Jump to content

Reading Process Memory

BruceCopperField
 Share

Recommended Posts

BruceCopperField Wayfarer

BruceCopperField

Posted
Posted

Some questions regarding reading process memory. Normally, one would use Cheat Engine to locate the target addresses and use Normadmemory to do the actual reading in autoit. My background is on Java/Unix C and isn't familiar with the Windows platform so want to clarify some basic concepts first.

If the my process stores the target data in local variable, I expect this means the var will be stored in the stack of the related function. In that case, is there any guarantee in Windows that the same address is used for my target data every time the program re-starts? I have the impression that the stack keep increased/decreased when different processes are created/destroyed and there is no reason the same stack pointer value will be used for a program when it re-starts.

I've written a simple Windows console program in C to test this out but it seems that the same addresses are found by Cheat Engine for my target data. Does this mean Windows always allocate the same "environment" for a newly created process including the stack. Sorry I have zero knowledge in this area. Could any expert explain a little bit. Thanks

Link to comment
Share on other sites
JRowe Universalist

JRowe

Posted
Posted

Not necessarily. It's program dependent... for a program like NotePad, the same environment would be allocated each time the program is launched. For a program like, say, World of Warcraft, the environment would be different each time, because you're interacting with dynamic system variables. For example, if your graphics card is using part of the memory that is accessible to a 3D program, it has to assign a new section to the new program being launched, which may later have the originally allocated memory opened up to it.

Look into Dynamic Memory Allocation. Generally, it's something you'll have to deal with every time you read process memory on a Windows system.

[center]However, like ninjas, cyber warriors operate in silence.AutoIt Chat Engine (+Chatbot) , Link Grammar for AutoIt , Simple Speech RecognitionArtificial Neural Networks UDF , Bayesian Networks UDF , Pattern Matching UDFTransparent PNG GUI Elements , Au3Irrlicht 2Advanced Mouse Events MonitorGrammar Database GeneratorTransitions & Tweening UDFPoker Hand Evaluator[/center]

Link to comment
Share on other sites
Inverted Universalist

Inverted

Posted
Posted

It that case, how is it possible to use NomadMemory on games like Wow where all the address info obtained from Cheat Engine will become stale after a restart?

You have to find a pointer to that address. The program usually saves the "location" of the variable somewhere static.
Link to comment
Share on other sites
Dampe Polymath

Dampe

Posted
Posted

It that case, how is it possible to use NomadMemory on games like Wow where all the address info obtained from Cheat Engine will become stale after a restart?

Do some study on pointers and how they work.

You can do world of warcraft stuff.. but only with static values (slower, and not that much that is useable)

x, y, z, playername, player level, class, race etc

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...