Demonic Posted November 1, 2008 Share Posted November 1, 2008 So, I have a predicament. For some values in a .exe I can find the Address and then a pointer offset to create a static address consistently used to read the memory of that part of the process. However, some values I can not find a static address for, for whatever reason. As a result, I figured I would try and scan the memory values for that value in the addresses. I attempted this code: expandcollapse popup#Include <NomadMemory.au3> HotKeySet("{ESC}", "_Exit") HotKeySet("{NumPad0}", "_SearchToggle") $AddressMin = 0x02000000 ; The range between which the variable is usually stored in memory $AddressMax = 0x05000000 Const $iv_hWnd = "Process" Const $iv_Process = "Process.exe" Dim $iv_Pid = ProcessExists($iv_Process) ; Opens the memory of the process by PID Dim $iv_Memory = _MemoryOpen($iv_Pid) $Searching = False $Address = 0x05000000 $AddressFinal = 0 While 1 If $Searching = True Then Dim $Value Dim $ValueWanted = 3455 $Value = _MemoryRead($Address, $iv_Memory) ConsoleWrite("The Value at Memory Address: " & Hex($Address) & " is " & $Value & @CR) If $Value = $ValueWanted Then $Searching = False ; If found, records the address and ends the search $AddressFinal = $Address Else $Address -= 0x1 ; Else checks the next address 0x1 lower then the previous EndIf EndIf If $AddressFinal > 0 Then Sleep(1000) $Value = _MemoryRead($AddressFinal, $iv_Memory) ConsoleWrite("The Value at Memory Address: " & Hex($AddressFinal) & " is " & $Value & @CR) EndIf WEnd Func _SearchToggle() If $Searching = False Then $Searching = True Else $Searching = False EndIf EndFunc ;==> Toggles On or Off Func _Exit() _MemoryClose($iv_Memory) Exit EndFunc ;==> Close Memory & Exit What this script essentially does: - Searches for a value, in this case $ValueWanted in memory addresses - Checks a memory address at the top of the range - If the memory address holds that value, the search stops and the program starts constantly updating what that value is Problems that I need you guys to assist me in addressing: - Almost every time, there is more then one address that holds $ValueWanted, which means that I need a way to filter out which is correct and which is not. I could do this with an array after establishing which values hold the value I am searching for, changing the value manually and then rechecking to see which memory addresses hold the new value I want This is inefficient however due to the speed at which the search occurs. It takes several seconds to search through just a mere 5000 addresses, and as there is millions, this is a huge issue. I feel that the entire program will need rewritten to somehow find the value faster. Notably, I read under the World of Warcraft Developement about Halu memory scanning for the addresses, however the code was so uncommented I could not understand at all. Thanks if any help comes. Link to comment Share on other sites More sharing options...
Intosia Posted November 1, 2008 Share Posted November 1, 2008 I suggest taking a look at the program from Spiro:http://www.memoryhacking.com/Great tool for mh. Maybe it can help you get some 'starting values', or offsets. Change my avatar! ^^ Link to comment Share on other sites More sharing options...
Demonic Posted November 1, 2008 Author Share Posted November 1, 2008 (edited) I suggest taking a look at the program from Spiro:http://www.memoryhacking.com/Great tool for mh. Maybe it can help you get some 'starting values', or offsets.Thanks for the quick reply, however I do not believe that this will aid me much --As I had said, I've already used a memory address-scanning program to find addresses and static offsets for some values. Some values, it seems however, cannot be found as a static address, which is why I am attempting to look into scanning through the addresses.I will, however, look into this. Thanks.Edit:I thought about it for a bit and the suggestion of that program made me wonder.How does it check through over 7-million addresses in under a second to find out what they all are? Cause thats exactly what I need to do -- essentially a memory hacking program in my script. Edited November 1, 2008 by Arakard Link to comment Share on other sites More sharing options...
Demonic Posted November 1, 2008 Author Share Posted November 1, 2008 Edited script a bit.. still not there though. Link to comment Share on other sites More sharing options...
Intosia Posted November 4, 2008 Share Posted November 4, 2008 How does it check through over 7-million addresses in under a second to find out what they all are? Cause thats exactly what I need to do -- essentially a memory hacking program in my script.I bet my life that it uses assembler for that You cant get that speed in high level language as AutoIt... You need C or C++ at most. Change my avatar! ^^ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now