Sign in to follow this  
Followers 0
tmo

editing game memory with autoit

12 posts in this topic

#1 ·  Posted (edited)

thx to nomad for the memory UDF.

this script allows you to change your name in warcraft III customgames by editing the process memory.

If Not ProcessExists('war3.exe') Then
    MsgBox(48,"Error", "Warcraft 3 Process not found! Please start Warcraft III first.")
    Exit
EndIf
 
; includes / options
#include <nMemory2.au3>
#include <GUIConstants.au3>
#include <Constants.au3>
Opt("GUIOnEventMode", 1)
Opt("TrayOnEventMode", 1)
 
;memory stuff
Global $type1 = 'char[4]'
Global $type2 = 'char[20]'
$PID = ProcessExists('war3.exe')
SetPrivilege("SeDebugPrivilege", 1)
Global $hMem = _MemoryOpen($PID)
Global $offset = _getOffset($hMem)
 
;other variables
Global $sOriginalName = _getName($hMem)
 
 
;create GUI and GUICtrl's
$GUI = GUICreate("Warcraft III TFT Namespoofer", 300,200)
 
$info1 = GUICtrlCreateLabel("Original Name:", 5, 10, 100, 20)
$info2 = GUICtrlCreateLabel("Current Name:", 5, 35, 100, 20)
$originalName = GUICtrlCreateInput($sOriginalName, 100, 10, 100, 20, $ES_READONLY)
$currentName = GUICtrlCreateInput($sOriginalName, 100, 35, 100, 20, $ES_READONLY)
 
$changeName = GUICtrlCreateInput("", 100, 60, 100, 20)
$change = GUICtrlCreateButton("Change Name!", 110, 85, 80, 20)
$reset = GUICtrlCreateButton("Reset Name!", 210, 10, 80, 20)
 
$credits = GUICtrlCreateButton("Credits!", 120, 150, 60, 20)
 
 
; set events
GUISetOnEvent($GUI_EVENT_CLOSE, "_exit")
GUICtrlSetOnEvent($credits, "_credits")
GUICtrlSetOnEvent($change, "_changeName")
GUICtrlSetOnEvent($reset, "_resetName")
 
;show GUI/Tray
GUISetState()
 
While 1
    Sleep(10)
WEnd
 
;functions
 
Func _changeName()
    _setName(GUICtrlRead($changeName))
EndFunc
 
Func _resetName()
    _setName($sOriginalName)
EndFunc
 
Func _setName($sName)
    _MemoryWrite($offset, $hMem, $sName, $type2)
    GUICtrlSetData($currentName, $sName)
EndFunc
 
Func _getName($hMemory)
    Return _MemoryRead($offset,$hMemory, $type2)
EndFunc
 
Func _getOffset($hMemory)
    Local $i = 0
    While $i <= 16^4 AND _MemoryRead('0x' & hex($i,4) & '02D4',$hMemory,$type1) <> "PX3W"
        $i += 1
    WEnd
    Return '0x' & hex($i,4) & '02B4'
EndFunc
 
;Exit
Func _exit()
    SetPrivilege("SeDebugPrivilege", 0)
    If _MemoryClose($hMem) = 1 Then
        Exit
    Else
        MsgBox(48, "Error", "An error occured while trying to close the Memory")
    EndIf
EndFunc
 
;credits
Func _credits()
    $msgreturn = MsgBox(68, "Credits", "Written by: blub, tmo & sin" & @CRLF & "Questions/Feedback at http://www.lame.de.tc" 
    & @CRLF & 
    "Do you wanna visit us?", 10)
    If $msgreturn = 6 OR $msgreturn = -1 Then
         _visit("http://chiller123.ch.funpic.de/forum/index.php")
    EndIf
EndFunc
 
;visit URL
Func _visit($url)
    RunWait("rundll32.exe url.dll,FileProtocolHandler " & $url, @WorkingDir)
EndFunc

nMemory2.au3

Edited by tmo

Share this post


Link to post
Share on other sites



thats really interesting.

well done

Share this post


Link to post
Share on other sites

great script! it works on vista too.

yeah! thx guys!

Share this post


Link to post
Share on other sites

nice work there tho editing memory is new to autoit!

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I got this error message when trying to run this, any idea why?

>"C:\Program Files\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "C:\Program Files\AutoIt3\Examples\__namespoofer.au3" 
C:\Program Files\AutoIt3\Examples\__namespoofer.au3 (30) : ==> Variable used without being declared.:
$originalName = GUICtrlCreateInput($sOriginalName, 100, 10, 100, 20, $ES_READONLY)
$originalName = GUICtrlCreateInput($sOriginalName, 100, 10, 100, 20, ^ ERROR
>Exit code: 1   Time: 0.566

UPDATE:

ok I fixed two things in the script to get it running, one is at line 30&31

I changed them to

$originalName = GUICtrlCreateInput($sOriginalName, 100, 10, 100, 20)
$currentName = GUICtrlCreateInput($sOriginalName, 100, 35, 100, 20)

by removing the $ES_READONLY at end, any idea why did he put on there in the first place?

Secondly at the last msgbox, I had to put everything in same line,

so, overall final working script is

If Not ProcessExists('war3.exe') Then
    MsgBox(48,"Error", "Warcraft 3 Process not found! Please start Warcraft III first.")
    Exit
EndIf
 
; includes / options
#include <nMemory2.au3>
#include <GUIConstants.au3>
#include <Constants.au3>
Opt("GUIOnEventMode", 1)
Opt("TrayOnEventMode", 1)
 
;memory stuff
Global $type1 = 'char[4]'
Global $type2 = 'char[20]'
$PID = ProcessExists('war3.exe')
SetPrivilege("SeDebugPrivilege", 1)
Global $hMem = _MemoryOpen($PID)
Global $offset = _getOffset($hMem)
 
;other variables
Global $sOriginalName = _getName($hMem)
 
 
;create GUI and GUICtrl's
$GUI = GUICreate("Warcraft III TFT Namespoofer", 300,200)
 
$info1 = GUICtrlCreateLabel("Original Name:", 5, 10, 100, 20)
$info2 = GUICtrlCreateLabel("Current Name:", 5, 35, 100, 20)
$originalName = GUICtrlCreateInput($sOriginalName, 100, 10, 100, 20)
$currentName = GUICtrlCreateInput($sOriginalName, 100, 35, 100, 20)
 
$changeName = GUICtrlCreateInput("", 100, 60, 100, 20)
$change = GUICtrlCreateButton("Change Name!", 110, 85, 80, 20)
$reset = GUICtrlCreateButton("Reset Name!", 210, 10, 80, 20)
 
$credits = GUICtrlCreateButton("Credits!", 120, 150, 60, 20)
 
 
; set events
GUISetOnEvent($GUI_EVENT_CLOSE, "_exit")
GUICtrlSetOnEvent($credits, "_credits")
GUICtrlSetOnEvent($change, "_changeName")
GUICtrlSetOnEvent($reset, "_resetName")
 
;show GUI/Tray
GUISetState()
 
While 1
    Sleep(10)
WEnd
 
;functions
 
Func _changeName()
    _setName(GUICtrlRead($changeName))
EndFunc
 
Func _resetName()
    _setName($sOriginalName)
EndFunc
 
Func _setName($sName)
    _MemoryWrite($offset, $hMem, $sName, $type2)
    GUICtrlSetData($currentName, $sName)
EndFunc
 
Func _getName($hMemory)
    Return _MemoryRead($offset,$hMemory, $type2)
EndFunc
 
Func _getOffset($hMemory)
    Local $i = 0
    While $i <= 16^4 AND _MemoryRead('0x' & hex($i,4) & '02D4',$hMemory,$type1) <> "PX3W"
        $i += 1
    WEnd
    Return '0x' & hex($i,4) & '02B4'
EndFunc
 
;Exit
Func _exit()
    SetPrivilege("SeDebugPrivilege", 0)
    If _MemoryClose($hMem) = 1 Then
        Exit
    Else
        MsgBox(48, "Error", "An error occured while trying to close the Memory")
    EndIf
EndFunc
 
;credits
Func _credits()
    $msgreturn = MsgBox(68, "Credits", "Written by: blub, tmo & sin" & @CRLF & "Questions/Feedback at http://www.lame.de.tc"   & @CRLF &   "Do you wanna visit us?", 10)
    If $msgreturn = 6 OR $msgreturn = -1 Then
         _visit("http://chiller123.ch.funpic.de/forum/index.php")
    EndIf
EndFunc
 
;visit URL
Func _visit($url)
    RunWait("rundll32.exe url.dll,FileProtocolHandler " & $url, @WorkingDir)
EndFunc
Edited by longxx

Share this post


Link to post
Share on other sites

He udes $ES_READONLY that do don't change the Original Name.

This Const is defined in #include <EditConstants.au3>


*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

but then how come I got error when it has $ES_READONLY?

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

I love how this has no one with more than 100 posts in the thread... (I'm leaving out andy) :) The majority doesn't have more than 100 then. LOL!

Are you having a go at us Bert?

If so, i would love to know why. If not, i grabbed the wrong end of the stick :) (is being tired an excuse??)


My scripts:AppLauncherTRAY - Awesome app launcher that runs from the system tray NEW VERSION! | Run Length Encoding - VERY simple compression in pure autoit | Simple Minesweeper Game - Fun little game :)My website

Share this post


Link to post
Share on other sites

I wouldn't say this is a proof of concept, I mean - it works nicely. But memory editing isn't new with autoit.


[left][sub]We're trapped in the belly of this horrible machine.[/sub][sup]And the machine is bleeding to death...[/sup][sup][/sup][/left]

Share this post


Link to post
Share on other sites

If I knew that my cd key was at xxxxxxA0, when in local area network, how would I go about retrieving it?


What goes around comes around... Payback's a bitch.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0