BruceCopperField Posted February 15, 2009 Share Posted February 15, 2009 I am able to get a pointer's address using Cheat Engine and that address value seems to be static even if I restart the game. But the question is, would that address be the same every time I REBOOT the machine or run it in another machine (with or without the same version of windows)? Link to comment Share on other sites More sharing options...
Inverted Posted February 15, 2009 Share Posted February 15, 2009 (edited) Probably always the same (unless it's inside a dll of course) Well, of course you can test it yourself or on friend's PCs. Edited February 15, 2009 by Inverted Link to comment Share on other sites More sharing options...
geasiki Posted February 15, 2009 Share Posted February 15, 2009 The pointer will stay the same. but the adress it's pointing to it will probably change. Link to comment Share on other sites More sharing options...
Inverted Posted February 15, 2009 Share Posted February 15, 2009 The pointer will stay the same.but the adress it's pointing to it will probably change.Well, that's why he's interested in the pointer ... Link to comment Share on other sites More sharing options...
BruceCopperField Posted February 15, 2009 Author Share Posted February 15, 2009 Thx for all of the replies. I wrote a short program in C (I know this is an autoit forum but it can't test this kind of thing, right!) and found that the address values are the same in a few different Windows XP SP? machines. I don't have a chance to test it in Vista yet. But, is it some thing guaranteed by Windows? expandcollapse popup#include "stdafx.h" #include <windows.h> int globalVar=23; void loop(); int _tmain(int argc, _TCHAR* argv[]) { loop(); Sleep(60 * 1000); return 0; } void loop() { struct Date { int year; int month; int day; }; long address; struct Date * pArray[30]; struct Date *pBirthday; pBirthday =(struct Date*) malloc(sizeof(struct Date)); address = (long) &pBirthday; printf("value of auto pointer address %x\n", address); long gAddress = (long) &globalVar; printf("value of global int address %x\n", gAddress); if (address== 0x12ff78L) printf("auto same as expected value\n"); else printf("auto different from expected value!\n"); if (gAddress == 0x403018) printf("global same as expected value\n"); else printf("global different from expected value!\n"); } Link to comment Share on other sites More sharing options...
Authenticity Posted February 15, 2009 Share Posted February 15, 2009 Then it's probably just a normal variable and not a pointer because allocation of the same address each restart of the game or windows or even different machines is not logically possible. Link to comment Share on other sites More sharing options...
BruceCopperField Posted February 15, 2009 Author Share Posted February 15, 2009 Then it's probably just a normal variable and not a pointer because allocation of the same address each restart of the game or windows or even different machines is not logically possible.All 4 different Windows XP machines I tested on gave me the same addresses for the 2 variables (see my source code). But on another Vista machine, the addresses are different. I am now reading the book Microsoft Windows Internals by Mark E. Russinovich & David Solomon. Unfortunately, it only says the virtual address space of a user's process has 4GB inside which the first 2GB is reserved for application code and global variables. There doesn't seem to have text describing to how the user application code, global variables and local variables are allocated within the user address space. Link to comment Share on other sites More sharing options...
BrettF Posted February 15, 2009 Share Posted February 15, 2009 Search for NomadMemory.au3. Cheers, Brett Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version! Link to comment Share on other sites More sharing options...
Inverted Posted February 15, 2009 Share Posted February 15, 2009 (edited) In order to fully understand, you should learn about the Windows PE file format and the way process loading works in windows. From your example : 0x12ff78 is an address in stack, totally unreliable. 0x403018 should be inside the program's code or data section (because programs get loaded at 400000) Its contents may be stable everywhere. Like Brett said, use the NomadMemory UDF to easily make a test case script. Edited February 15, 2009 by Inverted Link to comment Share on other sites More sharing options...
BruceCopperField Posted February 15, 2009 Author Share Posted February 15, 2009 (edited) I am studying this _MemoryGetBaseAddress()http://www.autoitscript.com/forum/index.php?showtopic=78834&st=0&p=568869&#entry568869://http://www.autoitscript.com/forum/i...mp;#entry568869://http://www.autoitscript.com/forum/i...mp;#entry568869://http://www.autoitscript.com/forum/i...mp;#entry568869But a few things I don't understand in _MemoryGetBaseAddress(), i) Local $iv_Address = 0x00100000 <-- why initial value is 0x00100000?ii) While $vType <> "00000080" <--- if I am correct, 0x80 means PAGE_EXECUTE_WRITECOPY, why we look for this, does it mean code/data has this memory protection constant only?iii) If Hex($iv_Address) = "01000000" Then ExitLoop <-- why terminate the check at 0x01000000?iv) the whole function try to return the Allocation Base, but why this is what we want? Edited February 15, 2009 by BruceCopperField Link to comment Share on other sites More sharing options...
BruceCopperField Posted February 15, 2009 Author Share Posted February 15, 2009 In order to fully understand, you should learn about the Windows PE file format and the way process loading works in windows.From your example :0x12ff78 is an address in stack, totally unreliable.0x403018 should be inside the program's code or data section (because programs get loaded at 400000) Its contents may be stable everywhere.Like Brett said, use the NomadMemory UDF to easily make a test case script.Thx for the reply. If the things in the stack (like my 0x12ff78) are totally unreliable, then what about games that solely put all its pointers in the stack - i.e. all pointers are declared as local variables inside some C functions. In that case, does it mean there is no guarantee these addresses are the same every time we reboot, although in my test code they are, so happened, the same. Link to comment Share on other sites More sharing options...
Inverted Posted February 15, 2009 Share Posted February 15, 2009 (edited) Finding the memory base is only useful for loaded dlls (libraries) because they can get loaded in different locations. All executables load at 400000. So if you want to patch a dll's memory you have to find its base address in memory and add the offset you want. 100000 is just a starting value, it keeps comparing sections of code to see if they are PAGE_EXECUTE_WRITECOPY, otherwise it adds 65536 (which is 10000 in hex) and checks again. In other words, it loops to find the lowest memory section with the PAGE_EXECUTE_WRITECOPY attributes, starting from 100000. EDIT: Yes, local variables go in the stack, never use these addresses, they are totally unreliable, even if you think they stay the same. Also, I think you don't get the difference between variables, addresses, and pointers. Edited February 15, 2009 by Inverted Link to comment Share on other sites More sharing options...
BruceCopperField Posted February 15, 2009 Author Share Posted February 15, 2009 (edited) Finding the memory base is only useful for loaded dlls (libraries) because they can get loaded in different locations. All executables load at 400000. So if you want to patch a dll's memory you have to find its base address in memory and add the offset you want. 100000 is just a starting value, it keeps comparing sections of code to see if they are PAGE_EXECUTE_WRITECOPY, otherwise it adds 65536 (which is 10000 in hex) and checks again. In other words, it loops to find the lowest memory section with the PAGE_EXECUTE_WRITECOPY attributes, starting from 100000. EDIT: Yes, local variables go in the stack, never use these addresses, they are totally unreliable, even if you think they stay the same. Also, I think you don't get the difference between variables, addresses, and pointers. Ok, let me give an example. Suppose the online game I want write a bot on stores the HP/Mana, etc in a structure local to some function. e.g. (C code) ... function someHypotheticalFunctionOfTheGame() { struct userInfo { int hp; int mana; ... }; struct userInfo* pUserInfo; pUserInfo = (struct userInfo*) malloc(...); grabUserInfoFromServer(pUserInfo); .. } This means I need to use Cheat Engine to locate the address of pUserInfo (the pointer to my desired data structure holding the Health point,mana,etc). But since pUserInfo is local to some function meaning it is stored in the stack and its address may change after a reboot,etc, right?. If this is true, how could I know which memory to read to get this pUserInfo even If I am able to locate it by cheat engine the first time and even its value looks like constant over a reboot? Hope I have explained my concern clearly. Once again, thx for all the replies Edited February 15, 2009 by BruceCopperField Link to comment Share on other sites More sharing options...
Inverted Posted February 15, 2009 Share Posted February 15, 2009 Important values like health,mana etc should be stored somewhere globally, so that other functions can use them. 12xxxx addresses are in the stack, you should do a more thorough search with Cheat Engine to find the values elsewhere. Or you can find the code that reads or writes to these addresses and modify or NOP that command. Of course, those values are also saved server-side, if you intend to change them in your client you may run into trouble. Link to comment Share on other sites More sharing options...
geasiki Posted February 15, 2009 Share Posted February 15, 2009 Honestly, go to the Cheatengine forum and do some more research on the 'tutorials' section about 'ponters' There are very detailed guides about it there Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now