View previous topic :: View next topic |
Author |
Message |
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 9:09 am Post subject: Getting base Address from a process and write in TXT file |
|
|
Hi! I need a compilable script that get the base address of a process for i use with the WriteProcessMemory function (not injection). (Sorry for: i need, its because i dont know LUA and my language that i made Bots have an issue with getting process base address on x64 systems and i want make work on 64 bit, all memory edition works only baseAddress, and seeing in CE and writing it manually is not a good way)
It can be based on process name or window name. Thanks in advance
So:
1. Use Window name or process name (or both) to get base address (not injection)
2. Write in an INI or txt file the base address getted. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 10:28 am Post subject: |
|
|
If you can't get your program to work on 64-bit targets, perhaps you should try to fix that problem instead of looking for cheap workarounds.
Regardless, this will write the address of the main module of whatever process is opened by CE to a text file on the desktop.
Code: | if process then
local f = assert(io.open(os.getenv('HOMEPATH') .. '\\Desktop\\file.txt','w'))
f:write(string.format('%08X',getAddress(process)))
f:close()
end |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 10:41 am Post subject: |
|
|
Thanks in advance.
All works in the language that i working (like memory reading / writting). The only that not works is the function to Get Base Address, i searched all internet for a solution but not fould then i will use other language to do it (yes, maybe little poor way but a way). i Will try thanks
Thanks, but how can i turn this script in an EXE, i tried run from lua script option from cheat engine and it not work. Wheres can i put the name of process? |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 10:59 am Post subject: |
|
|
You really shouldn't be trying to use CE and Lua like that. What language are you using? _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 11:39 am Post subject: |
|
|
I am using Autoit that have an issue when getting base Address but works well for all other functions like memory write/read. The problem iam not know how can i compile into an exe
All UDFs that have GetBaseAddress functions works well on 32 bit OS the problems comes in 64 bit os returns wrong base address |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 12:01 pm Post subject: |
|
|
I've never touched autoit, but it seems like it can call dll functions pretty easily. There is plenty of documentation, tutorials, and examples online detailing how to use the Windows API (e.g. CreateToolhelp32Snapshot, Process32First/Process32Next, Module32First/Module32Next) to get the location a module is loaded at.
(also make sure you're using the 64-bit version of autoit) _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 12:13 pm Post subject: |
|
|
Sorry, i not understand about process/memory editing/etc at point to make a complex function like that, and all that i found that uses Windows API etc not work on 64 Bits its return always 0x00400000. I think that its is a issue of Autoit.
Sorry for my bad english
An example that not work on 64:
; #FUNCTION# ====================================================================================================================
; Name ..........: _Module_GetBaseAddress
; Description ...: Gets the base address of a module in the process associated with an array returned by _Process_Open.
; Syntax ........: _Module_GetBaseAddress($ahHandle, $sModuleName)
; Parameters ....: $ahHandle - An array of handles.
; $sModuleName - A string value.
; The name of the module.
; Return values .: An integer value. The base address of the module in the open process.
; @error - 0 = No error occurred.
; 1 = An invalid handle array was specified.
; 2 = An error occurred while obtaining the first module of the process.
; Author ........: KryziK
; Modified ......: 1/12/2013
; Remarks .......:
; Related .......:
; Link ..........:
; Example .......: _Module_GetBaseAddress($ahHandle, "KryziK.dll")
; ===============================================================================================================================
Func _Module_GetBaseAddress($ahHandle, $sModuleName)
If Not IsArray($ahHandle) Then
SetError(1, 0, False)
;Return False
EndIf
Local $ahSnapshot = DllCall($ahHandle[0], "handle", "CreateToolhelp32Snapshot", _
"dword", BitOR($TH32CS_SNAPMODULE, $TH32CS_SNAPMODULE32), _
"dword", $ahHandle[2])
Local $vModuleEntry32 = DllStructCreate("dword dwSize;" & _
"dword th32ModuleID;" & _
"dword th32ProcessID;" & _
"dword GlblcntUsage;" & _
"dword ProccntUsage;" & _
"ptr modBaseAddr;" & _
"dword modBaseSize;" & _
"handle hModule;" & _
"char szModule[256];" & _
"char szExePath[260]")
DllStructSetData($vModuleEntry32, "dwSize", DllStructGetSize($vModuleEntry32))
Local $ahCall = DllCall($ahHandle[0], "bool", "Module32First", _
"handle", $ahSnapshot[0], _
"ptr", DllStructGetPtr($vModuleEntry32))
If Not $ahCall[0] Then
DllCall($ahHandle[0], "bool", "CloseHandle", _
"handle", $ahSnapshot[0])
SetError(2, 0, False)
;Return False
EndIf
Do
If DllStructGetData($vModuleEntry32, "szModule") = $sModuleName Then
DllCall($ahHandle[0], "bool", "CloseHandle", _
"handle", $ahSnapshot[0])
Return DllStructGetData($vModuleEntry32, "modBaseAddr")
EndIf
$ahCall = DllCall($ahHandle[0], "bool", "Module32Next", _
"handle", $ahSnapshot[0], _
"ptr", DllStructGetPtr($vModuleEntry32))
Until Not $ahCall[0]
DllCall($ahHandle[0], "bool", "CloseHandle", _
"handle", $ahSnapshot[0])
Return False
EndFunc ;==>_Module_GetBaseAddress |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 12:39 pm Post subject: |
|
|
Does it give you any sort of error? If not, what does it return and what is the actual base address of the module? _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 12:47 pm Post subject: |
|
|
Its always returns: 0x00400000, i am using right:
Global $ahHandle = _Process_Open(WinGetProcess($sWinString))
$r = _Process_GetBaseAddress($ahHandle)
ConsoleWrite(@CRLF & " -> " & $r & " <- " & @CRLF) |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 12:49 pm Post subject: |
|
|
Where did you get _Process_GetBaseAddress from? _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 12:58 pm Post subject: |
|
|
Lol, wait, i changed in CE the value of "Game.exe"+00FFA9D4
To
00400000+00FFA9D4
And this pointing right
Edit:
I figured the problem:
The CE:
00400000+001EDD48=034B0644
The AutoIT:
00400000+001EDD48=005EDD48
But why this happening LOL ???????
I got this working puting Dec in offset
Global $aOffsets = ["DC"]
To
Global $aOffsets = [Dec("DC")]
Thanks by your attention |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 3:01 pm Post subject: |
|
|
The value stored at 00400000+001EDD48 is probably 034B0644. I'm not sure what the rest of that post is suppose to be. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 5:08 pm Post subject: |
|
|
Yeah, i think that this returning wrong base address because its 00400000 many times and i not obtain sucess in memory read before. But i think (for now) its all ok with AutoIt. For some reason i also associated the address beside the Exe name in the process list of CE with base address but i see its not same. |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Thu Nov 17, 2016 5:23 pm Post subject: |
|
|
The base address of a pointer is not the same thing as the base address of the module. Your script was correctly returning the base address of the module, but you had to add the offset into the module to get the base address of the pointer. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
nameuser How do I cheat? Reputation: 0
Joined: 17 Nov 2016 Posts: 8
|
Posted: Thu Nov 17, 2016 8:13 pm Post subject: |
|
|
Yeah, i know it. Now everything working fine. Thanksssss man. |
|
Back to top |
|
|
|