Helg Posted December 16, 2008 Share Posted December 16, 2008 Hi,just do not understand how this works. Having an application with some values in it which I want to monitore.Found the address of required value using CheatEngine:So, cause it says that my value's address is NOT A POINTER - I understand that there is no need for offset.What I am doing is:#include <NomadMemory1.au3> SetPrivilege("SeDebugPrivilege", 1) $StaticOffset = Dec("3C7944") ; "goldro.exe+3C7944" - CheatEngine formatted static address. $pid = ProcessExists("goldro.exe") $openmem = _MemoryOpen($pid) ; Open the memory $baseADDR = _MemoryGetBaseAddress($openmem, 1) $finalADDR = "0x" & Hex($baseADDR + $StaticOffset) ; Creates the final static address you read from. $value=_MemoryRead($finalADDR, $openmem) ConsoleWrite($value & @CRLF)And this code returns >"F:\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "F:\AutoIt\RagBot\Memory\_test2.au3" 7150835 >Exit code: 0 Time: 0.220Which is far not 216 what I am expecting to get...Either I should somehow find the offset and treat this address as a pointer or I just do not understand memory conceptions...Could you please give me a hint how shall I change my code (or maybe use CheatEngine to get correct address)??? Link to comment Share on other sites More sharing options...
Marlo Posted December 16, 2008 Share Posted December 16, 2008 Is this World of Warcraft? Click here for the best AutoIt help possible.Currently Working on: Autoit RAT Link to comment Share on other sites More sharing options...
Helg Posted December 16, 2008 Author Share Posted December 16, 2008 Is this World of Warcraft?Nope, that's goldro.exe - in case if this tells you what it is... Link to comment Share on other sites More sharing options...
Dinosaurr Posted December 16, 2008 Share Posted December 16, 2008 1st off, your using an old version of Nomad's memory editing script. With his newest, the set debug privilege is no longer needed, only memoryopen. the code should look something like: #include <NomadMemory1.au3> $StaticOffset = Dec("3C7944"); "goldro.exe+3C7944" - CheatEngine formatted static address. $pid = ProcessExists("goldro.exe") $openmem = _MemoryOpen($pid); Open the memory $baseADDR = _MemoryGetBaseAddress($openmem, 1) $finalADDR = '0x' & Hex($baseADDR + $StaticOffset); Creates the final static address you read from. $value=_MemoryRead($finalADDR, $openmem) ConsoleWrite($value & @CRLF) _MemoryClose($openmem) Link to comment Share on other sites More sharing options...
Helg Posted December 17, 2008 Author Share Posted December 17, 2008 1st off, your using an old version of Nomad's memory editing script. With his newest, the set debug privilege is no longer needed, only memoryopen. the code should look something like: #include <NomadMemory1.au3> $StaticOffset = Dec("3C7944"); "goldro.exe+3C7944" - CheatEngine formatted static address. $pid = ProcessExists("goldro.exe") $openmem = _MemoryOpen($pid); Open the memory $baseADDR = _MemoryGetBaseAddress($openmem, 1) $finalADDR = '0x' & Hex($baseADDR + $StaticOffset); Creates the final static address you read from. $value=_MemoryRead($finalADDR, $openmem) ConsoleWrite($value & @CRLF) _MemoryClose($openmem) Hm... And where could I get the latest version of NomadMemory.au3? Downloaded it from some thread and the same version was on "official download page"... By the way, _MemoryPointerRead was missing in both of those versions... And your modified code still returns me >"F:\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "F:\AutoIt\RagBot\Memory\_test2.au3" 7150835 >Exit code: 0 Time: 0.220 Link to comment Share on other sites More sharing options...
Dinosaurr Posted December 17, 2008 Share Posted December 17, 2008 Hm... And where could I get the latest version of NomadMemory.au3? Downloaded it from some thread and the same version was on "official download page"... By the way, _MemoryPointerRead was missing in both of those versions... And your modified code still returns me >"F:\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "F:\AutoIt\RagBot\Memory\_test2.au3" 7150835 >Exit code: 0 Time: 0.220 _MemoryPointerRead doesnt work You have to add the Static pointer to the offset anyway and use _MemoryRead and i see no error there, what exactly is the problem? (do you have _MemoryBaseAddress UDF?, if not you need to get it.) Also nomad has his official thread around here somewhere. i can upload the one im using if you want (Includes MemoryPointerWrite(works) and MemoryPointerRead(Doesnt work)) Link to comment Share on other sites More sharing options...
Helg Posted December 17, 2008 Author Share Posted December 17, 2008 You have to add the Static pointer to the offset anyway and use _MemoryReadand i see no error there, what exactly is the problem?(do you have _MemoryBaseAddress UDF?, if not you need to get it.)I do not have "_MemoryBaseAddress UDF" and have not found anything like that through the forum...So, Static pointer = is an address to goldro.exe proccess - I get it using _MemoryGetBaseAddress function.offset - is an address which I found using CheatEngine for my exact variable, correct?so, actually in my case - I shall be using _memoryRead(Static pointer + offset, memory allocated for goldro.exe),am I correct? Or do I lose some logic here? Link to comment Share on other sites More sharing options...
Helg Posted December 17, 2008 Author Share Posted December 17, 2008 Hm... found the problem - my bad - my value is 2-byte-value, and _MemoryRead by default returns 4-byte dword value - that's why I'm getting some junk instead of good number... Still do not know how to use "goldro.exe+3C7944", but now use direct address from CheatEngine, e.g. 7C7944. So, I get the result like this one: $coordX = _MemoryRead(Dec("7C7944"), $openmem, "ushort") Anyway it works even after application restarts... Link to comment Share on other sites More sharing options...
ChangMinYang Posted December 17, 2008 Share Posted December 17, 2008 Hm... found the problem - my bad - my value is 2-byte-value, and _MemoryRead by default returns 4-byte dword value - that's why I'm getting some junk instead of good number... Still do not know how to use "goldro.exe+3C7944", but now use direct address from CheatEngine, e.g. 7C7944. So, I get the result like this one: $coordX = _MemoryRead(Dec("7C7944"), $openmem, "ushort") Anyway it works even after application restarts... Reading WinAPI.au3, 'Original WinAPI source by Paul Campbell (PaulIA)', it's useful :-) 'SeDebugPrivilege' not needed except that memory allocation protects game. (ex: WOW) game.exe+0xnnnn meaning this; game.exe == allocation base address of game.exe process +0xnnnn == offset address from allocation base So, if you get game.exe+0xnnnn, try this; ReadProcessMemory( PID , 0x400000 , 0xnnnn ) It meaning that 'what you want to read address' == '0x400000 + 0xnnnn' Typically Portable Executable file's base address is 0x400000. If you want to get base address, try 'VirtualQueryEx'. Link to comment Share on other sites More sharing options...
Szhlopp Posted December 19, 2008 Share Posted December 19, 2008 Ever get this working? Sorry I've been gone for a little while. In most games (Not MMO/Online), the Offset is 0x400000 (As pointed out). Since this value isn't a pointer, you could probably just use "7C7944". If this doesn't work you can use my UDF to do it (Why you PM'd me right?). My xfire is Szhlopp. If you need help with using it let me know! Szhlopp RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now