Jump to content

Reading Memory

bill88
 Share

Recommended Posts

bill88 Seeker

bill88

Posted
Posted (edited)

Hello, I've been messing around with this for quite a while.

I'm trying to read an address of a java application using NomadMemory.au3.

I've gotten the address by using Cheat Engine, however from what I heard, you can't get a pointer of a java application because of "dynamic memory allocation". So I would have to get the address every time I use this application?(Which isn't a big deal)

I'm not having any luck getting the value of the address(22EF60FC, I am able to get the value using Cheat Engine.), here is what I have so far:

#include <NomadMemory.au3>
$address = "22EF60FC"
$Open=_MemoryOpen(WinGetProcess("java.exe"))
$Read=_MemoryRead(0x&$address, $Open)
    MsgBox(0,"Value: ",$Read)
_MemoryClose($Open)

Any help would be appreciated :)

Edited by bill88
Link to comment
Share on other sites
trung0407 Prodigy

trung0407

Posted
Posted

You need to find the pointer of that memory allocation structure.

A pointer will point where the structure is

The offset will tell where value is located in the structure

So you need to have 2 calls _memoryRead

If its pointer of pointer of pointer.. it will be more complicated to find

Link to comment
Share on other sites
bill88 Seeker

bill88

Posted
  • Author
Posted

You need to find the pointer of that memory allocation structure.

A pointer will point where the structure is

The offset will tell where value is located in the structure

So you need to have 2 calls _memoryRead

If its pointer of pointer of pointer.. it will be more complicated to find

I have gotten the pointer(Not sure if it's a "pointer of a pointer" though).

I tried to use _memoryRead with the pointer/address (having no luck returning the value)

Address=22EF5F94

Pointer=22EF5D70

Posted Image

So does the address that you fill in for _memoryRead, the pointer, or the address?

Thanks, for the reply :)

Link to comment
Share on other sites
oMBRa Universalist

oMBRa

Posted
Posted

But you didnt find a static address...

ok now search for the hex value 22EF5D70, if you find only one address your are lucky, then select "add address" manually" select the "Pointer" checkbox, and fill in with the address you have found and the offset, it should be the value of "ebx".

If the pointer you have found is green, then is a static address, if not, right click on the pointer you have added and select "see what accesses this address"... repeat this until you find a static address.

Anyway multi-level pointer is well explained in the cheat engine tutorial

Link to comment
Share on other sites
bill88 Seeker

bill88

Posted
  • Author
Posted (edited)

But you didnt find a static address...

ok now search for the hex value 22EF5D70, if you find only one address your are lucky, then select "add address" manually" select the "Pointer" checkbox, and fill in with the address you have found and the offset, it should be the value of "ebx".

If the pointer you have found is green, then is a static address, if not, right click on the pointer you have added and select "see what accesses this address"... repeat this until you find a static address.

Anyway multi-level pointer is well explained in the cheat engine tutorial

When I scanned for that address, I got several addresses listed.

Do I have to have the static address, in order to get the value of an address? (If not then getting the static address isn't that important for me since this java application is rarely re-opened)

Cheat Engine seems to easily be able to get the value of an address without the static address/pointer, is there anyway I can just get the value without it?

Maybe I'm just not getting how memory reading works.

Thanks for your reply,

Any further reply's from anyone would be much appreciated.

Edited by bill88
Link to comment
Share on other sites
trung0407 Prodigy

trung0407

Posted
Posted

I have gotten the pointer(Not sure if it's a "pointer of a pointer" though).

I tried to use _memoryRead with the pointer/address (having no luck returning the value)

Address=22EF5F94

Pointer=22EF5D70

Posted Image

So does the address that you fill in for _memoryRead, the pointer, or the address?

Thanks, for the reply :)

Pointer will point to an address. If Pointer=22EF5D70, means that at adress 0x22EF5D70, contains the address of the structure it point

_MemoryRead($pointer,$dll) + $offset will give 0x22EF5F94

In CheatEngine, a green address means static address, black is dynamic

_MemoryRead(_MemoryRead($pointer,$dll) + $offset, $dll) will give the value you are searching (in this case at 0x22EF5F94)

Link to comment
Share on other sites
bill88 Seeker

bill88

Posted
  • Author
Posted (edited)

Pointer will point to an address. If Pointer=22EF5D70, means that at adress 0x22EF5D70, contains the address of the structure it point

_MemoryRead($pointer,$dll) + $offset will give 0x22EF5F94

In CheatEngine, a green address means static address, black is dynamic

_MemoryRead(_MemoryRead($pointer,$dll) + $offset, $dll) will give the value you are searching (in this case at 0x22EF5F94)

I was finally able to get the value of an address(with _MemoryRead and the address, but not with the pointer).

Posted Image

Also, the above didn't seem to work for me with the 2 _MemoryRead's(with the pointer shown in the image & correct offset).

Edited by bill88
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...