Jump to content

Memory UDF doesn't work?


i3illig
 Share

Recommended Posts

Hi,

i need help because i really don't know whats wrogn usualle im not asking for help because you can google almost everything but now i m going to be crazy!!!!

I mean it sounds very simpy:

a) i ve got the pointer address for some informations from cheat engine - it is 100% right!!

Pointer's at TRose.exe:

Pointer Address of Action: 006936A8
Offset(Hex): 36

:) if i restart computer or client the pointer works at cheat engine if i insert him there

- and now my problem -

c) i think my source code is right and evrything but it returns the wrong pointer address value

$Offset = Dec("140")
$pid = ProcessExists("TRose.exe");Returns the PID (3020)

$openmem = _MemoryOpen($pid);Returns nothing in MsgBox

$baseADDR = _MemoryGetBaseAddress($openmem,1);Returns base address (3342336)
$Action_Address = "0x" & Hex($baseADDR + Dec("693504")); Returns 0x009C36A8

$Action_Read =  _MemoryPointerRead($Action_Address, $openmem, $Offset);Returns 0 (but it's not 0)

MsgBox(64,"Info","Address: "&$Action_Address&@CRLF&"Value: "&$Action_Read)oÝ÷ ÙØ¢{d0«m¡Ú¢é]ÖÞ¶­¶X¬u©çm«më~wvÊ+v¡j÷º'ç_"·§yçn®¥¤w«yªÞ¶]ý²Øq¶è§ZºÚ"µÍ[ÈÓY[[ÜSÜ[    ÌÍÚ]ÔY  ÌÍÚ]ÑÚYXØÙÜÈHQ ÌÍÚYÒ[][HHJBRYÝØÙÜÑ^ÝÊ   ÌÍÚ]ÔY
H[BTÙ]ÜJBBT]Q[YSØØ[ ÌÍØZÒ[VÌHHÑÜ[    ÌÎNÚÙ[Ì    ÌÎNÊWBRYÜ[BTÙ]ÜBBT]Q[YSØØ[  ÌÍØ]ÓÜ[ØÙÜÈHØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÓÜ[ØÙÜÉÌÎNË   ÌÎNÚ[    ÌÎNË ÌÍÚ]ÑÚYXØÙÜË   ÌÎNÚ[    ÌÎNË ÌÍÚYÒ[][K   ÌÎNÚ[    ÌÎNË ÌÍÚ]ÔY
BRYÜ[BQÛÜÙJ ÌÍØZÒ[VÌJBBTÙ]ÜÊBBT]Q[YIÌÍØZÒ[VÌWHH    ÌÍØ]ÓÜ[ØÙÜÖÌBT]   ÌÍØZÒ[B[[ÂÏOOOOOOOOOOOOOOOOOB[ÈÓY[[ÜQÙ]ÙPYÜÊ   ÌÍØZÒ[K ÌÍÚR^XÈH
BBSØØ[    ÌÍÚ]ÐYÜÈHLSØØ[  ÌÍÝÐYHÝXÝÜX]J    ÌÎNÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜ ÌÎNÊBSØØ[  ÌÍÝ]BSØØ[  ÌÍÝBBRYÝÐ^J    ÌÍØZÒ[JH[BTÙ]ÜJBBT]Q[YBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÕX[]YQ^   ÌÎNË ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBRYÝÜ[BBBIÌÍÝ]HH^
ÝXÝÙ]]J  ÌÍÝÐYJBBIÌÍÝHH^
ÝXÝÙ]]J  ÌÍÝÐYÊJBBBBUÚ[H   ÌÍÝH ÉÝÈ  ][ÝÌ  ][ÝÂBBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÕX[]YQ^   ÌÎNË ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBBIÌÍÝ]HH^
ÝXÝÙ]]J  ÌÍÝÐYJBBBIÌÍÝHH^
ÝXÝÙ]]J  ÌÍÝÐYÊJBBBRY^
    ÌÍÚ]ÐYÜÊHH    ][ÝÌL ][ÝÈ[^]ÛÜBBIÌÍÚ]ÐYÜÈ
ÏH
MLÍBBBBUÑ[BRY ÌÍÝHH    ][ÝÌ  ][ÝÈ[BBTÙ]Ü
BBBRY   ÌÍÚR^XÈHH[BBBT]XÊ  ÌÍÝ]JBBBQ[ÙBBBBT]   ÌÍÝ]BBBQ[YBBBBQ[ÙBBBTÙ]ÜBBBT]BQ[YBBQ[ÙBBTÙ]ÜÊBBT]Q[YB[[ÂÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB[ÈÓY[[ÜTÚ[XY
    ÌÍÚ]ÐYÜË  ÌÍØZÒ[K ÌÍØ]ÓÙÙ]  ÌÍÜÝÕHH    ÌÎNÙÛÜ ÌÎNÊBRYÐ^J  ÌÍØ]ÓÙÙ]
H[BRYÐ^J   ÌÍØZÒ[JH[BBSØØ[   ÌÍÚ]ÔÚ[ÛÝ[HPÝ[
    ÌÍØ]ÓÙÙ]
HHBBQ[ÙBBBTÙ]ÜBBBT]BQ[YQ[ÙBBTÙ]ÜJBBT]Q[YSØØ[    ÌÍÚ]Ñ]VÌK  ÌÍÚBSØØ[   ÌÍÝÐYHÝXÝÜX]J    ÌÎNÙÛÜ ÌÎNÊBQÜ ÌÍÚHHÈ  ÌÍÚ]ÔÚ[ÛÝ[HBRY   ÌÍÚHH    ÌÍÚ]ÔÚ[ÛÝ[[BBIÌÍÝÐYHÝXÝÜX]J   ÌÍÜÝÕJBBBRYÜ[BBBTÙ]ÜÜ
ÈBBBBT]BBQ[YBHBBIÌÍÚ]ÐYÜÈH   ÌÎNÌ ÌÎNÈ [È^
    ÌÍÚ]Ñ]VÌWH
È  ÌÍØ]ÓÙÙ]ÉÌÍÚWJBBBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË  ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK  ÌÎNÚ[    ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü
ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J    ÌÍÝÐYJBBHBQ[ÙRY    ÌÍÚHH[BBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË  ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK  ÌÎNÚ[    ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü
ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J    ÌÍÝÐYJBBHBQ[ÙBBBIÌÍÚ]ÐYÜÈH   ÌÎNÌ ÌÎNÈ [È^
    ÌÍÚ]Ñ]VÌWH
È  ÌÍØ]ÓÙÙ]ÉÌÍÚWJBBBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË  ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK  ÌÎNÚ[    ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü
ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J    ÌÍÝÐYJBBHBQ[YHS^IÌÍÚ]Ñ]VÌHH    ÌÍÚ]ÐYÜÂT]    ÌÍÚ]Ñ]B[[

And I think the source code worked yesterday....

thx for help x(

Edited by i3illig
Link to comment
Share on other sites

Use this UDF:

#include-once
#region _Memory
;==================================================================================
; AutoIt Version:   3.1.127 (beta)
; Language:         English
; Platform:         All Windows
; Author:           Nomad
; Requirements:     These functions will only work with beta.
;==================================================================================
; Credits:  wOuter - These functions are based on his original _Mem() functions.
;           But they are easier to comprehend and more reliable.  These
;           functions are in no way a direct copy of his functions.  His
;           functions only provided a foundation from which these evolved.
;==================================================================================
;
; Functions:
;
;==================================================================================
; Function:         _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
; Description:      Opens a process and enables all possible access rights to the
;                   process.  The Process ID of the process is used to specify which
;                   process to open.  You must call this function before calling
;                   _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):     $iv_Pid - The Process ID of the program you want to open.
;                   $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which
;                                       enables all possible access rights to the
;                                       process specified by the Process ID.
;                   $iv_InheritHandle - (optional) If this value is TRUE, all processes
;                                       created by this process will inherit the access
;                                       handle.  Set to 1 (TRUE) by default.  Set to 0
;                                       if you want it FALSE.
; Requirement(s):   None.
; Return Value(s):  On Success - Returns an array containing the Dll handle and an
;                                open handle to the specified process.
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $iv_Pid.
;                            2 = Failed to open Kernel32.dll.
;                            3 = Failed to open the specified process.
; Author(s):        Nomad
; Note(s):
;==================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)
    
    If Not ProcessExists($iv_Pid) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $ah_Handle[2] = [DllOpen('kernel32.dll')]
    
    If @Error Then
        SetError(2)
        Return 0
    EndIf
    
    Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)
    
    If @Error Then
        DllClose($ah_Handle[0])
        SetError(3)
        Return 0
    EndIf
    
    $ah_Handle[1] = $av_OpenProcess[0]
    
    Return $ah_Handle
    
EndFunc

;==================================================================================
; Function:         _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
; Description:      Reads the value located in the memory address specified.
; Parameter(s):     $iv_Address - The memory address you want to read from. It must
;                                 be in hex format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle
;                                of the open process as returned by _MemoryOpen().
;                   $sv_Type - (optional) The "Type" of value you intend to read.
;                               This is set to 'dword'(32bit(4byte) signed integer)
;                               by default.  See the help file for DllStructCreate
;                               for all types.  An example: If you want to read a
;                               word that is 15 characters in length, you would use
;                               'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):  On Success - Returns the value located at the specified address.
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):          Values returned are in Decimal format, unless specified as a
;                   'char' type, then they are returned in ASCII format.  Also note
;                   that size ('char[size]') for all 'char' types should be 1
;                   greater than the actual size.
;==================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $v_Buffer = DllStructCreate($sv_Type)
    
    If @Error Then
        SetError(@Error + 1)
        Return 0
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
    
    If Not @Error Then
        Local $v_Value = DllStructGetData($v_Buffer, 1)
        Return $v_Value
    Else
        SetError(6)
        Return 0
    EndIf
    
EndFunc

;==================================================================================
; Function:         _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
; Description:      Writes data to the specified memory address.
; Parameter(s):     $iv_Address - The memory address which you want to write to.
;                                 It must be in hex format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle
;                                of the open process as returned by _MemoryOpen().
;                   $v_Data - The data to be written.
;                   $sv_Type - (optional) The "Type" of value you intend to write.
;                               This is set to 'dword'(32bit(4byte) signed integer)
;                               by default.  See the help file for DllStructCreate
;                               for all types.  An example: If you want to write a
;                               word that is 15 characters in length, you would use
;                               'char[16]' since a 'char' is 8 bits (1 byte) in size.
; Return Value(s):  On Success - Returns 1
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = $v_Data is not in the proper format to be used with the
;                                "Type" selected for $sv_Type, or it is out of range.
;                            7 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):          Values sent must be in Decimal format, unless specified as a
;                   'char' type, then they must be in ASCII format.  Also note
;                   that size ('char[size]') for all 'char' types should be 1
;                   greater than the actual size.
;==================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $v_Buffer = DllStructCreate($sv_Type)
    
    If @Error Then
        SetError(@Error + 1)
        Return 0
    Else
        DllStructSetData($v_Buffer, 1, $v_Data)
        If @Error Then
            SetError(6)
            Return 0
        EndIf
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
    
    If Not @Error Then
        Return 1
    Else
        SetError(7)
        Return 0
    EndIf
    
EndFunc

;==================================================================================
; Function:         _MemoryClose($ah_Handle)
; Description:      Closes the process handle opened by using _MemoryOpen().
; Parameter(s):     $ah_Handle - An array containing the Dll handle and the handle
;                                of the open process as returned by _MemoryOpen().
; Return Value(s):  On Success - Returns 1
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = Unable to close the process handle.
; Author(s):        Nomad
; Note(s):
;==================================================================================
Func _MemoryClose($ah_Handle)
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
    If Not @Error Then
        DllClose($ah_Handle[0])
        Return 1
    Else
        DllClose($ah_Handle[0])
        SetError(2)
        Return 0
    EndIf
    
EndFunc

;==================================================================================
; Function:         SetPrivilege( $privilege, $bEnable )
; Description:      Enables (or disables) the $privilege on the current process
;                  (Probably) requires administrator privileges to run
;
; Author(s):        Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
;==================================================================================

Func SetPrivilege( $privilege, $bEnable )
    Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020
    Const $MY_TOKEN_QUERY = 0x0008
    Const $MY_SE_PRIVILEGE_ENABLED = 0x0002
    Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
    $nTokens = 1
    $LUID = DLLStructCreate("dword;int")
    If IsArray($privilege) Then $nTokens = UBound($privilege)
    $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
    $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
            "int",BitOR($MY_TOKEN_ADJUST_PRIVILEGES,$MY_TOKEN_QUERY),"int*",0)
    If $SP_auxret[0] Then
        $hToken = $SP_auxret[3]
        DLLStructSetData($TOKEN_PRIVILEGES,1,1)
        $nTokenIndex = 1
        While $nTokenIndex <= $nTokens
            If IsArray($privilege) Then
                $priv = $privilege[$nTokenIndex-1]
            Else
                $priv = $privilege
            EndIf
            $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
                    "ptr",DLLStructGetPtr($LUID))
            If $ret[0] Then
                If $bEnable Then
                    DLLStructSetData($TOKEN_PRIVILEGES,2,$MY_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
                Else
                    DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
                EndIf
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
                DLLStructSetData($LUID,1,0)
                DLLStructSetData($LUID,2,0)
            EndIf
            $nTokenIndex += 1
        WEnd
        $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
                "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
                "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
        $f = DLLCall("kernel32.dll","int","GetLastError")
    EndIf
    $NEWTOKEN_PRIVILEGES=0
    $TOKEN_PRIVILEGES=0
    $LUID=0
    If $SP_auxret[0] = 0 Then Return 0
    $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
    If Not $ret[0] And Not $SP_auxret[0] Then Return 0
    return $ret[0]
EndFunc  ;==>SetPrivilege

#endregion

And use this function at the start of your script

SetPrivilege("SeDebugPrivilege", 1)
Link to comment
Share on other sites

does anybody know why the memory address change if I add an Offset like this:

Dim $off[1]

$off[0] = 36

is differtent to

Dim $off[2]

$off[0] = 0

$off[1] = 36

I dont know why for me it doesnt matter....

here my "new" script

#include <NomadMemory.au3>
SetPrivilege("SeDebugPrivilege", 1)


$adr = 0x006936A8   
Dim $off[2]
$off[0] = 0
$off[1] = 36    


$gamepid = ProcessExists("TRose.exe")
$gamehandle = _MemoryOpen($gamepid)
$value = _MemoryPointerRead($adr, $gamehandle, $off)
_MemoryClose($gamepid)

MsgBox(0,"",$value[0]&@CRLF&$value[1])

my script says: 0x097FF774

and cheat engine: 0x097FF786

-.-"

Edited by i3illig
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...