Read Memory Topic is solved

[T1ran1403]

Hello, friends! I am having trouble reading memory, namely with one line:

Code: Select all

duck: = ReadMemory (offset_1 + offset_2 + (i * 0x10) & 0xFFF, PID, ProcessHandle)

The problem is that it doesn't work:

Code: Select all

& 0xFFF

Here is the memory read function I am using:

Code: Select all

ProcessHandle: = DllCall ("OpenProcess", "int", 2035711, "char", 0, "UInt", PID, "UInt")

and:

Code: Select all

ReadMemory (MADDRESS, PID = 0, ProcessHandle = -1)
{
VarSetCapacity (MVALUE, 4.0)
DllCall ("ReadProcessMemory", "UInt", ProcessHandle, "UInt", MADDRESS, "Str", MVALUE, "UInt", 4, "UInt *", 0)
Loop 4
result + = * (& MVALUE + A_Index-1) << 8 * (A_Index-1)
SetFormat, Integer, D
return, result
}

Please tell me how to arrange it correctly.

[boiler]

Are you able to run it without syntax errors for having a space between your function name and the open parenthesis its parameter definition? And you need to also remove the space between the function name and the open parenthesis when calling a function, or it doesn't actually call the function even though it doesn't always cause a syntax error in that case (it thinks it's an expression that is concatenating a variable and an expression in parentheses).

[T1ran1403]

Thank you very much for your response. But these spaces are missing in my code, I just translated them through Google Translate, so they were created automatically. The problem itself lies in this line:

Code: Select all

duck := ReadMemory(offset_1 + offset_2 + (i * 0x10) & 0xFFF, PID, ProcessHandle)

The result of this string is incorrect, because the bitwise operation & 0xFFF does not work.

Do you happen to know how to properly arrange this line?
I apologize in advance for my English)

[boiler]

Take this example:

Code: Select all

offset_1 := 0x010000
offset_2 := 0x001000
i := 3

address := offset_1 + offset_2 + (i * 0x10) & 0xFFF
MsgBox, % Format("{:X}", address)

What do you expect the result to be? After all the math up to the &, you get 0x11030. Then you & it with 0xFFF, stripping off all the higher order stuff, and you're left with a result of 0x30.

You probably meant this:

Code: Select all

address := offset_1 + offset_2 + ((i * 0x10) & 0xFFF)

...which groups the & 0xFFF to be performed only on the result of i * 0x10, giving an overall result of 0x11030.

[T1ran1403]

This is my cycle.

Code: Select all

i := 0x1
pers_glow_max := 7


Loop
	{
		if (i = pers_glow_max)
				{
					i:= 0x1
				}
			duck := ReadMemory(offset_1 + offset_2 + ((i * 0x10) & 0xFFF), PID, ProcessHandle)
			duck_address := ReadMemory(Client + Lists + (duck - 1) * 0x10, PID, ProcessHandle)
		i := i + 0x1
	}

I use this part of the code as "for i in range (0, 8):" (example from Python).

Code: Select all

if (i = pers_glow_max)
				{
					i:= 0x1
				}

[boiler]

Do you have a question?

[T1ran1403]

I tried as you said:

Code: Select all

duck:= ReadMemory(offset_1 + offset_2 + ((i * 0x10) & 0xFFF), PID, ProcessHandle)

Unfortunately, this did not help. Sorry if I seem completely stupid, I'm just learning to program.

[boiler]

I don't know what you're trying to accomplish, so I can't tell if your expressions are doing what you expect them to do. Do you know what they are supposed to do? What I suggested seemed like it might be a necessary change because I couldn't see why you would want to extract just the lowest 12 bits. Can you explain what it's supposed to do, or did you just grab some code and not know how or why it works? Without knowing how you are trying to manipulate the memory (which locations and what you are trying to do with their contents), then I can't help you.

[T1ran1403]

I took the ready-made code from the Internet in Python. This code is entered into the game and will change the skins of any weapon. This code works great in Python, but I decided to do something similar only in the AutoHotkey language, as I find it not very difficult for a beginner. When I looked at this pointer through the cheat engine, it contained 0 to 0xFFF addresses. I understand that after re-entering the game, the address randomly takes its position within these limits.

Here is the Python code itself that works correctly:

Code: Select all

import time
import pymem
import requests
import keyboard

offsets = 'https raw.githubusercontent.com /frk1/hazedumper/master/csgo.json'
response = requests.get( offsets ).json()

dwClientState = int( response["signatures"]["dwClientState"] )
dwLocalPlayer = int(response['signatures']['dwLocalPlayer'])
m_hMyWeapons = int(response['netvars']['m_hMyWeapons'])
dwEntityList = int(response["signatures"]["dwEntityList"])
m_iItemDefinitionIndex = int(response["netvars"]["m_iItemDefinitionIndex"])
m_OriginalOwnerXuidLow = int(response["netvars"]["m_OriginalOwnerXuidLow"])
m_iItemIDHigh = int(response["netvars"]["m_iItemIDHigh"])
m_nFallbackPaintKit = int(response["netvars"]["m_nFallbackPaintKit"])
m_iAccountID = int(response["netvars"]["m_iAccountID"])
m_nFallbackStatTrak = int(response["netvars"]["m_nFallbackStatTrak"])
m_nFallbackSeed = int(response["netvars"]["m_nFallbackSeed"])
m_flFallbackWear = int(response["netvars"]["m_flFallbackWear"])

akpaint = 44

pm = pymem.Pymem( "csgo.exe" )
client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll
engine = pymem.process.module_from_name(pm.process_handle, "engine.dll").lpBaseOfDll

engine_state = pm.read_int( engine + dwClientState )
while True:
    local_player = pm.read_int( client + dwLocalPlayer )
    if local_player == 0:
        continue
    for i in range( 0, 8 ):
        my_weapons = pm.read_int( local_player + m_hMyWeapons + (i - 1) * 0x4 ) & 0xFFF
        weapon_address = pm.read_int( client + dwEntityList + (my_weapons - 1) * 0x10 )
        if weapon_address:
            weapon_id = pm.read_short( weapon_address + m_iItemDefinitionIndex )
            weapon_owner = pm.read_int( weapon_address + m_OriginalOwnerXuidLow )
            seed = 420
            if weapon_id == 7:
                fallbackpaint = akpaint
                seed = 661
                pm.write_int( weapon_address + m_iItemIDHigh, -1 )
                pm.write_int( weapon_address + m_nFallbackPaintKit, fallbackpaint )
                pm.write_int( weapon_address + m_iAccountID, weapon_owner )
                pm.write_int( weapon_address + m_nFallbackStatTrak, 1337 )
                pm.write_int( weapon_address + m_nFallbackSeed, seed )
                pm.write_float( weapon_address + m_flFallbackWear, float( 0.000001 ) )
        #time.sleep(20)
    if keyboard.is_pressed( "f6" ):
        pm.write_int( engine_state + 0x174, -1 )

if __name__ == "__main__":
    change_skin()

image.png (61.81 KiB) Viewed 1575 times

[boiler]

Do you know that your parameter 2035711 (0x1F0FFF) is correct?

Are all of your variables (offset_1, offset_2, Client, etc.) defined somewhere? They're not shown in what you posted.

I don't see a one-for-one correlation between similar lines in the Python code to your code, but I'm not following what exactly they're supposed to be doing vs. what you are trying to do. This line seems like a cross between a couple lines in the Python code:

Code: Select all

duck:= ReadMemory(offset_1 + offset_2 + ((i * 0x10) & 0xFFF), PID, ProcessHandle)

I'm not going to be of much help on the details of working with this stuff. These are just some basic questions I see looking at your code.

[T1ran1403]

Initially, I did not give all my code to AutoHotkey, as I was sure that the error was only in this line:

Code: Select all

my_weapons := ReadMemory(local_player + m_hMyWeapons + ((pers_glow * 0x10) & 0xFFF), PID, ProcessHandle)

If this line was designed correctly, the script would work, I just need to understand where to write 0xFFF in this line.
Yes, I am sure that all the variables in my code are correct. The script does not work only because the string my_weapons is incorrectly formulated. Thank you for trying to help me, I appreciate your input.

[T1ran1403]

I solved my problem this way:

Code: Select all

duck: = ReadMemory(offset_1 +  offset_2 + (i * 0x10), PID, ProcessHandle)
new_duck := duck & 0xFFF

[boiler]

OK. That makes more sense. You didn't want to & with that address, you wanted to & with the value stored at that memory location. So the way to do it all in one line would be like this:

Code: Select all

duck: = (ReadMemory(offset_1 +  offset_2 + (i * 0x10), PID, ProcessHandle)) & 0xFFF