Demonic Posted November 1, 2008 Posted November 1, 2008 So, I have a predicament. For some values in a .exe I can find the Address and then a pointer offset to create a static address consistently used to read the memory of that part of the process. However, some values I can not find a static address for, for whatever reason. As a result, I figured I would try and scan the memory values for that value in the addresses. I attempted this code: expandcollapse popup#Include <NomadMemory.au3> HotKeySet("{ESC}", "_Exit") HotKeySet("{NumPad0}", "_SearchToggle") $AddressMin = 0x02000000 ; The range between which the variable is usually stored in memory $AddressMax = 0x05000000 Const $iv_hWnd = "Process" Const $iv_Process = "Process.exe" Dim $iv_Pid = ProcessExists($iv_Process) ; Opens the memory of the process by PID Dim $iv_Memory = _MemoryOpen($iv_Pid) $Searching = False $Address = 0x05000000 $AddressFinal = 0 While 1 If $Searching = True Then Dim $Value Dim $ValueWanted = 3455 $Value = _MemoryRead($Address, $iv_Memory) ConsoleWrite("The Value at Memory Address: " & Hex($Address) & " is " & $Value & @CR) If $Value = $ValueWanted Then $Searching = False ; If found, records the address and ends the search $AddressFinal = $Address Else $Address -= 0x1 ; Else checks the next address 0x1 lower then the previous EndIf EndIf If $AddressFinal > 0 Then Sleep(1000) $Value = _MemoryRead($AddressFinal, $iv_Memory) ConsoleWrite("The Value at Memory Address: " & Hex($AddressFinal) & " is " & $Value & @CR) EndIf WEnd Func _SearchToggle() If $Searching = False Then $Searching = True Else $Searching = False EndIf EndFunc ;==> Toggles On or Off Func _Exit() _MemoryClose($iv_Memory) Exit EndFunc ;==> Close Memory & Exit What this script essentially does: - Searches for a value, in this case $ValueWanted in memory addresses - Checks a memory address at the top of the range - If the memory address holds that value, the search stops and the program starts constantly updating what that value is Problems that I need you guys to assist me in addressing: - Almost every time, there is more then one address that holds $ValueWanted, which means that I need a way to filter out which is correct and which is not. I could do this with an array after establishing which values hold the value I am searching for, changing the value manually and then rechecking to see which memory addresses hold the new value I want This is inefficient however due to the speed at which the search occurs. It takes several seconds to search through just a mere 5000 addresses, and as there is millions, this is a huge issue. I feel that the entire program will need rewritten to somehow find the value faster. Notably, I read under the World of Warcraft Developement about Halu memory scanning for the addresses, however the code was so uncommented I could not understand at all. Thanks if any help comes.
Intosia Posted November 1, 2008 Posted November 1, 2008 I suggest taking a look at the program from Spiro:http://www.memoryhacking.com/Great tool for mh. Maybe it can help you get some 'starting values', or offsets. Change my avatar! ^^
Demonic Posted November 1, 2008 Author Posted November 1, 2008 (edited) I suggest taking a look at the program from Spiro:http://www.memoryhacking.com/Great tool for mh. Maybe it can help you get some 'starting values', or offsets.Thanks for the quick reply, however I do not believe that this will aid me much --As I had said, I've already used a memory address-scanning program to find addresses and static offsets for some values. Some values, it seems however, cannot be found as a static address, which is why I am attempting to look into scanning through the addresses.I will, however, look into this. Thanks.Edit:I thought about it for a bit and the suggestion of that program made me wonder.How does it check through over 7-million addresses in under a second to find out what they all are? Cause thats exactly what I need to do -- essentially a memory hacking program in my script. Edited November 1, 2008 by Arakard
Demonic Posted November 1, 2008 Author Posted November 1, 2008 Edited script a bit.. still not there though.
Intosia Posted November 4, 2008 Posted November 4, 2008 How does it check through over 7-million addresses in under a second to find out what they all are? Cause thats exactly what I need to do -- essentially a memory hacking program in my script.I bet my life that it uses assembler for that You cant get that speed in high level language as AutoIt... You need C or C++ at most. Change my avatar! ^^
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now