Sign in to follow this  
Followers 0
xshark

Please guide me. Memory Reading

7 posts in this topic

I was hoping that someone would help point me in the direction of a good tutorial on memory scanning.

I am looking to build a program that will allow one to scan a process and return every memory value from it (similar to tsearch, but i don't want to edit or write memory values). I do not know much about the architecture of process memory nor do i know much about autoit's built in functions for reading system memory.

I have found NomadMemory.au3 from a WOW hack post that looks like it is the solution for the autoit memory access functions but i am still unsure on how to utilize this tool to effectivly scan a process memory values.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

nmemory.au3 is good, but you want to find the fixed version of it, otherwise it has bug and couldnt scan sometime

it works perfectly for me to scan memory of Warcraft III.

Edited by longxx

Share this post


Link to post
Share on other sites

nmemory.au3 is good, but you want to find the fixed version of it, otherwise it has bug and couldnt scan sometime

it works perfectly for me to scan memory of Warcraft III.

I guess what I am really after is how memory addressing works. . . If I want to scan all memory addresses relevant to a given process for their values how would i do that besides scanning from 0x00000000 to 0xFFFFFFFF.

Share this post


Link to post
Share on other sites

As far as I know, that is the ONLY way to scan ALL memory addresses relevant to a given process. If the program you're trying to scan uses DMA (dynamic memory allocation), you could just scan the addresses that end in a certain character / (and most likely) characters. Like for example, you know that the info you want is always showing up at XXXXXXA0, you could scan all those addresses.


What goes around comes around... Payback's a bitch.

Share this post


Link to post
Share on other sites

As far as I know, that is the ONLY way to scan ALL memory addresses relevant to a given process. If the program you're trying to scan uses DMA (dynamic memory allocation), you could just scan the addresses that end in a certain character / (and most likely) characters. Like for example, you know that the info you want is always showing up at XXXXXXA0, you could scan all those addresses.

I guess I'm confused on how I would determine that without using a memory reader such as cheat engine or tsearch.

I am trying to read memory (not write) without the risk of loading programs capable of getting my account banned.

Share this post


Link to post
Share on other sites

use Bulb's name spoofer's script as template, it's the perfect example of memory searching

I made all my offset searching based on his template.

Share this post


Link to post
Share on other sites

use Bulb's name spoofer's script as template, it's the perfect example of memory searching

I made all my offset searching based on his template.

Cant find bulb's name spoofer. . . Could you please point me in the right direction to find that. Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0