Info Posted August 3, 2009 Share Posted August 3, 2009 (edited) Could anyone give me a hint about how to find all the memory addresses in the process that have the same value, just like the search function in CE? Edited August 5, 2009 by Info Link to comment Share on other sites More sharing options...
Info Posted August 5, 2009 Author Share Posted August 5, 2009 Bump Perhaps a kernel32 function? Link to comment Share on other sites More sharing options...
Bert Posted August 5, 2009 Share Posted August 5, 2009 is this for a online multi-player game bot? The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
Info Posted August 5, 2009 Author Share Posted August 5, 2009 No. Link to comment Share on other sites More sharing options...
Szhlopp Posted August 5, 2009 Share Posted August 5, 2009 I wrote one in AutoIt that purely did scanning of all the addresses, skipping ones that weren't read+write. It's REALLY slow though. CE gives their source, don't really know much of C++, don't know any Deplhi. Though you could probably see how they do it and possibly make a DLL or something that does it and returns an array. I'll look for the code that I wrote and see how slow it really is. I just remember it being bad bad bad though. RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
Info Posted August 5, 2009 Author Share Posted August 5, 2009 Great, but one do you mean by "skipping ones that weren't read+write"? Link to comment Share on other sites More sharing options...
Szhlopp Posted August 5, 2009 Share Posted August 5, 2009 Great, but one do you mean by "skipping ones that weren't read+write"?Okay update.Got the old autoit written scanner again. It's pretty darn slow compared to CheatEngine :/ I even am using all sorts of techniques to lower the amount I have to scan.I am, however, writing an autoit CE UDF. Completely controls CheatEngine though autoit commands. Here are a few I am working on:CESetProcessCEScanCEAddressList=)The only thing I can't get working at the moment is making the CE window not visible to the user. I am setting the flag @SW_HIDE on "Cheat Engine 5.5". It does make the window go away, but the taskbar is still there. I even tried the HideTaskbar function and it can't find the window to remove it from the taskbar.If anyone has a working example of how to hide CE completely, that would rock!Szh RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
Info Posted August 5, 2009 Author Share Posted August 5, 2009 Still waiting for some angel to come with a nice hint. >_<I am setting the flag @SW_HIDE on "Cheat Engine 5.5". It does make the window go away, but the taskbar is still there.Are you sure you're talking about the taskbar and not about the program manager?@SW_HIDE in WinSetState() hides the window from the taskbar... Link to comment Share on other sites More sharing options...
Info Posted August 6, 2009 Author Share Posted August 6, 2009 Bump Link to comment Share on other sites More sharing options...
Szhlopp Posted August 6, 2009 Share Posted August 6, 2009 Bump Here was the scanner I was working on. Pure AU3. It's (like I said), really really slow. expandcollapse popup#include <GUIConstants.au3> #Include <GuiListView.au3> #include <NomadMemory.au3> #include <Array.au3> ; $PID = WinGetProcess("InkBall") $OpenMem = _MemoryOpen($PID) ScanMemory($OpenMem, 2) Func _ScanReadableMemory($Handle) Local $StartMemory = Dec("00400000") Local $EndMemory = Dec("7FFFFFFF") Local $Address, $LastAddress, $Progress Local $Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword') Local $BufferScan2 = DllStructCreate('dword;dword;dword;dword;dword;dword;dword') Local $ReturnArray[1][2] $Address = '0x' & Hex($StartMemory) While 1 DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $Address, 'ptr', DllStructGetPtr($Buffer), 'int', DllStructGetSize($Buffer)) Local $BaseAddress = '0x' & Hex(DllStructGetData($Buffer, 1)); + 0) Local $AllocBase = '0x' & Hex(DllStructGetData($Buffer, 2)) Local $AllocProtect = Hex(DllStructGetData($Buffer, 3)) Local $RegionSize = DllStructGetData($Buffer, 4) Local $State = '0x' & Hex(DllStructGetData($Buffer, 5)) Local $Protect = Hex(DllStructGetData($Buffer, 6)) Local $Type = '0x' & Hex(DllStructGetData($Buffer, 7)) $LastAddress = $Address $Address = '0x' & Hex($BaseAddress + $RegionSize) If $Address = $LastAddress Then ExitLoop EndIf #cs Select Case $AllocProtect = 0x00 $AllocProtect = '' Case $AllocProtect = 0x01 $AllocProtect = 'No Access' Case $AllocProtect = 0x02 $AllocProtect = 'Read' Case $AllocProtect = 0x04 $AllocProtect = 'Read+Write' Case $AllocProtect = 0x08 $AllocProtect = 'Write-Copy' Case $AllocProtect = 0x10 $AllocProtect = 'Execute' Case $AllocProtect = 0x20 $AllocProtect = 'Exe-Read' Case $AllocProtect = 0x40 $AllocProtect = 'Exe-Read+Write' Case $AllocProtect = 0x80 $AllocProtect = 'Exe-Write-Copy' EndSelect Select Case $State = 0x1000 $State = 'Commit' Case $State = 0x2000 $State = 'Reserve' Case $State = 0x10000 $State = 'Free' EndSelect Select Case $Protect = 0x00 $Protect = '' Case $Protect = 0x01 $Protect = 'No Access' Case $Protect = 0x02 $Protect = 'Read' Case $Protect = 0x04 $Protect = 'Read+Write' Case $Protect = 0x08 $Protect = 'Write-Copy' Case $Protect = 0x10 $Protect = 'Execute' Case $Protect = 0x20 $Protect = 'Exe-Read' Case $Protect = 0x40 $Protect = 'Exe-Read+Write' Case $Protect = 0x80 $Protect = 'Exe-Write-Copy' EndSelect Select Case $Type = 0x20000 $Type = 'Private' Case $Type = 0x40000 $Type = 'Mapped' Case $Type = 0x1000000 $Type = 'Image' EndSelect #ce $AddressScan2 = "0x" & Hex(Dec(StringTrimLeft($BaseAddress, 2)) + $RegionSize) DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $AddressScan2, 'ptr', DllStructGetPtr($BufferScan2), 'int', DllStructGetSize($BufferScan2)) Local $AllocBase2 = '0x' & Hex(DllStructGetData($BufferScan2, 2)) Local $AllocProtect2 = Hex(DllStructGetData($BufferScan2, 3)) Local $State2 = '0x' & Hex(DllStructGetData($BufferScan2, 5)) Local $Protect2 = Hex(DllStructGetData($BufferScan2, 6)) ; If the next set is readable as well. If $AllocBase2 <> 0x0 And $State2 = 0x1000 Then If $AllocProtect2 <> 0 And $AllocProtect2 <> 0x1 Then If $Protect2 <> 0 And $Protect2 <> 0x1 Then ;First set If $AllocBase <> 0x0 And $State = 0x1000 And $RegionSize > 282624 Then If $AllocProtect <> 0 And $AllocProtect <> 0x1 Then If $Protect <> 0 And $Protect <> 0x1 Then ReDim $ReturnArray[UBound($ReturnArray) + 1][2] $ReturnArray[UBound($ReturnArray) - 1][0] = $BaseAddress $ReturnArray[UBound($ReturnArray) - 1][1] = Hex($RegionSize) EndIf EndIf EndIf EndIf EndIf EndIf If $BaseAddress < 0 Then $BaseAddress = 2147483648 + ($BaseAddress) + 2147483648 EndIf If ($BaseAddress + $RegionSize) >= $EndMemory Then ExitLoop EndIf WEnd Return $ReturnArray EndFunc Func ScanMemory($aOpenMemory, $vValue, $sType = 'dword') Local $ReturnAddressList[1][2] ; Get the scannable memory $aRet = _ScanReadableMemory($OpenMem) _ArrayDisplay($aRet) For $I = 1 To UBound($aRet) - 1 $StartMem = Dec(StringTrimLeft($aRet[$I][0], 2)) $EndMemory = $StartMem + Dec($aRet[$I][1]) $CurrentAddress = $StartMem ;MsgBox(0, "", Hex($StartMem) & "/" & Hex($EndMemory)) While $CurrentAddress <> $EndMemory If _MemoryRead("0x" & Hex($CurrentAddress), $aOpenMemory, $sType) = $vValue Then ReDim $ReturnAddressList[UBound($ReturnAddressList) + 1][2] $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = "0x" & Hex($CurrentAddress) $ReturnAddressList[UBound($ReturnAddressList) - 1][0] = $vValue EndIf $CurrentAddress += 1 TrayTip("Address", "0x" & Hex($CurrentAddress), 15) WEnd _ArrayDisplay($ReturnAddressList) Next EndFunc I'm hoping to have my CEUDF.au3 out pretty soon here. Should be a great way to completely control CE while it's not even visible to the user (I had to modify some functions, but the hide works now). I'm not entirely sure why it will be better for the user to go through our screens and such instead of just using CheatEngine itself. But I guess we can make it as easy as possible for the user to get going on it without having to learn how to use CE >_< RegEx/RegExRep Tester!Nerd Olympics - Community App!Login UDFMemory UDF - "Game.exe+753EC" - CE pointer to AU3Password Manager W/ SourceDataFiler - Include files in your au3!--- Was I helpful? Click the little green '+' Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now