Jump to content
Sign in to follow this  
BlackMore

Memory read

Recommended Posts

BlackMore

Hi all,

I just started using Autoit more often now and tried some memory reading but i'm having some issues...

I'm tying to read a character name but all i got is the first letter and idk whats wrong with this

$proc = ProcessList("SRO_Client.exe")
    $adress=0x00CEC540
    $ID=_MemoryOpen($proc[1][1])
    If @Error Then
        MsgBox(0, "ERROR", "Failed to open memory")
    EndIf
    $charname = _MemoryRead($adress, $ID, 'char[16]')
    MsgBox(0,"",$charname)
    _MemoryClose($ID)

for exemple, char name is "abc" so what i got in the msgbox is "a"

thanks in advance

Share this post


Link to post
Share on other sites
Hiyoal

What UDF are you using??

Hiyoal :)

Share this post


Link to post
Share on other sites
JRowe

CODE
#include "NomadMemory.au3"

; Set your Game specific data here.

;Game.exe, w/e it is

$GameExecutableName = "InsertYourGameName.exe Here"

;The pointer or direct address of the variable you're getting from memory. Remember to include "0x" at the beginning of your hex address.

$pointer = "Insert your Pointer Here"

;The offset, or 0x0 if the pointer is a direct address

$GameDataOffset = "Insert your Offset Here"

;This attaches to the process

$list = ProcessList($GameExecutableName)

$ProcessID = $list[1][1]

$handle = _MemoryOpen($ProcessId)

;This reads the data from the pointer and converts it to a hex address.

$readPtr = "0x" & Hex(_MemoryRead($pointer, $handle, "int[32]"),8)

$GameDataAddress = "0x" & hex($readPtr + $GameDataOffset,8)

;If it's a direct address and not a pointer, then uncomment the next line

;$GameDataAddress = $pointer

$GameData = _MemoryRead($GameDataAddress, $handle, "char[16]")

_MemoryClose($handle)

MsgBox(0, '', $GameData)

It should be very simple to do what you're trying. Just read/edit the script where necessary.

More complex things are easily possible. I'm assuming you're using something like T-Search or Cheat Engine. At any rate, good luck!

Share this post


Link to post
Share on other sites
Hiyoal

Cheat Engine. Yea.

Try it in cheatengine with that address and see how long the char[] is, because that script should work.

Also, are you from elitepvpers or gzp??

Hiyoal :)

Share this post


Link to post
Share on other sites
JRowe
TomCat

Hi I also tryed to use your example, but I have a courious problem.

I changed all valius for my game.

Then I start the script. In Messagebox I get #

I changed the value in the Game now i get " after next change % and so on o.O

Any Ideat whats the reason for this Error ?

Share this post


Link to post
Share on other sites
FreeFry

The game is probably using DMA (Dynamic Memory Allocation), which makes the address for the name random on each run, etc.

Is the name stored as Unicode? if that's the case, then each character is separated by a NULL char, and is twice the size of the original name(example name is Roger, length of name is 5, size in memory to read would be 10(double the name length)), to strip out the NULL chars, you could use BinaryToString to convert it to a "normal" text string.

That MIGHT be the problem, as I don't have this SRO_Client.exe app, neither do I know what it is. :)

Share this post


Link to post
Share on other sites
H5O20H

No,Sro_Client is not using DMA.

Your code is wrong.


Valik, The Legendary programmer!Will be using that signature for 2 months due to my loss on a bet ):

Share this post


Link to post
Share on other sites
FreeFry

No,Sro_Client is not using DMA.

Your code is wrong.

My code?

I haven't posted any. I gave a suggestion, that's all.

Share this post


Link to post
Share on other sites
H5O20H

BlackMore's code.

FreeFry,your code is always tight and ready for use :)

Author,

basepointer:DWORD=$CEBB4C;

Charname:DWORD=$00CEA538;

function GetCharName(wnd:HWND):widestring;   stdcall;
 var
  ProcessId : integer;
  HandleWindow : Cardinal;
ergtemp:widestring;erg:Array[0..12] of WIDECHAR;
  baseAdress:DWord;
  BytesRead : Cardinal;i:integer;

 begin


  if wnd <> 0 then
  begin
    GetWindowThreadProcessId(wnd,@ProcessId);
    HandleWindow := OpenProcess(PROCESS_VM_READ,False,ProcessId);

    ReadProcessMemory(HandleWindow, Pointer(Charname),@erg, Sizeof(erg) ,BytesRead );



  end;
 ergtemp:='';
  for i:=0 to 20 do ergtemp:=ergtemp+erg[i];

Result:=ergtemp;

end;

Valik, The Legendary programmer!Will be using that signature for 2 months due to my loss on a bet ):

Share this post


Link to post
Share on other sites
FreeFry

Judging from that code, the name is not stored as Unicode, then my previous assumption might be wrong.. Hmm, gimme a minute. :)

Share this post


Link to post
Share on other sites
FreeFry

BlackMore, can you try this and see if it works?:

$proc = ProcessExists("SRO_Client.exe"); // No need to enumerate all the processes, you can get the PID from the ProcessExists function..
    If Not $proc Then
        MsgBox(0, "Error", "Process is not open, please run it first.")
    $adress=0x00CEC540
    $ID=_MemoryOpen($proc)
    If @Error Then
        MsgBox(0, "ERROR", "Failed to open memory")
    EndIf
    $charname = _MemoryRead($adress, $ID, 'char[16]')
    MsgBox(0,"",StringToBinary($charname))
    _MemoryClose($ID)

Share this post


Link to post
Share on other sites
H5O20H

FreeFry,I have a question too.

How can I call that function from that dll,I made it in delphi and I don't want to remake it in au3,but then the other problem comes up,I can't make the bar in delphi,so is it possible to do the bar in au3,but the dll to stay au3?


Valik, The Legendary programmer!Will be using that signature for 2 months due to my loss on a bet ):

Share this post


Link to post
Share on other sites
FreeFry

Hmm, sorry, what function and dll are you talking about? :) //semi-hijack

Share this post


Link to post
Share on other sites
soadmania

BlackMore, can you try this and see if it works?:

$proc = ProcessExists("SRO_Client.exe"); // No need to enumerate all the processes, you can get the PID from the ProcessExists function..
    If Not $proc Then
        MsgBox(0, "Error", "Process is not open, please run it first.")
    $adress=0x00CEC540
    $ID=_MemoryOpen($proc)
    If @Error Then
        MsgBox(0, "ERROR", "Failed to open memory")
    EndIf
    $charname = _MemoryRead($adress, $ID, 'char[16]')
    MsgBox(0,"",StringToBinary($charname))
    _MemoryClose($ID)
Code is wrong not 'char[16]' it should be 'wchar[40]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×