Sign in to follow this  
Followers 0
BruceCopperField

Reading Process Memory

7 posts in this topic

Some questions regarding reading process memory. Normally, one would use Cheat Engine to locate the target addresses and use Normadmemory to do the actual reading in autoit. My background is on Java/Unix C and isn't familiar with the Windows platform so want to clarify some basic concepts first.

If the my process stores the target data in local variable, I expect this means the var will be stored in the stack of the related function. In that case, is there any guarantee in Windows that the same address is used for my target data every time the program re-starts? I have the impression that the stack keep increased/decreased when different processes are created/destroyed and there is no reason the same stack pointer value will be used for a program when it re-starts.

I've written a simple Windows console program in C to test this out but it seems that the same addresses are found by Cheat Engine for my target data. Does this mean Windows always allocate the same "environment" for a newly created process including the stack. Sorry I have zero knowledge in this area. Could any expert explain a little bit. Thanks

Share this post


Link to post
Share on other sites



Not necessarily. It's program dependent... for a program like NotePad, the same environment would be allocated each time the program is launched. For a program like, say, World of Warcraft, the environment would be different each time, because you're interacting with dynamic system variables. For example, if your graphics card is using part of the memory that is accessible to a 3D program, it has to assign a new section to the new program being launched, which may later have the originally allocated memory opened up to it.

Look into Dynamic Memory Allocation. Generally, it's something you'll have to deal with every time you read process memory on a Windows system.

Share this post


Link to post
Share on other sites

It that case, how is it possible to use NomadMemory on games like Wow where all the address info obtained from Cheat Engine will become stale after a restart?

Share this post


Link to post
Share on other sites

It that case, how is it possible to use NomadMemory on games like Wow where all the address info obtained from Cheat Engine will become stale after a restart?

You have to find a pointer to that address. The program usually saves the "location" of the variable somewhere static.

Share this post


Link to post
Share on other sites

It that case, how is it possible to use NomadMemory on games like Wow where all the address info obtained from Cheat Engine will become stale after a restart?

Do some study on pointers and how they work.

You can do world of warcraft stuff.. but only with static values (slower, and not that much that is useable)

x, y, z, playername, player level, class, race etc


Share this post


Link to post
Share on other sites

.....

Look into Dynamic Memory Allocation. Generally, it's something you'll have to deal with every time you read process memory on a Windows system.

Is Dynamic Memory Allocation referring to malloc() ? Sorry my C is a bit rusty now. I've been working with Java for too long.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0