AHK res= 0x1052BE0
Code: Select all
res = % 0x9f0000+0x00662BE0
MsgBox % res
Code: Select all
res = % 0x045B5FE0+0x2f4
MsgBox % res
why? what i missed, anybody know? plz hlp
Code: Select all
res = % 0x9f0000+0x00662BE0
MsgBox % res
Code: Select all
res = % 0x045B5FE0+0x2f4
MsgBox % res
why this?RHCP wrote: 0x9f0000+0x00662BE0 evaluates to 0x1052BE0
0x1052BE0 STORES/HOLDS the VALUE 0x043801D4.
If you look at the first offset (1a8), you can see that value/pointer being used i.e. [043801D4 + 1a8] (anything inside square brackets [] means value at this address) which evaluates to [438037C] or value at address 0x438037C, which in this case is 7DBE4428...which is then used in the next pointer level above.
ok, can u halp me?RHCP wrote: 045B5FE0+2f4 -> 40A00000
The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.
Code: Select all
;i fave
game.exe = 0x009F0000
offset = 0x00991690
;and 4 pointer
poin1 = 0x19c
poin2 = 0x1b8
poin3 = 0x424
poin4 = 0x2f4
;what i need to Do
res := game.exe + offset
res := res + poin1
res := res + poin2
res := res + poin3
res := res + poin4
;yes? or this
res := game.exe + offset
res:= ReadMemory(res, game.exe)
res := res + poin1
res := res + poin2
res := res + poin3
res := res + poin4
ReadMemory(MADDRESS,PROGRAM){
winget, pid, PID, %PROGRAM%
VarSetCapacity(MVALUE,4,0)
ProcessHandle := DllCall("OpenProcess", "Int", 24, "Char", 0, "UInt", pid, "UInt")
DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",4,"UInt *",0)
Loop 4
result += *(&MVALUE + A_Index-1) << 8*(A_Index-1)
return, result
}
look likes a truRHCP wrote:
045B5FE0+2f4 -> 40A00000
The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.
what i do whron on 5 step? i know i must just add? or whatn plz take me tipsRHCP wrote: 045B5FE0+2f4 -> 40A00000
The ' -> ' means 'points to'.
In this case, CE really means [045B5FE0+2f4] -> 40A0000
which is the same as [0x45B62D4] -> 40A00000
Remember the square brackets ' [] ' means 'value at address'. The value at address 0x45B62D4 is 5.
Hence, 5 -> 40A00000, i.e. the memory address 5 holds the value 40A00000.
Code: Select all
pBase = gameBaseAddress + offset ; 0x009F0000 + 00991690
p1 = ReadMemory(pBase, "GameName.exe")
p2 = ReadMemory(p1 + 0x1A8, "GameName.exe")
p3 = ReadMemory(p2 + 0x84, "GameName.exe")
p4 = ReadMemory(p3 + 0x40C, "GameName.exe")
p5 = ReadMemory(p4 + 0x430, "GameName.exe")
finalValue_Result = ReadMemory(p5 + 0x2F4, "GameName.exe")
Code: Select all
value := mem.read(mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4)
Code: Select all
; The contents of the classMemory.ahk file can be copied directly into your script. Alternately, you can copy the classMemory.ahk file into your library folder,
; in which case you will need to use the #include directive in your script i.e.
#Include <classMemory>
if (_ClassMemory.__Class != "_ClassMemory")
msgbox class memory not correctly installed. Or the (global class) variable "_ClassMemory" has been overwritten
; create an object to read memory from the target process
; mem := new _ClassMemory("ahk_exe calc.exe", "", hProcessCopy)
mem := new _ClassMemory("ahk_exe rqmain.exe", "", hProcessCopy)
; Check if the above method was successful i.e. found the process and opened it.
if !isObject(mem)
{
msgbox failed to open a handle
if (hProcessCopy = 0)
msgbox The program isn't running (not found) or you passed an incorrect program identifier parameter.
else if (hProcessCopy = "")
msgbox OpenProcess failed. If the target process has admin rights, then the script also needs to be ran as admin. Consult A_LastError for more information.
ExitApp
}
; - You only need to do the stuff above once (if the process closes/restarts, then you need to do it again).
; read the pointer
value := mem.read(mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4)
; alternatively, you can do:
;pointer := [mem.BaseAddress + 0x00991690, "UInt", 0x1A8, 0x84, 0x40C, 0x430, 0x2F4]
;value := mem.read(pointer*)
msgbox % value
RHCP wrote:The syntax would look something like this:
....
Users browsing this forum: No registered users and 31 guests