Jump to content
Sign in to follow this  
oMBRa

get address from memory

Recommended Posts

oMBRa

I'm making a programm that get a value from the memory of a game. But the value is located in a dynamic address, so I found out the pointer to that adress. Now I have to make a function that get the adress from the pointer and I have no clue about how to make it... anyone can help me?

Share this post


Link to post
Share on other sites
ProgAndy

Why don't you use NomadMemory.au3 :P just make a normal _MemoryRead to read the pointer :P

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites
oMBRa

I used it and I always get: offset = 0x00000000 value = 0

Edited by oMBra

Share this post


Link to post
Share on other sites
oMBRa

in the example there is this code:

Dim $Offset[4]

$Offset[0] = 56 ;0x38 in Hex

$Offset[1] = 0 ;no offset for pointer 2

$Offset[2] = 200 ;0xC8 in Hex

$Offset[3] = 0 ;no offset for pointer 4

but I didnt understand with what I have to relace it

Edited by oMBra

Share this post


Link to post
Share on other sites
Oldschool

This code I use in one of my scripts, so you will have to tweak a little...But basically what it does is follow 2 pointers in search for a value. If both locations don't contain a value, it will end with Error 27

$iv_Pid = ProcessExists("Some.exe")
        $iv_DesiredAccess = 0x1F0FFF
        $av_OpenProcess = DllCall('Kernel32.dll', 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', 1, 'int', $iv_Pid)
        $procHwnd = $av_OpenProcess[0]
        If Not $procHwnd Then MsgBox(0, "","Error while getting process handle!")
        ;set the static address
        $Address = 0x6d6fed00
        Dim $Offset[5]
        $Offset[0] = 0xc4 
        $Offset[1] = 0x170
        $Offset[2] = 0xd8
        $Offset[3] = 0x58  
        $Offset[4] = 0x3d4  
        Local $v_Buffer = DllStructCreate('dword')
        For $i = 0 To 3 ;Ubound($Offset)-1
            $Address = Hex($Address + $Offset[$i])
            DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', '0x'&$Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            $Address = DllStructGetData($v_Buffer, 1)
            ;MsgBox(0, "", Hex($Address))
        Next
        $iv_Address = Hex($Address + $Offset[Ubound($Offset)-1])
        Local $read_Buffer = DllStructCreate("byte[24]")
        DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', Dec($iv_Address), 'ptr', DllStructGetPtr($read_Buffer), 'int', DllStructGetSize($read_Buffer), 'int', '')
        If @Error Then SetError(@Error + 1)
        Local $Output = BinaryToString(Binary(DllStructGetData($read_Buffer, 1)), 2)
        $var = StringInStr($OutPut, ".")
        $Output = StringLeft($Output, $var-1)
        If Not $Output Then
            $Address = 0x6d6fed00
            Dim $Offset[5]
            $Offset[0] = 0xc4 
            $Offset[1] = 0x170
            $Offset[2] = 0xA0
            $Offset[3] = 0x13C  
            $Offset[4] = 0x1EC  
            Local $v_Buffer = DllStructCreate('dword')
            For $i = 0 To 3 ;Ubound($Offset)-1
                $Address = Hex($Address + $Offset[$i])
                DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', '0x'&$Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
                $Address = DllStructGetData($v_Buffer, 1)
                ;MsgBox(0, "", Hex($Address))
            Next
            $iv_Address = Hex($Address + $Offset[Ubound($Offset)-1])
            Local $read_Buffer = DllStructCreate("byte[24]")
            DllCall("Kernel32.dll", 'int', 'ReadProcessMemory', 'int', $procHwnd, 'int', Dec($iv_Address), 'ptr', DllStructGetPtr($read_Buffer), 'int', DllStructGetSize($read_Buffer), 'int', '')
            If @Error Then SetError(@Error + 1)
            Local $Output = BinaryToString(Binary(DllStructGetData($read_Buffer, 1)), 2)
            $var = StringInStr($OutPut, " ")
            $Output = StringLeft($Output, $var-1)
        EndIf
        ;MsgBox(0, "", $Output)
        If Not $Output Then MsgBox(0, "Error 27", "Empty Address")
        Local $av_Ret = DllCall("Kernel32.dll", 'int', 'CloseHandle', 'int', $procHwnd)

Share this post


Link to post
Share on other sites
oMBRa

I get always " error while getting process handle"

Share this post


Link to post
Share on other sites
Oldschool

I get always " error while getting process handle"

You got a firewall or antivirus running in background?

Which .exe are you trying to do this with?

Share this post


Link to post
Share on other sites
oMBRa

I have no firewall / antivurs.. im trying to pening an exe of a games "war3.exe"

Share this post


Link to post
Share on other sites
oMBRa

I have to found the pointer becouse the address where is stored the value I have to read is dynamic, and I am makin a bot

Edited by oMBra

Share this post


Link to post
Share on other sites
Oldschool

It's possible that the game is not giving you access to itself...blocking OpenProcess from doing it's dirty work. Maybe try using a lower access privilege for that initial DLL call.

Share this post


Link to post
Share on other sites
oMBRa

I resolved the problem with " Error while getting process handle! " ... now I get always empty address

Edited by oMBra

Share this post


Link to post
Share on other sites
Oldschool

Send me a screenshot of your pointer...

It's hard to guess where you went wrong in the dark...

Share this post


Link to post
Share on other sites
oMBRa

Maybe I wrong to put my offset... what should I put in " static address" ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.