Sign in to follow this  
Followers 0
Makkke

_MemoryRead won't read anything except 0

12 posts in this topic

Hi Folks,

i don't get it. >_< I want to read the position of my character in WoW and display that in a GUI. From what i know is,

the x y z position in memory is static, but differs from any patch to new patches. My Servers running 2.4.3, so i used the

positions found here. (Harlands

Posting):

Here's what I found this morning with Cheat Engine.

X = 0x00E18DF4 (FLOAT)

Y = 0x00E18DF8 (FLOAT)

Z = 0x00E18DFC (FLOAT)

Rotation = 0x00E18E24 (FLOAT)

MapID = 0x00E18DB4 (SHORT)

Cursor = 0x00CF5750 (SHORT)

Charname = 0x00D43348 (CHAR)

If i use my Cheat Enginge, the correct values will be shown.

The code i start from is from a coder named Malu, which is a popular "starter" code for WoW Memory Reading:

; ----------------------------------------------------------------------------
; ----------------------------------------------------------------------------
;
; Author:
;   Malu05 aka. Mads Hagbart Lund <Batmazbaz@hotmail.com>
;
; Script Function:
;   World Of Warcraft - Memory Location Scanner
; ----------------------------------------------------------------------------
; ----------------------------------------------------------------------------
;;================================================================================
;;Includes;
;;================================================================================
#include <NomadMemory.au3>
#include <GUIConstants.au3>
#include <String.au3>
#include <Date.au3>
#include <array.au3>
#Include <Misc.au3>

HotkeySet("{F2}","rescan")
HotkeySet("{ESC}","terminate")
;;================================================================================
;;Config Variable Definition;
;;================================================================================
$UpdateSpeed = 15 ;Defines the update speed in milliseconds.
;;================================================================================
;;Variable Definition;
;;================================================================================
Dim $datafoundX= 0
Dim $Finalrot, $Finallocx,$Finallocy,$Finalrot
dim $value = 100
;dim $knownX = 0x00DBBCD4
dim $knownX = 0x00E18DF4
dim $startsearchX = 0x00400BE8

dim $startsearchY, $startsearchZ, $startsearchRot
dim $memoryX, $memoryY, $memoryZ, $memoryRot = 0
dim $processfound = 0
dim $appname = "WOW Mem Scanner"
Global $defaultstatus = "Ready"
dim $scanprocess = 0
dim $transyn = 0
dim $SS_CENTER = 0
dim $SS_SUNKEN = 0
dim $SS_SIMPLE = 0

;;================================================================================
;;Process front
;;================================================================================
Opt("WinTitleMatchMode", 4)
SetPrivilege("SeDebugPrivilege", 1)
processopen()
func processopen()
Global $ProcessID = WinGetProcess("World of Warcraft","")
Global $offset = 0x1000
while $processfound = 0
    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        $reply = msgbox(1,$appname,"If world of warcraft is running please enter the name of the process (Ie, WORLD OF WARCRAFT) (uppercase sensitive)")
        if $reply = 2 then
            Exit
        Else
            $Processnewname = InputBox($appname,"Please enter the name of the process. (Case sensitive)")
            Global $ProcessID = WinGetProcess($Processnewname,"")   
        EndIf
    Else
        $processfound = 1
    EndIf
WEnd
EndFunc
Local $DllInformation = _MemoryOpen($ProcessID)

If @Error Then
    MsgBox(4096, "ERROR", "Failed to open memory for process;" & $ProcessID)
    Exit
EndIf
;;================================================================================
;;GUI Creation
;;================================================================================
GUICreate($appname, 230, 170)
GUICtrlCreateLabel($appname & " by Malu05", 0, 0, 230, 30,BitOr($SS_CENTER ,$SS_SUNKEN))
$statuslabel = GUICtrlCreateLabel ($defaultstatus,0,155,230,15,BitOr($SS_SIMPLE,$SS_SUNKEN))
;Numbers
;x
GUICtrlCreateLabel("X Axis Pointer:", 5, 35, 95, 50)
$Xvaluepointer = GUICtrlCreateLabel("Not found", 80, 35, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
$Xvalue = GUICtrlCreateLabel("Not found", 160, 35, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
;y
GUICtrlCreateLabel("Y Axis Pointer:", 5, 55, 95, 50)
$Yvaluepointer = GUICtrlCreateLabel("Not found", 80, 55, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
$Yvalue = GUICtrlCreateLabel("Not found", 160, 55, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
;z
GUICtrlCreateLabel("Z Axis Pointer:", 5, 75, 95, 20)
$Zvaluepointer = GUICtrlCreateLabel("Not found", 80, 75, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
$Zvalue = GUICtrlCreateLabel("Not found", 160, 75, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
;rot
GUICtrlCreateLabel("Rotat Pointer:", 5, 95, 95, 20)
$Rotvaluepointer = GUICtrlCreateLabel("Not found", 80, 95, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))
$Rotvalue = GUICtrlCreateLabel("Not found", 160, 95, 70, 18,BitOr($SS_CENTER ,$SS_SUNKEN))

GUICtrlCreateLabel("", 0, 130, 230, 3,BitOr($SS_CENTER ,$SS_SUNKEN))
$ontop= GUICtrlCreateCheckbox ("On Top", 90, 135, 120, 18)
$trans= GUICtrlCreateCheckbox ("Transparent", 5, 135, 80, 18)
GUISetState()

$CurrentLocX = _MemoryRead($knownX, $DllInformation,'float')
MsgBox(0,"Actual start position in memory",hex($knownX))
MsgBox(0,"Aktual start position character in world",$CurrentLocX)
TrayTip($appname, "Scanning For Memory Pointers. Do NOT move your character while scanning...", 5, 1)
;;================================================================================
;;Pointer Scanner
;;================================================================================
;X Pointer
GUICtrlSetData($Xvaluepointer,"Scanning...")
GUICtrlSetData($Yvaluepointer,"Scanning...")
GUICtrlSetData($Zvaluepointer,"Scanning...")
GUICtrlSetData($Rotvaluepointer,"Scanning...")
GUICtrlSetData($statuslabel,"Scanning For Pointer X")
$begin = TimerInit()
$valueSS = _MemoryRead($startsearchX , $DllInformation, 'float')
while $CurrentLocX <> $valueSS
    $startsearchX = $startsearchX+$offset
    $valueSS = _MemoryRead($startsearchX , $DllInformation, 'float')
WEnd
$dif = TimerDiff($begin)
TrayTip($appname, "X, Y and Z Position Pointer Found in "& (floor($dif)/1000) & " Seconds", 5, 1)
GUICtrlSetData($Xvaluepointer,hex($startsearchX))
$memoryX = "0x" & hex($startsearchX,8)
$startsearchY = $startsearchX + 0X4
GUICtrlSetData($Yvaluepointer,hex($startsearchY))
$memoryY = "0x" & hex($startsearchx,8)
$startsearchZ = $startsearchX + 0X8
GUICtrlSetData($Zvaluepointer,hex($startsearchZ))
$memoryZ = "0x" & hex($startsearchx,8)
$startsearchRot = $startsearchX + 0XC
GUICtrlSetData($Rotvaluepointer,hex($startsearchRot))
$memoryRot = "0x" & hex($startsearchx,8)
GUICtrlSetData($statuslabel,"Ready. Time = " & (floor($dif)/1000)& " Seconds")
while 1
    Memscan()
    $scanprocess = 0
    if GUICtrlRead($trans) = 4 Then
        if $transyn = 1 Then
            WinSetTrans( $appname, $appname, 255)
            $transyn = 0
        EndIf
    Else
        if $transyn = 0 Then
            WinSetTrans( $appname, $appname, 200)
            $transyn = 1
        EndIf
    EndIf   
    if GUICtrlRead($ontop) = 1 Then
        WinSetOnTop($appname, "", 1)
    Else
        WinSetOnTop($appname, "", 0)
    EndIf
;nothing
WEnd
;;================================================================================
;;Memscan
;;================================================================================
Func Memscan()
GUICtrlSetData($Xvalue,floor(_MemoryRead($startsearchX, $DllInformation, 'float')))
GUICtrlSetData($Yvalue,floor(_MemoryRead($startsearchY, $DllInformation, 'float')))
GUICtrlSetData($Zvalue,floor(_MemoryRead($startsearchZ, $DllInformation, 'float')))
GUICtrlSetData($Rotvalue,floor((_MemoryRead($startsearchRot, $DllInformation, 'float') / (3.14159265358979/180))))
sleep($UpdateSpeed)
EndFunc
;;================================================================================
;;Rescan
;;================================================================================
func Rescan()
$startsearchX = 0x00000CD4
$begin = 0
$CurrentLocX = _MemoryRead($knownX , $DllInformation, 'float')

TrayTip($appname, "Scanning For Memory Pointers. Do NOT move your character while scanning...", 5, 1)
GUICtrlSetData($Xvaluepointer,"Scanning...")
GUICtrlSetData($Yvaluepointer,"Scanning...")
GUICtrlSetData($Zvaluepointer,"Scanning...")
GUICtrlSetData($Rotvaluepointer,"Scanning...")
GUICtrlSetData($statuslabel,"Scanning For Pointer X")
$begin = TimerInit()
$valueSS = _MemoryRead($startsearchX , $DllInformation, 'float')
while $CurrentLocX <> $valueSS
    $startsearchX = $startsearchX+$offset
    $valueSS = _MemoryRead($startsearchX , $DllInformation, 'float')
WEnd
$dif = TimerDiff($begin)
TrayTip($appname, "X, Y and Z Position Pointer Found in "& (floor($dif)/1000) & " Seconds", 5, 1)
GUICtrlSetData($Xvaluepointer,hex($startsearchX))
$memoryX = "0x" & hex($startsearchX,8)
$startsearchY = $startsearchX + 0X4
GUICtrlSetData($Yvaluepointer,hex($startsearchY))
$memoryY = "0x" & hex($startsearchx,8)
$startsearchZ = $startsearchX + 0X8
GUICtrlSetData($Zvaluepointer,hex($startsearchZ))
$memoryZ = "0x" & hex($startsearchx,8)
$startsearchRot = $startsearchX + 0XC
GUICtrlSetData($Rotvaluepointer,hex($startsearchRot))
$memoryRot = "0x" & hex($startsearchx,8)
GUICtrlSetData($statuslabel,"Ready. Time = " & (floor($dif)/1000)& " Seconds")
EndFunc
;;================================================================================
;;Terminate
;;================================================================================
func terminate()
    _MemoryClose($DllInformation)
    
exit 0
EndFunc ;==>Terminate

I will always get 0 for any positions with _MemoryRead, already for the beginning of reading

$knownX :(

Whats wrong? Any hints?

Thanx,

Makkke

Share this post


Link to post
Share on other sites



If this is the VA you need to go back to CE and get the address, subtract the image base (usually 0x400000) from the VA to get a RVA. When you have the address in hand, use _MemoryGetBaseAddress() and add the RVA to get the correct address. It may not be the case though.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Hm.. i think the adress X = 0x00E18DF4 (FLOAT) is a constant and will always keep the x position..

As you said, i substracted 0x400000 and got wrong values in CE, as you can the in the picture below:

Posted Image

I addition, there is no _MemoryGetBaseAddress() function in my NomadMemory.au3 >_<

Edited by Makkke

Share this post


Link to post
Share on other sites

Update your NomadMemory.au3 then. You don't need to search this address in the CE but it's for the offset to the allocation base you'll get using _MemoryGetBaseAddress(). I see from the image that you don't have the "Memory View" button visible. If you'll click on this you'll see in a new window the allocation base, subtract this value from the address, the reminder is the offset to add to the value you get from _MemoryGetBaseAddress(). Hope everything is clear. >_

Share this post


Link to post
Share on other sites

Hmm, where do i get the latest NomadMemory.au3 from?

Here is the memory window:

Posted Image

Allocation Base is 0x400000, just like you said.

the reminder is the offset to add to the value you get from _MemoryGetBaseAddress().

Which offset? Is it my 0x00E18DF4 - 0x00400000 = 0x00A18DF4 ?

So _MemoryGetBaseAddress()+0x00A18DF4 is correct?

Share this post


Link to post
Share on other sites
Link. Yes, next time search the forum please.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

No, it won't work.. >_<

I am trying to shrink the code to a minimal example. _MemoryGetBaseAddress() is now available in NomadMemory (thanks),

but not used, because i think, AutoIt can read a simple stupid static adress, right?

#include <NomadMemory.au3>
#include <GUIConstants.au3>
#include <String.au3>
#include <Date.au3>
#include <array.au3>
#Include <Misc.au3>

dim $knownX = 0x00E18DF4
dim $knownY = 0x00E18DF8
dim $knownZ = 0x00E18DFC

dim $processfound = 0

Global $ProcessID = WinGetProcess("World of Warcraft","")
while $processfound = 0
    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        $reply = msgbox(1,$appname,"If world of warcraft is running please enter the name of the process (Ie, WORLD OF WARCRAFT) (uppercase sensitive)")
        if $reply = 2 then
            Exit
        Else
            $Processnewname = InputBox($appname,"Please enter the name of the process. (Case sensitive)")
            Global $ProcessID = WinGetProcess($Processnewname,"")   
        EndIf
    Else
        $processfound = 1
    EndIf
WEnd


Local $DllInformation = _MemoryOpen($ProcessID)

If @Error Then
    MsgBox(4096, "ERROR", "Failed to open memory for process;" & $ProcessID)
    Exit
EndIf


$CurrentLocX = _MemoryRead($knownX, $DllInformation,'float')
MsgBox(0,"","X-Pos:  " & $CurrentLocX)
$CurrentLocY = _MemoryRead($knownY, $DllInformation,'float')
MsgBox(0,"","Y-Pos:  " & $CurrentLocY)
$CurrentLocZ = _MemoryRead($knownZ, $DllInformation,'float')
MsgBox(0,"","Z-Pos:  " & $CurrentLocZ)

Again, these used adresses are already static an hold the coordinates. I can check it at CE without any problems.

Always 0 in AutoIt. :(

I use Windows 7 RC, maybe there is a new memory prohibition for AutoIt running on Win 7?

Edited by Makkke

Share this post


Link to post
Share on other sites

Maybe because the address region is protected. Try this one:

#include <NomadMemory.au3>

Global Const $PAGE_READWRITE = 0x00000004
Global Const $knownX = 0x00E18DF4
Global Const $knownY = 0x00E18DF8
Global Const $knownZ = 0x00E18DFC

Global $ProcessID = WinGetProcess("World of Warcraft","")
Global $processfound = 0
Global $appname = ''

while $processfound = 0
    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        $reply = msgbox(1,$appname,"If world of warcraft is running please enter the name of the process (Ie, WORLD OF WARCRAFT) (uppercase sensitive)")
        if $reply = 2 then
            Exit
        Else
            $Processnewname = InputBox($appname,"Please enter the name of the process. (Case sensitive)")
            Global $ProcessID = WinGetProcess($Processnewname,"")   
        EndIf
    Else
        $processfound = 1
    EndIf
WEnd

; May be much simpler just to call: _MemoryOpen(ProcessExists('wow.exe'))
; ..or another process name.
Global $DllInformation = _MemoryOpen($ProcessID)

If IsArray($DllInformation) Then
    _WinAPI_VirtualProtectEx($DllInformation[1], $knownX, 12, $PAGE_READWRITE)

    $CurrentLocX = _MemoryRead($knownX, $DllInformation,'float')
    MsgBox(0,"","X-Pos:  " & $CurrentLocX)
    $CurrentLocY = _MemoryRead($knownY, $DllInformation,'float')
    MsgBox(0,"","Y-Pos:  " & $CurrentLocY)
    $CurrentLocZ = _MemoryRead($knownZ, $DllInformation,'float')
    MsgBox(0,"","Z-Pos:  " & $CurrentLocZ)
    _MemoryClose($DllInformation)
EndIf

Func _WinAPI_VirtualProtectEx($hProc, $pAddr, $iSize, $iNewProtect)
    Local $aResult
    
    $aResult = DllCall('kernel32.dll', 'int', 'VirtualProtectEx', 'hwnd', $hProc, 'ptr', $pAddr, 'ulong_ptr', $iSize, 'uint', $iNewProtect, 'uint*', 0)
    If @error Then Return SetError(@error, @extended, 0)
    Return SetError(0, $aResult[5], $aResult[0])
EndFunc

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Maybe because the address region is protected. Try this one:

#include <NomadMemory.au3>

Global Const $PAGE_READWRITE = 0x00000004
Global Const $knownX = 0x00E18DF4
Global Const $knownY = 0x00E18DF8
Global Const $knownZ = 0x00E18DFC

Global $ProcessID = WinGetProcess("World of Warcraft","")
Global $processfound = 0
Global $appname = ''

while $processfound = 0
    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        $reply = msgbox(1,$appname,"If world of warcraft is running please enter the name of the process (Ie, WORLD OF WARCRAFT) (uppercase sensitive)")
        if $reply = 2 then
            Exit
        Else
            $Processnewname = InputBox($appname,"Please enter the name of the process. (Case sensitive)")
            Global $ProcessID = WinGetProcess($Processnewname,"")   
        EndIf
    Else
        $processfound = 1
    EndIf
WEnd

; May be much simpler just to call: _MemoryOpen(ProcessExists('wow.exe'))
; ..or another process name.
Global $DllInformation = _MemoryOpen($ProcessID)

If IsArray($DllInformation) Then
    _WinAPI_VirtualProtectEx($DllInformation[1], $knownX, 12, $PAGE_READWRITE)

    $CurrentLocX = _MemoryRead($knownX, $DllInformation,'float')
    MsgBox(0,"","X-Pos:  " & $CurrentLocX)
    $CurrentLocY = _MemoryRead($knownY, $DllInformation,'float')
    MsgBox(0,"","Y-Pos:  " & $CurrentLocY)
    $CurrentLocZ = _MemoryRead($knownZ, $DllInformation,'float')
    MsgBox(0,"","Z-Pos:  " & $CurrentLocZ)
    _MemoryClose($DllInformation)
EndIf

Func _WinAPI_VirtualProtectEx($hProc, $pAddr, $iSize, $iNewProtect)
    Local $aResult
    
    $aResult = DllCall('kernel32.dll', 'int', 'VirtualProtectEx', 'hwnd', $hProc, 'ptr', $pAddr, 'ulong_ptr', $iSize, 'uint', $iNewProtect, 'uint*', 0)
    If @error Then Return SetError(@error, @extended, 0)
    Return SetError(0, $aResult[5], $aResult[0])
EndFunc

This is off-topic but..

SIZE_T issue is really interesting with AutoIt. I see you use 'ulong_ptr' but for DllCall() function AutoIt says this:

#include <WinApi.au3>

ConsoleWrite(_WinAPI_LoadString(0, 166) & @CRLF)

It is obvious that something is not right.

That's why I would go with "dword" if I were you, even if it means limiting the function.

Oh... and this is warez or not?

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

No, it won't work.. >_<

I am trying to shrink the code to a minimal example. _MemoryGetBaseAddress() is now available in NomadMemory (thanks),

but not used, because i think, AutoIt can read a simple stupid static adress, right?

#include <NomadMemory.au3>
#include <GUIConstants.au3>
#include <String.au3>
#include <Date.au3>
#include <array.au3>
#Include <Misc.au3>

dim $knownX = 0x00E18DF4
dim $knownY = 0x00E18DF8
dim $knownZ = 0x00E18DFC

dim $processfound = 0

Global $ProcessID = WinGetProcess("World of Warcraft","")
while $processfound = 0
    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        $reply = msgbox(1,$appname,"If world of warcraft is running please enter the name of the process (Ie, WORLD OF WARCRAFT) (uppercase sensitive)")
        if $reply = 2 then
            Exit
        Else
            $Processnewname = InputBox($appname,"Please enter the name of the process. (Case sensitive)")
            Global $ProcessID = WinGetProcess($Processnewname,"")   
        EndIf
    Else
        $processfound = 1
    EndIf
WEnd


Local $DllInformation = _MemoryOpen($ProcessID)

If @Error Then
    MsgBox(4096, "ERROR", "Failed to open memory for process;" & $ProcessID)
    Exit
EndIf


$CurrentLocX = _MemoryRead($knownX, $DllInformation,'float')
MsgBox(0,"","X-Pos:  " & $CurrentLocX)
$CurrentLocY = _MemoryRead($knownY, $DllInformation,'float')
MsgBox(0,"","Y-Pos:  " & $CurrentLocY)
$CurrentLocZ = _MemoryRead($knownZ, $DllInformation,'float')
MsgBox(0,"","Z-Pos:  " & $CurrentLocZ)

Again, these used adresses are already static an hold the coordinates. I can check it at CE without any problems.

Always 0 in AutoIt. :(

I use Windows 7 RC, maybe there is a new memory prohibition for AutoIt running on Win 7?

Uff....yesterday work fine with Nomadmemory modified, today always "0" !!!! :(

Share this post


Link to post
Share on other sites

Uff....yesterday work fine with Nomadmemory modified, today always "0" !!!! >_<

Solved:

SetPrivilege("SeDebugPrivilege", 1)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0