them.

#include <Array.au3>
_ArrayDisplay($v_Read,"Memory")

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Where do i get Array.au3 i searched but cant find it?

Also the Momory location 0CB425D0 was the same all last night and all today and i restarted the game multiple times.

Just loaded the game again to do what u asked and the Memory location of the information i wanna read has changed :/

Share this post


Link to post
Share on other sites

Where do i get Array.au3 i searched but cant find it?

it's part of the standard installation. Just use it like I posted it.

#include <Array.au3>

_ArrayDisplay($v_Read,"Memory")


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Useing

_ArrayDisplay($v_Read,"Memory")  oÝ÷ Úz-)àªiz{"~&v+m¡«­¢+Ù5Í ½à À°ÅÕ½Ðí%¹¼ÅÕ½Ðì°}ÉÉå¥ÍÁ±ä ÀÌØíÙ}I°ÅÕ½Ðí5µ½ÉäÅÕ½Ð줤

It just returns 0 everytime i try it

Altho when using Go to execute the script it doesnt finish i have to Stop Excecuting

Edited by Archman

Share this post


Link to post
Share on other sites
Useing
_ArrayDisplay($v_Read,"Memory")  oÝ÷ Úz-)àªiz{"~&v+m¡«­¢+Ù5Í ½à À°ÅÕ½Ðí%¹¼ÅÕ½Ðì°}ÉÉå¥ÍÁ±ä ÀÌØíÙ}I°ÅÕ½Ðí5µ½ÉäÅÕ½Ð줤

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Ok Cheat Engine Details of this data are:

Address = 0CB425D0 Type = 4 Bytes Value = 872

Script Using AutoIt:

#include <mem.au3>
#include <Array.au3>
$Process = 'TEST.exe' ;-> Target process
$PID = ProcessExists($Process) ;-> Get Process ID
$Address = 0CB425D0 ;-> Read/write address

$OpenProcess = _MemOpen(0x38, False, $PID) ;-> Enable reading/writing to the process and get the handle

    $v_Read = _MemRead($OpenProcess, $Address, 4) ;-> Read a 1 byte value from the defined address
    MsgBox(0,"Info", "The value of address "&HEX($Address, 8)&" is now: "&$v_Read)
    MsgBox(0,"Info", _ArrayDisplay($v_Read,"Memory"))
    MsgBox(0,"",IsArray($v_Read))

_MemClose($OpenProcess) ;-> Disable reading/writing to the processoÝ÷ Ù8b±­º¹ìN¢YhÂ)àU©nzÄáyV¥¹ê×kzË46ä="²z0ȳz,¥©ì·)^
= 0

So from this i Gather that _MemRead() is not returning an array, with the four bytes it reads!

Sorry For Being a Pain and Thank you for Helping :">

Share this post


Link to post
Share on other sites

_ArrayDisplay($v_Read,"Memory")
= 0

So from this i Gather that _MemRead() is not returning an array, with the four bytes it reads!

Sorry For Being a Pain and Thank you for Helping :">

O.K. then you have a different mem.au3 than me. Can you please post your mem.au3 here?

AND, what happens if you print (msgbox, or ClipPut): Hex($v_Read) and String($v_Read) ??


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

I copy and paste this from forum yesterday to make my mem.au3

Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '')
    Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
    DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
    Local $v_Return = DllStructGetData ($v_Struct, 1)
    $v_Struct=0
    Return $v_Return
EndFunc ;==> _MemRead()

Func _MemWrite($i_hProcess, $i_lpBaseAddress, $v_Inject, $i_nSize, $v_lpNumberOfBytesRead = '')
    Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
    DllStructSetData ($v_Struct, 1, $v_Inject)
    $i_Call = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
    $v_Struct=0
    Return $i_Call[0]
EndFunc ;==> _MemWrite()

Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)
    $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
    If @error Then
        SetError(1)
        Return 0
    EndIf
    Return $ai_Handle[0]
EndFunc ;==> _MemOpen()

Func _MemClose($i_hProcess)
    $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
    Return $av_CloseHandle[0]
EndFunc ;==> _MemClose()

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Here are the results from useing Hex($v_Read) and String($v_Read)

Hex($v_Read) returns 68030000

String($v_Read) returns 0x68030000

Edited by Archman

Share this post


Link to post
Share on other sites

Can you post your mem.au3 script please /dev/null so i can try using that one

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0