Sign in to follow this  
Followers 0
retskrad

Memory Reading, not working.

12 posts in this topic

#1 ·  Posted (edited)

Hey guys.. I just started with autoit a while ago and yesterday decided to make my first project a World of Warcraft (MMORPG) memory reading program.

So I wanted to read the health of my character and display it.

A nice guy on another site gave me this code wich puts his HP and max HP in a tooltip when WoW is minimized:

#Include <NomadMemory.au3>
hotkeyset("{end}", "err")
SetPrivilege("SeDebugPrivilege", 1)

$dll = DllOpen("user32.dll")


$wow = _memoryopen(WinGetProcess("wow"))
sleep(500)
$lvl1Pointer= _MemoryRead(0x0127F13C, $wow, 'ptr')
sleep(500)
$lvl2Pointer= _MemoryRead(($lvl1Pointer + 0x30), $wow, 'ptr')
sleep(500)
$PlayerBase= _MemoryRead(($lvl2Pointer + 0x28), $wow, 'ptr')
sleep(500)
While 1
$health= _memoryread($PlayerBase + 0xFF4, $wow)
$mhealth= _memoryread($PlayerBase + 0x26E4, $wow)
if not WinActive("World of Warcraft") Then
 ToolTip("Current HP: "&$health&"/"&$mhealth&".")
Sleep(10)
if  $health < $mhealth Then
    WinActivate("World of Warcraft")
EndIf



Else
    sleep(10)
EndIf

WEnd

func err()
    Exit
endfunc

As you can see he uses the nomadmemory.au3.

But as I was reading the helpfile yesterday, I found the read memory API of autoit:

_WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)

And it looks much easier to use. But the helpfile did not give any info or sample code on using it and I was wondering if anybody could point me in the right direction to learning.

EDIT: BTW, the first sample code doesn't work, for some weird reason it always returns 0/0

I am on windows XP so i dont think its adminstrator thing.

Edited by retskrad

Share this post


Link to post
Share on other sites



Hey guys.. I just started with autoit a while ago and yesterday decided to make my first project a World of Warcraft (MMORPG) memory reading program.

So I wanted to read the health of my character and display it.

A nice guy on another site gave me this code wich puts his HP and max HP in a tooltip when WoW is minimized:

#Include <NomadMemory.au3>
hotkeyset("{end}", "err")
SetPrivilege("SeDebugPrivilege", 1)

$dll = DllOpen("user32.dll")


$wow = _memoryopen(WinGetProcess("wow"))
sleep(500)
$lvl1Pointer= _MemoryRead(0x0127F13C, $wow, 'ptr')
sleep(500)
$lvl2Pointer= _MemoryRead(($lvl1Pointer + 0x30), $wow, 'ptr')
sleep(500)
$PlayerBase= _MemoryRead(($lvl2Pointer + 0x28), $wow, 'ptr')
sleep(500)
While 1
$health= _memoryread($PlayerBase + 0xFF4, $wow)
$mhealth= _memoryread($PlayerBase + 0x26E4, $wow)
if not WinActive("World of Warcraft") Then
ToolTip("Current HP: "&$health&"/"&$mhealth&".")
Sleep(10)
if  $health < $mhealth Then
    WinActivate("World of Warcraft")
EndIf



Else
    sleep(10)
EndIf

WEnd

func err()
    Exit
endfunc

As you can see he uses the nomadmemory.au3.

But as I was reading the helpfile yesterday, I found the read memory API of autoit:

_WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)

And it looks much easier to use. But the helpfile did not give any info or sample code on using it and I was wondering if anybody could point me in the right direction to learning.

EDIT: BTW, the first sample code doesn't work, for some weird reason it always returns 0/0

I am on windows XP so i dont think its adminstrator thing.

Firt, search ... "memory reading"

Share this post


Link to post
Share on other sites

Firt, search ... "memory reading"

I already did, I always search before I ask. But it seems anybody who is doing similar things use the nomadmemory.au3 and not the API.

Share this post


Link to post
Share on other sites

retskrad,

Please wait a decent time - like 24 hrs - before bumping.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

I wouldn't even be able to find my thread after 24 hours. It's a very active forum :)

Share this post


Link to post
Share on other sites

I wouldn't even be able to find my thread after 24 hours. It's a very active forum :)

If you don't understand simple concepts like bookmarking, then you won't be able to understand memory reading either.

Share this post


Link to post
Share on other sites

My bookmark bar is full. But anyway, thanks for your help :) i'll stop bumping now.

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

My bookmark bar is full. But anyway, thanks for your help :) i'll stop bumping now.

You could always press "Find Member's Topics" on yourself Edited by AdmiralAlkex

Share this post


Link to post
Share on other sites

Considering (and I believe it's also true) that your calc.exe process's imagebase is 0x1000000 then try this to get the MZ signature for example:

#include <Constants.au3>
#include <WinAPI.au3>

Dim $cPID = Run('calc.exe')
WinWaitActive('Calculator')

Dim $hCalc = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, $cPID)
Dim $iRead = 0
Dim $tMem = DllStructCreate('byte[2]')
Dim $Ret = _WinAPI_ReadProcessMemory($hCalc, 0x1000000, DllStructGetPtr($tMem, 1), 2, $iRead)
ConsoleWrite('Return: ' & $Ret & @TAB & 'BytesTotalRead: ' & $iRead & @TAB & DllStructGetData($tMem, 1) & @CRLF)

Share this post


Link to post
Share on other sites

hmm,, end point of usage,

I think that you are want to know key point, dude.

Try to search 'WriteProcessMemory' in this.

Second, open and read in 'Include\WinApi.au3' about 'WriteProcessMemory'.

Then, find more 'SeDebugPrivilege' in 'Include\Security,au3'.

Also, http://msdn.microsoft.com/en-us/library/ms681674.aspx

It's more delicious.

Good luck to you,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0