Sign in to follow this  
Followers 0
oMBRa

get address from memory

17 posts in this topic

I'm making a programm that get a value from the memory of a game. But the value is located in a dynamic address, so I found out the pointer to that adress. Now I have to make a function that get the adress from the pointer and I have no clue about how to make it... anyone can help me?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Why don't you use NomadMemory.au3 :P just make a normal _MemoryRead to read the pointer :P

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I used it and I always get: offset = 0x00000000 value = 0

Edited by oMBra

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

in the example there is this code:

Dim $Offset[4]

$Offset[0] = 56 ;0x38 in Hex

$Offset[1] = 0 ;no offset for pointer 2

$Offset[2] = 200 ;0xC8 in Hex

$Offset[3] = 0 ;no offset for pointer 4

but I didnt understand with what I have to relace it

Edited by oMBra

Share this post


Link to post
Share on other sites

This code I use in one of my scripts, so you will have to tweak a little...But basically what it does is follow 2 pointers in search for a value. If both locations don't contain a value, it will end with Error 27

$iv_Pid = ProcessExists("Some.exe")
        $iv_DesiredAccess = 0x1F0FFF
        $av_OpenProcess = DllCall('Kernel32.dll', 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', 1, 'int', $iv_Pid)
        $procHwnd = $av_OpenProcess[0]
        If Not $procHwnd Then MsgBox(0, "","Error while getting process handle!")
        ;set the static address
        $Address = 0x6d6fed00
        Dim $Offset[5]
        $Offset[0] = 0xc4 
        $Offset[1] = 0x170
        $Offset[2] = 0xd8
        $Offset[3] = 0x58  
        $Offset[4] = 0x3d4  
        Local $v_Buffer = DllStructCreate('dword')
        For $i = 0 To 3 ;Ubound($Offset)-1
            $Address = Hex($Address + $Offset[$i])
            DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', '0x'&$Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            $Address = DllStructGetData($v_Buffer, 1)
            ;MsgBox(0, "", Hex($Address))
        Next
        $iv_Address = Hex($Address + $Offset[Ubound($Offset)-1])
        Local $read_Buffer = DllStructCreate("byte[24]")
        DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', Dec($iv_Address), 'ptr', DllStructGetPtr($read_Buffer), 'int', DllStructGetSize($read_Buffer), 'int', '')
        If @Error Then SetError(@Error + 1)
        Local $Output = BinaryToString(Binary(DllStructGetData($read_Buffer, 1)), 2)
        $var = StringInStr($OutPut, ".")
        $Output = StringLeft($Output, $var-1)
        If Not $Output Then
            $Address = 0x6d6fed00
            Dim $Offset[5]
            $Offset[0] = 0xc4 
            $Offset[1] = 0x170
            $Offset[2] = 0xA0
            $Offset[3] = 0x13C  
            $Offset[4] = 0x1EC  
            Local $v_Buffer = DllStructCreate('dword')
            For $i = 0 To 3 ;Ubound($Offset)-1
                $Address = Hex($Address + $Offset[$i])
                DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', '0x'&$Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
                $Address = DllStructGetData($v_Buffer, 1)
                ;MsgBox(0, "", Hex($Address))
            Next
            $iv_Address = Hex($Address + $Offset[Ubound($Offset)-1])
            Local $read_Buffer = DllStructCreate("byte[24]")
            DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', Dec($iv_Address), 'ptr', DllStructGetPtr($read_Buffer), 'int', DllStructGetSize($read_Buffer), 'int', '')
            If @Error Then SetError(@Error + 1)
            Local $Output = BinaryToString(Binary(DllStructGetData($read_Buffer, 1)), 2)
            $var = StringInStr($OutPut, " ")
            $Output = StringLeft($Output, $var-1)
        EndIf
        ;MsgBox(0, "", $Output)
        If Not $Output Then MsgBox(0, "Error 27", "Empty Address")
        Local $av_Ret = DllCall("Kernel32.dll", 'int', 'CloseHandle', 'int', $procHwnd)

Share this post


Link to post
Share on other sites

I get always " error while getting process handle"

Share this post


Link to post
Share on other sites

I get always " error while getting process handle"

You got a firewall or antivirus running in background?

Which .exe are you trying to do this with?

Share this post


Link to post
Share on other sites

I have no firewall / antivurs.. im trying to pening an exe of a games "war3.exe"

Share this post


Link to post
Share on other sites

why??

Share this post


Link to post
Share on other sites

plz someone help me

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

I have to found the pointer becouse the address where is stored the value I have to read is dynamic, and I am makin a bot

Edited by oMBra

Share this post


Link to post
Share on other sites

It's possible that the game is not giving you access to itself...blocking OpenProcess from doing it's dirty work. Maybe try using a lower access privilege for that initial DLL call.

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

I resolved the problem with " Error while getting process handle! " ... now I get always empty address

Edited by oMBra

Share this post


Link to post
Share on other sites

Send me a screenshot of your pointer...

It's hard to guess where you went wrong in the dark...

Share this post


Link to post
Share on other sites

Maybe I wrong to put my offset... what should I put in " static address" ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0