How would I go about finding the address with an area of bytes array? I've looked around and found nothing myself and I'm not sure where to start.
How would I go about finding the address with an area of bytes array? I've looked around and found nothing myself and I'm not sure where to start.
finding the address?
area of bytes array?
the question appears to make no sense.
so no answer I could give would make sense.
The universe is a wondrous place! The faster you create unbreakable code, the faster the universe creates people that can break it. All scripting follows the rule Rule Of Twos -- 1) Good, 2) Fast 3) Cheap -- pick any Two.
I guarantee absolutely nothing about any code I provide except that it works in my machine. ●
MMO Fighter KeyLooperDemo Key Spammer TinyClickRecorder GGs Password Generator.ahk
For the newest version of AutoHotkey and some killer scripts go here.
Are you referring to a pattern of bytes in a processes memory? If so, it's not too hard.
Here is the basic approach. http://www.autohotke...oid#entry658145
This finds a pattern of bytes in a file, but the search algorithm is the same.
With regards to memory, you can speed it up considerably by dumping a large memory area as a buffer and then using the machine code scanInBuf() function to find the bytes. http://www.autohotke...-of-null/page-4
Even just dumping the buffer is a much faster than reading each byte one at a time via readProcessMemory()
I started playing around with a crude pattern scanner which would accept wild cards, but I never got around to making it iterate memory pages or optimising it.
finding the address?
area of bytes array?
the question appears to make no sense.
so no answer I could give would make sense.
Well, I would be using an AoB to match an address instead of using a pointer since I have bytes that never change and the pointer is normally a few levels.
Are you referring to a pattern of bytes in a processes memory? If so, it's not too hard.
Here is the basic approach. http://www.autohotke...oid#entry658145
This finds a pattern of bytes in a file, but the search algorithm is the same.
With regards to memory, you can speed it up considerably by dumping a large memory area as a buffer and then using the machine code scanInBuf() function to find the bytes. http://www.autohotke...-of-null/page-4
Even just dumping the buffer is a much faster than reading each byte one at a time via readProcessMemory()
I started playing around with a crude pattern scanner which would accept wild cards, but I never got around to making it iterate memory pages or optimising it.
Thanks RHCP, it's a bit complex for me but it's at least somewhere to start. =)
I had a go at this today. I haven't done too much research, nor do I have much experience in this area, but it seems to work.
This memory class contains contains the various methods. https://github.com/K...classMemory.ahk
The methods of interest here are:
modulePatternScan(module := "", aAOBPattern*) ; scans the memory area of a module
addressPatternScan(startAddress, sizeOfRegionBytes, aAOBPattern*) ; scans a given memory area
processPatternScan(aAOBPattern*) ; scans the memory region of the current process.
patternScan(startAddress, sizeOfRegionBytes, patternMask, byRef needleBuffer) ;The internal method which is used by the above methods.
The pattern supports wildcard bytes.
These methods are not finalised, as I will probably tinker with them when I have the time and have done more research.
Edit:
The scans now use a machine code function for comparison. This is very fast, well it's orders of magnitude faster than when AHK was doing it.
An example script:
#singleinstance force ; Include the file assuming its been saved to a library folder #include <classmemory> if (memory.__Class != "Memory") msgbox class memory not correctly installed. Or the (global class) variable "Memory" has been overwritten ; This demo will be search for an AOB inside this running AHK script via ReadProcessMemory() DetectHiddenWindows, On ; As the AHK window is hidden and this class needs to find the window mem := new memory("ahk_pid " DllCall("GetCurrentProcessId")) DetectHiddenWindows, Off return f1:: ; setformat Hex so the shown addresses are in hex SetFormat, integerFast, Hex ; lets create a 12 byte array of values inside the variable 'test' ; which we will then search for VarSetCapacity(test, 12), aAOBPattern := [] loop, 12 { ; insert the value into 'test' numput(A_Index*5, test, A_Index-1, "UChar") ; insert the value of the byte into the AOB pattern aAOBPattern.insert(A_Index*5) } ; set a couple of bytes in the AOB pattern to wildcard for demonstration aAOBPattern.5 := aAOBPattern.6 := "?" ; If you know the approximate address of the pattern, then you can just ; scan this region of memory using the method addressPatternScan() ; Note: The third parameter is variadic so you can manually pass each byte value ; i.e. mem.addressPatternScan(address, sizeOfArea, byte1Value, byte2Value, byte3Value.....) ; Or you can pass the entire array using '*' address := mem.addressPatternScan(&test, size := 100, aAOBPattern*) if address > 0 { msgbox % "patternScan Found address at: " address . "`nActual Address: " &test } else if address = 0 msgbox patternScan didn't find the address else msgbox patternScan failed error: %address% ; Otherwise you can scan the entire process address := mem.processPatternScan(aAOBPattern*) if address > 0 { msgbox % "processPatternScan Found address at: " address . "`nActual Address: " &test SetFormat, integerFast, D ; so we don't have to view the value in hex loop, 12 { msgbox % "Byte " A_Index . "`nRead: " mem.read(address + A_Index - 1, "UChar") . "`nAHK: " numget(test, A_Index - 1, "UChar") } } else msgbox patternScan failed error: %address% return