Question about HEX? Cheat Engine Topic is solved

[masheen]

Hi, who knows? why cheat engine 9f0000 + 00662BE0 = 043801D4



AHK res= 0x1052BE0

Code: Select all

res = % 0x9f0000+0x00662BE0
MsgBox % res

if i take this, i get right result 0x45B62D4

Code: Select all

res = % 0x045B5FE0+0x2f4
MsgBox % res

udp: but if i add in cheat engine this i get 40A00000



why? what i missed, anybody know? plz hlp

[RHCP]

0x9f0000+0x00662BE0 evaluates to 0x1052BE0
0x1052BE0 STORES/HOLDS the VALUE 0x043801D4.
If you look at the first offset (1a8), you can see that value/pointer being used i.e. [043801D4 + 1a8] (anything inside square brackets [] means value at this address) which evaluates to [438037C] or value at address 0x438037C, which in this case is 7DBE4428...which is then used in the next pointer level above.

[masheen]

0x9f0000+0x00662BE0 evaluates to 0x1052BE0
0x1052BE0 STORES/HOLDS the VALUE 0x043801D4.
If you look at the first offset (1a8), you can see that value/pointer being used i.e. [043801D4 + 1a8] (anything inside square brackets [] means value at this address) which evaluates to [438037C] or value at address 0x438037C, which in this case is 7DBE4428...which is then used in the next pointer level above.

why this?

[RHCP]

Edited: I was wrong here.... its been a while

The ' -> ' means 'points to'.
In this case, 045B5FE0+2f4 -> 40A0000 or 0x45B62D4 -> 40A00000.
Which means the value at address 0x45B62D4 is 0x40A00000

[masheen]

045B5FE0+2f4 -> 40A00000
The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.

ok, can u halp me?

Code: Select all

;i fave 
game.exe = 0x009F0000
offset = 0x00991690
;and 4 pointer
poin1 = 0x19c
poin2 = 0x1b8
poin3 = 0x424
poin4 = 0x2f4

;what i need to Do

res := game.exe + offset
res := res + poin1
res := res + poin2
res := res + poin3
res := res + poin4

;yes? or this

res := game.exe + offset
res:= ReadMemory(res, game.exe)
res := res + poin1
res := res + poin2
res := res + poin3
res := res + poin4

ReadMemory(MADDRESS,PROGRAM){
winget, pid, PID, %PROGRAM%
VarSetCapacity(MVALUE,4,0)
ProcessHandle := DllCall("OpenProcess", "Int", 24, "Char", 0, "UInt", pid, "UInt")
DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",4,"UInt *",0)
Loop 4
result += *(&MVALUE + A_Index-1) << 8*(A_Index-1)
return, result  
}

[masheen]

045B5FE0+2f4 -> 40A00000

The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.

look likes a tru

[masheen]

045B5FE0+2f4 -> 40A00000

The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.

what i do whron on 5 step? i know i must just add? or whatn plz take me tips





ok SOLVED i no need read this. i already writhe to step 5

THX RHCP

[RHCP]

The syntax would look something like this:

Code: Select all

pBase = gameBaseAddress + offset ; 0x009F0000 + 00991690
p1 = ReadMemory(pBase, "GameName.exe")
p2 = ReadMemory(p1 + 0x1A8, "GameName.exe")
p3 = ReadMemory(p2 + 0x84, "GameName.exe")
p4 = ReadMemory(p3 + 0x40C, "GameName.exe")
p5 = ReadMemory(p4 + 0x430, "GameName.exe")
finalValue_Result = ReadMemory(p5 + 0x2F4, "GameName.exe")

Alternatively, you can use this memory class to read and write values.
https://github.com/Kalamity/classMemory ... Memory.ahk

The syntax would look like this

Code: Select all

value := mem.read(mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4)

Complete example:

Code: Select all

; The contents of the classMemory.ahk file can be copied directly into your script. Alternately, you can copy the classMemory.ahk file into your library folder,
; in which case you will need to use the #include directive in your script i.e. 
#Include <classMemory> 

if (_ClassMemory.__Class != "_ClassMemory")
    msgbox class memory not correctly installed. Or the (global class) variable "_ClassMemory" has been overwritten

; create an object to read memory from the target process
; mem := new _ClassMemory("ahk_exe calc.exe", "", hProcessCopy) 
mem := new _ClassMemory("ahk_exe rqmain.exe", "", hProcessCopy) 

; Check if the above method was successful i.e. found the process and opened it.
if !isObject(mem) 
{
    msgbox failed to open a handle
    if (hProcessCopy = 0)
        msgbox The program isn't running (not found) or you passed an incorrect program identifier parameter. 
    else if (hProcessCopy = "")
        msgbox OpenProcess failed. If the target process has admin rights, then the script also needs to be ran as admin. Consult A_LastError for more information.
    ExitApp
}
; - You only need to do the stuff above once (if the process closes/restarts, then you need to do it again).

; read the pointer
value := mem.read(mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4)

; alternatively, you can do:
;pointer := [mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4]
;value := mem.read(pointer*)

msgbox % value

[RHCP]

The issue you're having here is that you are trying to read a FLOAT as a UINT.

The value you are getting (0x40A00000) is correct, this is indeed 5 as a float, but since you are reading it (in AHK) as a UINT, it becomes 0x40A00000.

[masheen]

The syntax would look something like this:

....

ok SOLVED i no need read this. i already need writhe on step 5

THX RHCP

[RHCP]

See the post above - you were doing everything correct, except you were reading the final value as a UInt (your AHK readmemory function only works with UInts), instead of a float.