xshark Posted June 18, 2008 Share Posted June 18, 2008 I was hoping that someone would help point me in the direction of a good tutorial on memory scanning. I am looking to build a program that will allow one to scan a process and return every memory value from it (similar to tsearch, but i don't want to edit or write memory values). I do not know much about the architecture of process memory nor do i know much about autoit's built in functions for reading system memory. I have found NomadMemory.au3 from a WOW hack post that looks like it is the solution for the autoit memory access functions but i am still unsure on how to utilize this tool to effectivly scan a process memory values. Link to comment Share on other sites More sharing options...
longxx Posted June 18, 2008 Share Posted June 18, 2008 (edited) nmemory.au3 is good, but you want to find the fixed version of it, otherwise it has bug and couldnt scan sometime it works perfectly for me to scan memory of Warcraft III. Edited June 18, 2008 by longxx Link to comment Share on other sites More sharing options...
xshark Posted June 19, 2008 Author Share Posted June 19, 2008 nmemory.au3 is good, but you want to find the fixed version of it, otherwise it has bug and couldnt scan sometimeit works perfectly for me to scan memory of Warcraft III.I guess what I am really after is how memory addressing works. . . If I want to scan all memory addresses relevant to a given process for their values how would i do that besides scanning from 0x00000000 to 0xFFFFFFFF. Link to comment Share on other sites More sharing options...
Kickassjoe Posted June 19, 2008 Share Posted June 19, 2008 As far as I know, that is the ONLY way to scan ALL memory addresses relevant to a given process. If the program you're trying to scan uses DMA (dynamic memory allocation), you could just scan the addresses that end in a certain character / (and most likely) characters. Like for example, you know that the info you want is always showing up at XXXXXXA0, you could scan all those addresses. What goes around comes around... Payback's a bitch. Link to comment Share on other sites More sharing options...
xshark Posted June 19, 2008 Author Share Posted June 19, 2008 As far as I know, that is the ONLY way to scan ALL memory addresses relevant to a given process. If the program you're trying to scan uses DMA (dynamic memory allocation), you could just scan the addresses that end in a certain character / (and most likely) characters. Like for example, you know that the info you want is always showing up at XXXXXXA0, you could scan all those addresses.I guess I'm confused on how I would determine that without using a memory reader such as cheat engine or tsearch. I am trying to read memory (not write) without the risk of loading programs capable of getting my account banned. Link to comment Share on other sites More sharing options...
longxx Posted June 19, 2008 Share Posted June 19, 2008 use Bulb's name spoofer's script as template, it's the perfect example of memory searching I made all my offset searching based on his template. Link to comment Share on other sites More sharing options...
xshark Posted June 20, 2008 Author Share Posted June 20, 2008 use Bulb's name spoofer's script as template, it's the perfect example of memory searchingI made all my offset searching based on his template.Cant find bulb's name spoofer. . . Could you please point me in the right direction to find that. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now