Context:
That's it, I'm a beginner and I have a project: to create a trainer with AHK! For that, I need to access the memory of the game.
And I do not know how to do it despite the fact that I read a lot of threads on it.
I chose the AssaultCube game because it is not protected by an anticheat. With the help of cheat engine, I could find the pointers. Sometimes there were several levels!
I have the addresses of the health, the armor, the ammunition (the stock and in the magazine, grenades, the activation of the double gun etc ....)
All these values are in solo mode (not online, so I can learn and it's not for ez kill guys who did not ask anything).
This is what I call the "player object pointer": ac_client.exe + 10F4F4
And here are some other addresses like this:
Health: ac_client.exe + 10F4F4 + offset F8
Armor: ac_client.exe + 10F4F4 + offset FC
Rifle ammo in mag: ac_client.exe + 10F4F4 + offset 150
I did some research and apparently I need to use :
OpenProcess ()
ReadProcessMemory ()
WriteProcessMemory ()
The objective:
Only there is not a single tutorial for beginners and I do not understand the code that I find here and there .... I need people to help me step by step.
I do not go out on my own. I tried a lot of things, besides it seems that some things only work in 32bit other 64bits,
and that according to the version of the OS some things do not work either.
I am under windows 10 64bits. The game is 32bits.
Do not think I'm lazy, I really spent a lot of time searching, and I did my homework look:
Let's go:
Good the first step open the process:
I think I can get the PID and the hwnd
here is my code:
Code: Select all
#NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
; #Warn ; Enable warnings to assist with detecting common errors.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
ReadMemory(MADDRESS=0x15B29DD0,PROGRAM="AssaultCube",BYTES=4)
{
Static OLDPROC, ProcessHandle
VarSetCapacity(MVALUE, BYTES,0)
If PROGRAM != %OLDPROC%
{
WinGet, pid, pid, % OLDPROC := PROGRAM
ProcessHandle := ( ProcessHandle ? 0*(closed:=DllCall("CloseHandle"
,"UInt",ProcessHandle)) : 0 )+(pid ? DllCall("OpenProcess"
,"Int",16,"Int",0,"UInt",pid) : 0)
}
If (ProcessHandle) && DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",BYTES,"UInt *",0)
{
Loop % BYTES
Result += *(&MVALUE + A_Index-1) << 8*(A_Index-1)
Return Result
}
return !ProcessHandle ? "Handle Closed:" closed : "Fail"
}
BaseAdress := 0x400000
offsettoPlayerObjectPointer := 0x10F4F4
PlayerObjectPointer := 0
RifleAmmoLoad := 0
f1::
WinGet, AssaultCubePID, PID, AssaultCube
MsgBox %AssaultCubePID%
return
f2::
AssaultCubehWnd := WinExist("ahk_exe ac_client.exe")
MsgBox %AssaultCubehWnd%
return
f3::
winwait AssaultCube
StartTime := A_TickCount
loop 1000
value:=ReadMemory(BaseAdress,"AssaultCube")
ElapsedTime := A_TickCount - StartTime
msgbox, Memory address 0x400000 = %value%`nTake %ElapsedTime% ms to loop 1000 times
return
f4::
winwait AssaultCube
StartTime := A_TickCount
loop 1000
value:=ReadMemory(BaseAdress,"AssaultCube")
ElapsedTime := A_TickCount - StartTime
MsgBox %value%
PlayerObjectPointer = %value%
MsgBox %PlayerObjectPointer%
PlayerObjectPointer += %offsettoPlayerObjectPointer%
MsgBox PlayerObjectPointer = %PlayerObjectPointer%
winwait AssaultCube
StartTime := A_TickCount
loop 1000
value:=ReadMemory(PlayerObjectPointer,"AssaultCube")
ElapsedTime := A_TickCount - StartTime
msgbox, Memory address PlayerObjectPointer = %value%`nTake %ElapsedTime% ms to loop 1000 times
return
With F1, I can see that I have a value for the PID that changes constantly. Ex: 12988.
Does it look like a PID ? ^^
With F2, I can see that I have a value for the hwnd which changes constantly. Ex: 0x4f0dd6.
It looks like a Hwnd ? ^^
Step 2: ReadProcessMemory ()! Arf, it makes me crazy!
From this post: https://autohotkey.com/boards/viewtopic.php?t=44241
My game has a static address! Who is: 0x00400000
With f3, I get the same value for address 0x400000, from cheat engine and my script! Oh yeah, that's it! I'm in memory!
With f4: Ok, I tried everything and anything on this F4. And it's anything now lol
For now I am stuck here.
1) What link can I make between my base address, and my cheat engine pointers
2) How to add offsets in my script?
=> I would like for the moment, by pressing f4, to display the same value of Player object pointer as cheat engine.
Then, with f6, add an offset to find lhealth for example.
Step 3: WriteProcessMemory ()! I should complete the step 2 We'll see after.
If some can help me, for the moment with the step 2. Obviously, I do not really understand how to interact with the memory of the game.
Thank you for your help !