AutoHotkey Community

Posted: **05 Feb 2018, 14:13**

Hello!,

I just found this Post here < https://autohotkey.com/board/topic/3388 ... -function/ > about ReadMemory and WriteMemory and i found it Interesting that AHK can Read/Write memory so i Tryed out myself with CheatEngine and the Simple Tutorial in CheatEngine.

I found out that the Address of the "health" from the Tutorial is 0388F4A0 and with the ReadMemory function from the Post my Script look so now,
i just wanted the see the ReadMemory function work, and its didnt work or i do something wrong.

Code: Select all

value:=ReadMemory(0388F4A0,"Tutorial-i386.exe") 
MsgBox %value%

But its dont give me out the current Value, its give me the Value 0 every time, so how can i fix it that it gives me the Correct Value? and how can i Edit this Value with WriteMemory.

I know its every time a Different Value. i already tryed it with the Normal Tutorial and the x64 Tutorial, nothing worked!.

It would be nice if some one can help me, maybe this Guy help me that has in his profile the AHK icon with CheatEngine but i forgot his Name ^^. Cheers

Posted: **05 Feb 2018, 15:35**

hi this is an example of one of my script i use:

Code: Select all


IF NOT A_IsAdmin
{
   Run *RunAs "%A_ScriptFullPath%"
   ExitApp
}
setSeDebugPrivilege(enable := True)

#SingleInstance Force
; http://prntscr.com/i6s00z picture of working
ProcessName := "CS2D.exe"
hwnd := MemoryOpenFromName(ProcessName)

X = 0x08B582AC
Y = 0x08B582B0

FlagX =
FlagY =


Z::

ToolTip, Teleported To :X:%xx%`nY:%yy%,0,0

MemoryWrite(hwnd,X,xx,int)
MemoryWrite(hwnd,Y,yy,int)
return

X::
xx := % MemoryRead(hwnd,X,int,4)
yy := % MemoryRead(hwnd,Y,int,4)

ToolTip, Saved Location:X:%xx%`nY:%yy%,0,0


;MemoryWrite(hwnd,X,FlagX,int)
;MemoryWrite(hwnd,Y,FlagY,int)

return

~Esc::
ExitApp
return


MemoryOpenFromName(Name)
{
    Process, Exist, %Name%
    Return DllCall("OpenProcess", "Uint", 0x1F0FFF, "int", 0, "int", PID := ErrorLevel)
}

MemoryWrite(hwnd, address, writevalue, datatype="int", length=4, offset=0)
{
	VarSetCapacity(finalvalue, length, 0)
	NumPut(writevalue, finalvalue, 0, datatype)
	return DllCall("WriteProcessMemory", "Uint", hwnd, "Uint", address+offset, "Uint", &finalvalue, "Uint", length, "Uint", 0)
}

MemoryRead(hwnd, address, datatype="int", length=4, offset=0)
{
	VarSetCapacity(readvalue,length, 0)
	DllCall("ReadProcessMemory","Uint",hwnd,"Uint",address+offset,"Str",readvalue,"Uint",length,"Uint *",0)
if (datatype = "Str")
		finalvalue := StrGet(&readvalue, length, "UTF-16")
else
	finalvalue := NumGet(readvalue, 0, datatype)
	return finalvalue
}

setSeDebugPrivilege(enable := True)
{
    h := DllCall("OpenProcess", "UInt", 0x0400, "Int", false, "UInt", DllCall("GetCurrentProcessId"), "Ptr")
    ; Open an adjustable access token with this process (TOKEN_ADJUST_PRIVILEGES = 32)
    DllCall("Advapi32.dll\OpenProcessToken", "Ptr", h, "UInt", 32, "PtrP", t)
    VarSetCapacity(ti, 16, 0)  ; structure of privileges
    NumPut(1, ti, 0, "UInt")  ; one entry in the privileges array...
    ; Retrieves the locally unique identifier of the debug privilege:
    DllCall("Advapi32.dll\LookupPrivilegeValue", "Ptr", 0, "Str", "SeDebugPrivilege", "Int64P", luid)
    NumPut(luid, ti, 4, "Int64")
    if enable
    	NumPut(2, ti, 12, "UInt")  ; enable this privilege: SE_PRIVILEGE_ENABLED = 2
    ; Update the privileges of this process with the new access token:
    r := DllCall("Advapi32.dll\AdjustTokenPrivileges", "Ptr", t, "Int", false, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)
    DllCall("CloseHandle", "Ptr", t)  ; close this access token handle to save memory
    DllCall("CloseHandle", "Ptr", h)  ; close this process handle to save memory
    return r
}

^Esc::
ExitApp
return

Posted: **06 Feb 2018, 07:08**

SnowFlake wrote:hi this is an example of one of my script i use:

Code: Select all


IF NOT A_IsAdmin
{
   Run *RunAs "%A_ScriptFullPath%"
   ExitApp
}
setSeDebugPrivilege(enable := True)

#SingleInstance Force
; http://prntscr.com/i6s00z picture of working
ProcessName := "CS2D.exe"
hwnd := MemoryOpenFromName(ProcessName)

X = 0x08B582AC
Y = 0x08B582B0

FlagX =
FlagY =


Z::

ToolTip, Teleported To :X:%xx%`nY:%yy%,0,0

MemoryWrite(hwnd,X,xx,int)
MemoryWrite(hwnd,Y,yy,int)
return

X::
xx := % MemoryRead(hwnd,X,int,4)
yy := % MemoryRead(hwnd,Y,int,4)

ToolTip, Saved Location:X:%xx%`nY:%yy%,0,0


;MemoryWrite(hwnd,X,FlagX,int)
;MemoryWrite(hwnd,Y,FlagY,int)

return

~Esc::
ExitApp
return


MemoryOpenFromName(Name)
{
    Process, Exist, %Name%
    Return DllCall("OpenProcess", "Uint", 0x1F0FFF, "int", 0, "int", PID := ErrorLevel)
}

MemoryWrite(hwnd, address, writevalue, datatype="int", length=4, offset=0)
{
	VarSetCapacity(finalvalue, length, 0)
	NumPut(writevalue, finalvalue, 0, datatype)
	return DllCall("WriteProcessMemory", "Uint", hwnd, "Uint", address+offset, "Uint", &finalvalue, "Uint", length, "Uint", 0)
}

MemoryRead(hwnd, address, datatype="int", length=4, offset=0)
{
	VarSetCapacity(readvalue,length, 0)
	DllCall("ReadProcessMemory","Uint",hwnd,"Uint",address+offset,"Str",readvalue,"Uint",length,"Uint *",0)
if (datatype = "Str")
		finalvalue := StrGet(&readvalue, length, "UTF-16")
else
	finalvalue := NumGet(readvalue, 0, datatype)
	return finalvalue
}

setSeDebugPrivilege(enable := True)
{
    h := DllCall("OpenProcess", "UInt", 0x0400, "Int", false, "UInt", DllCall("GetCurrentProcessId"), "Ptr")
    ; Open an adjustable access token with this process (TOKEN_ADJUST_PRIVILEGES = 32)
    DllCall("Advapi32.dll\OpenProcessToken", "Ptr", h, "UInt", 32, "PtrP", t)
    VarSetCapacity(ti, 16, 0)  ; structure of privileges
    NumPut(1, ti, 0, "UInt")  ; one entry in the privileges array...
    ; Retrieves the locally unique identifier of the debug privilege:
    DllCall("Advapi32.dll\LookupPrivilegeValue", "Ptr", 0, "Str", "SeDebugPrivilege", "Int64P", luid)
    NumPut(luid, ti, 4, "Int64")
    if enable
    	NumPut(2, ti, 12, "UInt")  ; enable this privilege: SE_PRIVILEGE_ENABLED = 2
    ; Update the privileges of this process with the new access token:
    r := DllCall("Advapi32.dll\AdjustTokenPrivileges", "Ptr", t, "Int", false, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)
    DllCall("CloseHandle", "Ptr", t)  ; close this access token handle to save memory
    DllCall("CloseHandle", "Ptr", h)  ; close this process handle to save memory
    return r
}

^Esc::
ExitApp
return

First of all, thanks SnowFlake for the Help, but!.

I have the same problem, i cant read the value, or edit it :/

Code: Select all

ProcessName := "Tutorial-i386.exe"
hwnd := MemoryOpenFromName(ProcessName)

MemoryWrite(hwnd, 038EFE90,int)
Sleep, 1000
x := MemoryRead(hwnd, 038EFE90,int)
MsgBox, %x%

When i try to read the "health" i get just 0 and when i try to edit it nothing happen < https://postimg.org/image/a3v955apx/ >.

Maybe if you want you can help me :) Thanks!

Posted: **06 Feb 2018, 07:37**

MemoryWrite(hwnd, 038EFE90,int)

MemoryWrite(hwnd, 0x038EFE90, "int")

Cheers.

Edit, looking at snowflake's code I see MemoryWrite(hwnd, address, writevalue, datatype="int", length=4, offset=0), so you seem to be missing one parameter as well.

Posted: **06 Feb 2018, 08:20**

Helgef wrote:MemoryWrite(hwnd, 038EFE90,int) :arrow: MemoryWrite(hwnd, 0x038EFE90, "int") :?:

Cheers.

Edit, looking at snowflake's code I see MemoryWrite(hwnd, address, writevalue, datatype="int", length=4, offset=0), so you seem to be missing one parameter as well.

Thanks Helgef i tryed it so MemoryWrite(hwnd, 039AF8B0, 100, "int", 4, 0) Its didnt worked so i tryed this MemoryWrite(hwnd, 039AF8B0, 100, "int", length, offset) its didnt work :/

Need i for Dll Calls a special version of AHK ? or i do something wrong i really dont know :/

Edit: Discord: Reloaded #6060
Im always on in Discord if you or someone want help me, write me ;)

Posted: **06 Feb 2018, 08:32**

039AF8B0

0x039AF8B0?

Posted: **06 Feb 2018, 10:57**

Helgef wrote:039AF8B0 :arrow: 0x039AF8B0?

It is every time a different Value :)

Posted: **06 Feb 2018, 12:36**

It is every time a different Value

It doesn't matter, it is just a blank variable unless you assigned it a value, which I doubt, see (maybe) variables or Concepts - Variables. Example,

Code: Select all

msgbox % 039AF8B0 ; blank
039AF8B0 := "hello"
msgbox % 039AF8B0	; hello
msgbox % 0x039AF8B0 ; the number

Cheers.

Posted: **06 Feb 2018, 13:31**

Reloaded you need to find a static adress, like this, https://www.youtube.com/watch?v=N44nk9URoG8

Posted: **06 Feb 2018, 13:36**

Helgef wrote:
It is every time a different Value
It doesn't matter, it is just a blank variable unless you assigned it a value, which I doubt, see (maybe) variables or Concepts - Variables. Example,
Code: Select all
msgbox % 039AF8B0 ; blank
039AF8B0 := "hello"
msgbox % 039AF8B0	; hello
msgbox % 0x039AF8B0 ; the number
Cheers.

Thank you so much for your help Helgef! i will try my best. Cheers

Posted: **06 Feb 2018, 13:38**

SnowFlake wrote:Reloaded you need to find a static adress, like this, https://www.youtube.com/watch?v=N44nk9URoG8

Thanks SnowFlake i will watch and learn hope its work than!.
And one time more, thanks ! because the MemoryWrite and MemoryRead function that you Posted !. Cheers

AutoHotkey Community

AHK and MemoryWrite

AHK and MemoryWrite

Re: AHK and MemoryWrite Topic is solved

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite

Re: AHK and MemoryWrite