i3illig Posted November 26, 2008 Share Posted November 26, 2008 (edited) Hi, i need help because i really don't know whats wrogn usualle im not asking for help because you can google almost everything but now i m going to be crazy!!!! I mean it sounds very simpy: a) i ve got the pointer address for some informations from cheat engine - it is 100% right!! Pointer's at TRose.exe: Pointer Address of Action: 006936A8 Offset(Hex): 36 if i restart computer or client the pointer works at cheat engine if i insert him there - and now my problem - c) i think my source code is right and evrything but it returns the wrong pointer address value expandcollapse popup$Offset = Dec("140") $pid = ProcessExists("TRose.exe");Returns the PID (3020) $openmem = _MemoryOpen($pid);Returns nothing in MsgBox $baseADDR = _MemoryGetBaseAddress($openmem,1);Returns base address (3342336) $Action_Address = "0x" & Hex($baseADDR + Dec("693504")); Returns 0x009C36A8 $Action_Read = _MemoryPointerRead($Action_Address, $openmem, $Offset);Returns 0 (but it's not 0) MsgBox(64,"Info","Address: "&$Action_Address&@CRLF&"Value: "&$Action_Read)oÝ÷ ÙØ¢{d0«m¡Ú¢é]ÖÞ¶¶X¬u©çm«më~wvÊ+v¡j÷º'ç_"·§yçn®¥¤w«yªÞ¶]ý²Øq¶è§ZºÚ"µÍ[ÈÓY[[ÜSÜ[ ÌÍÚ]ÔY ÌÍÚ]ÑÚYXØÙÜÈHQ ÌÍÚYÒ[][HHJBRYÝØÙÜÑ^ÝÊ ÌÍÚ]ÔY H[BTÙ]ÜJBBT]Q[YSØØ[ ÌÍØZÒ[VÌHHÑÜ[ ÌÎNÚÙ[Ì ÌÎNÊWBRYÜ[BTÙ]ÜBBT]Q[YSØØ[ ÌÍØ]ÓÜ[ØÙÜÈHØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÓÜ[ØÙÜÉÌÎNË ÌÎNÚ[ ÌÎNË ÌÍÚ]ÑÚYXØÙÜË ÌÎNÚ[ ÌÎNË ÌÍÚYÒ[][K ÌÎNÚ[ ÌÎNË ÌÍÚ]ÔY BRYÜ[BQÛÜÙJ ÌÍØZÒ[VÌJBBTÙ]ÜÊBBT]Q[YIÌÍØZÒ[VÌWHH ÌÍØ]ÓÜ[ØÙÜÖÌBT] ÌÍØZÒ[B[[ÂÏOOOOOOOOOOOOOOOOOB[ÈÓY[[ÜQÙ]ÙPYÜÊ ÌÍØZÒ[K ÌÍÚR^XÈH BBSØØ[ ÌÍÚ]ÐYÜÈHLSØØ[ ÌÍÝÐYHÝXÝÜX]J ÌÎNÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜ ÌÎNÊBSØØ[ ÌÍÝ]BSØØ[ ÌÍÝBBRYÝÐ^J ÌÍØZÒ[JH[BTÙ]ÜJBBT]Q[YBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÕX[]YQ^ ÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBRYÝÜ[BBBIÌÍÝ]HH^ ÝXÝÙ]]J ÌÍÝÐYJBBIÌÍÝHH^ ÝXÝÙ]]J ÌÍÝÐYÊJBBBBUÚ[H ÌÍÝH ÉÝÈ ][ÝÌ ][ÝÂBBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÕX[]YQ^ ÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBBIÌÍÝ]HH^ ÝXÝÙ]]J ÌÍÝÐYJBBBIÌÍÝHH^ ÝXÝÙ]]J ÌÍÝÐYÊJBBBRY^ ÌÍÚ]ÐYÜÊHH ][ÝÌL ][ÝÈ[^]ÛÜBBIÌÍÚ]ÐYÜÈ ÏH MLÍBBBBUÑ[BRY ÌÍÝHH ][ÝÌ ][ÝÈ[BBTÙ]Ü BBBRY ÌÍÚR^XÈHH[BBBT]XÊ ÌÍÝ]JBBBQ[ÙBBBBT] ÌÍÝ]BBBQ[YBBBBQ[ÙBBBTÙ]ÜBBBT]BQ[YBBQ[ÙBBTÙ]ÜÊBBT]Q[YB[[ÂÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB[ÈÓY[[ÜTÚ[XY ÌÍÚ]ÐYÜË ÌÍØZÒ[K ÌÍØ]ÓÙÙ] ÌÍÜÝÕHH ÌÎNÙÛÜ ÌÎNÊBRYÐ^J ÌÍØ]ÓÙÙ] H[BRYÐ^J ÌÍØZÒ[JH[BBSØØ[ ÌÍÚ]ÔÚ[ÛÝ[HPÝ[ ÌÍØ]ÓÙÙ] HHBBQ[ÙBBBTÙ]ÜBBBT]BQ[YQ[ÙBBTÙ]ÜJBBT]Q[YSØØ[ ÌÍÚ]Ñ]VÌK ÌÍÚBSØØ[ ÌÍÝÐYHÝXÝÜX]J ÌÎNÙÛÜ ÌÎNÊBQÜ ÌÍÚHHÈ ÌÍÚ]ÔÚ[ÛÝ[HBRY ÌÍÚHH ÌÍÚ]ÔÚ[ÛÝ[[BBIÌÍÝÐYHÝXÝÜX]J ÌÍÜÝÕJBBBRYÜ[BBBTÙ]ÜÜ ÈBBBBT]BBQ[YBHBBIÌÍÚ]ÐYÜÈH ÌÎNÌ ÌÎNÈ [È^ ÌÍÚ]Ñ]VÌWH È ÌÍØ]ÓÙÙ]ÉÌÍÚWJBBBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK ÌÎNÚ[ ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J ÌÍÝÐYJBBHBQ[ÙRY ÌÍÚHH[BBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK ÌÎNÚ[ ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J ÌÍÝÐYJBBHBQ[ÙBBBIÌÍÚ]ÐYÜÈH ÌÎNÌ ÌÎNÈ [È^ ÌÍÚ]Ñ]VÌWH È ÌÍØ]ÓÙÙ]ÉÌÍÚWJBBBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÔXYØÙÜÓY[[ÜIÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYK ÌÎNÚ[ ÌÎNË ÌÎNÉÌÎNÊBBBRYÜ[BBBTÙ]Ü ÊBBBBT]BBQ[YBHBBIÌÍÚ]Ñ]VÌWHHÝXÝÙ]]J ÌÍÝÐYJBBHBQ[YHS^IÌÍÚ]Ñ]VÌHH ÌÍÚ]ÐYÜÂT] ÌÍÚ]Ñ]B[[ And I think the source code worked yesterday.... thx for help x( Edited November 26, 2008 by i3illig Link to comment Share on other sites More sharing options...
Dampe Posted November 26, 2008 Share Posted November 26, 2008 Use this UDF: expandcollapse popup#include-once #region _Memory ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @Error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @Error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @Error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @Error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @Error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @Error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege( $privilege, $bEnable ) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DLLStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess") $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _ "int",BitOR($MY_TOKEN_ADJUST_PRIVILEGES,$MY_TOKEN_QUERY),"int*",0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DLLStructSetData($TOKEN_PRIVILEGES,1,1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex-1] Else $priv = $privilege EndIf $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _ "ptr",DLLStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DLLStructSetData($TOKEN_PRIVILEGES,2,$MY_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex)) Else DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex)) EndIf DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1) DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2) DLLStructSetData($LUID,1,0) DLLStructSetData($LUID,2,0) EndIf $nTokenIndex += 1 WEnd $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _ "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0) $f = DLLCall("kernel32.dll","int","GetLastError") EndIf $NEWTOKEN_PRIVILEGES=0 $TOKEN_PRIVILEGES=0 $LUID=0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 return $ret[0] EndFunc ;==>SetPrivilege #endregion And use this function at the start of your script SetPrivilege("SeDebugPrivilege", 1) Link to comment Share on other sites More sharing options...
i3illig Posted November 26, 2008 Author Share Posted November 26, 2008 ähhm sorry in your UDF aren't the functions i used... I need a udf that reads the pointer Link to comment Share on other sites More sharing options...
i3illig Posted November 26, 2008 Author Share Posted November 26, 2008 (edited) does anybody know why the memory address change if I add an Offset like this: Dim $off[1] $off[0] = 36 is differtent to Dim $off[2] $off[0] = 0 $off[1] = 36 I dont know why for me it doesnt matter.... here my "new" script #include <NomadMemory.au3> SetPrivilege("SeDebugPrivilege", 1) $adr = 0x006936A8 Dim $off[2] $off[0] = 0 $off[1] = 36 $gamepid = ProcessExists("TRose.exe") $gamehandle = _MemoryOpen($gamepid) $value = _MemoryPointerRead($adr, $gamehandle, $off) _MemoryClose($gamepid) MsgBox(0,"",$value[0]&@CRLF&$value[1]) my script says: 0x097FF774 and cheat engine: 0x097FF786 -.-" Edited November 26, 2008 by i3illig Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now