Guest wrote:RHCP wrote:0sync0 wrote:What needs to be modified in the ReadMemory function to make it work with float values?
Change
Code: Select all
success := DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", address, "UInt*", result, "Ptr", 4, "Ptr",0)
to
Code: Select all
success := DllCall("ReadProcessMemory", "Ptr", hProcess, "Ptr", address, "Float*", result, "Ptr", 4, "Ptr",0)
Thanks.
Code: Select all
SetFormat, Integer, hex
pointer1:=ReadMemory(0x019D45B0)
pointer2:=ReadMemory(pointer1+0x2C)
pointer3:=ReadMemory(pointer2+0xF4)
pointer4:=ReadMemory(pointer3+0x74)
pointer5:=ReadMemory(pointer4+0x79C)
pointer6:=ReadMemory(pointer5+0xA4)
This code uses values from this Cheat Engine pointer scan.
http://imgur.com/a/zdiJZ
The first pointer for the base address doesn't match the value that CE shows.
Just so everyone's on the same page, that pointer is for Elder Scrolls. You need to find the base address of the process, i.e. the memory address that eso.exe resolves to in CE.
Here are two methods to get the base address of the program.
If the first method doesn't work, try the second.
Code: Select all
; The base address for some programs is dynamic. This can retrieve the current base address of the main module (e.g. Calc.exe),
; which can then be added to your various offsets.
; This function will return the correct address regardless of the
; bitness (32 or 64 bit) of both the AHK exe and the target process.
; That is they can both be 32 bit or 64 bit, or the target process
; can be 32 bit while ahk is 64bit
; Return values:
; Null The process's window couldn't be found.
; 0 The GetWindowLong or GetWindowLongPtr call failed.
; Non-Zero The base address of the process (success).
getProcessBaseAddress(WindowTitle, windowMatchMode := "3") ;WindowTitle can be anything ahk_exe ahk_class etc
{
if (windowMatchMode && A_TitleMatchMode != windowMatchMode)
{
mode := A_TitleMatchMode ; This is a string and will not contain the 0x prefix
StringReplace, windowMatchMode, windowMatchMode, 0x ; remove hex prefix as SetTitleMatchMode will throw a run time error. This will occur if integer mode is set to hex and matchmode param is passed as an number not a string.
SetTitleMatchMode, %windowMatchMode% ;mode 3 is an exact match
}
WinGet, hWnd, ID, %WindowTitle%
if mode
SetTitleMatchMode, %mode% ; In case executed in autoexec
if !hWnd
return ; return blank failed to find window
return DllCall(A_PtrSize = 4 ; If DLL call fails, returned value will = 0
? "GetWindowLong"
: "GetWindowLongPtr"
, "Ptr", hWnd, "Int", -6, A_Is64bitOS ? "Int64" : "UInt")
; For the returned value when the OS is 64 bit use Int64 to prevent negative overflow when AHK is 32 bit and target process is 64bit
; however if the OS is 32 bit, must use UInt, otherwise the number will be huge (however it will still work as the lower 4 bytes are correct)
; Note - it's the OS bitness which matters here, not the scripts/AHKs
}
Code: Select all
; Parameters:
; Program - Can be any window title/class e.g "AHK_EXE calc.exe"
; Module - The file name of the module/dll to find e.g. "GDI32.dll", "Battle.net.dll" etc
; If no module is specified, the address of the base module - main() (program) will be returned e.g. C:\Program Files (x86)\Skype\Phone\Skype.exe
; Return Values:
; Positive integer - Module base address
; -1 - Module not found
; -2 - Couldn't find the process. The program isn't running or you passed an incorrect program identifier parameter
; -3 - Couldn't open the process. If the target process is running with admin rights, then the script will also need to be ran as admin.
; -4 - Problem with EnumProcessModules. This shouldn't happen.
; -5 - The AHK script is 32 bit and you are trying to access the modules of a 64 bit target process.
; Note: A 64 bit AHK can enumerate the modules of a target 64 or 32 bit process.
; A 32 bit AHK (any process actually) can only enumerate the modules of another 32 bit process
getModuleBaseAddress(program, module := "")
{
WinGet, pid, pid, %program%
if pid ; PROCESS_QUERY_INFORMATION + PROCESS_VM_READ
hProc := DllCall("OpenProcess", "UInt", 0x0400 | 0x0010 , "Int", 0, "UInt", pid)
else return -2
if !hProc
return -3
if (A_PtrSize = 4) ; AHK 32bit
{
DllCall("IsWow64Process", "Ptr", hProc, "Int*", result)
if !result
return -5, DllCall("CloseHandle","Ptr",hProc) ; AHK is 32bit and target process is 64 bit, this function wont work
}
if (module = "")
{
VarSetCapacity(mainExeNameBuffer, 2048 * (A_IsUnicode ? 2 : 1))
DllCall("psapi\GetModuleFileNameEx", "Ptr", hProc, "UInt", 0
, "Ptr", &mainExeNameBuffer, "UInt", 2048 / (A_IsUnicode ? 2 : 1))
mainExeFullPath := StrGet(&mainExeNameBuffer)
; mainExeName = main executable module of the process (will include full directory path)
}
size := VarSetCapacity(lphModule, 4)
loop
{
DllCall("psapi\EnumProcessModules", "Ptr", hProc, "Ptr", &lphModule
, "UInt", size, "UInt*", reqSize)
if ErrorLevel
return -4, DllCall("CloseHandle","Ptr",hProc)
else if (size >= reqSize)
break
else
size := VarSetCapacity(lphModule, reqSize)
}
VarSetCapacity(lpFilename, 2048 * (A_IsUnicode ? 2 : 1))
loop % reqSize / A_PtrSize ; sizeof(HMODULE) - enumerate the array of HMODULEs
{
DllCall("psapi\GetModuleFileNameEx", "Ptr", hProc, "Ptr", numget(lphModule, (A_index - 1) * A_PtrSize)
, "Ptr", &lpFilename, "UInt", 2048 / (A_IsUnicode ? 2 : 1))
; module will contain directory path as well e.g C:\Windows\syswow65\GDI32.dll
moduleFullPath := StrGet(&lpFilename)
SplitPath, moduleFullPath, fileName ; strips the path so = GDI32.dll
if (module = "" && mainExeFullPath = moduleFullPath) || (module != "" && module = filename)
{
VarSetCapacity(MODULEINFO, A_PtrSize = 4 ? 12 : 24)
DllCall("psapi\GetModuleInformation", "Ptr", hProc, "Ptr", numget(lphModule, (A_index - 1) * A_PtrSize)
, "Ptr", &MODULEINFO, "UInt", A_PtrSize = 4 ? 12 : 24)
return numget(MODULEINFO, 0, "Ptr"), DllCall("CloseHandle","Ptr",hProc)
}
}
return -1, DllCall("CloseHandle","Ptr",hProc) ; not found
}
Example:
Code: Select all
base := getProcessBaseAddress("ahk_exe eso.exe")
; Or
; base := getModuleBaseAddress("ahk_exe eso.exe")
pointer1:=ReadMemory(base + 0x019D45B0)
pointer2:=ReadMemory(pointer1+0x2C)
pointer3:=ReadMemory(pointer2+0xF4)
pointer4:=ReadMemory(pointer3+0x74)
pointer5:=ReadMemory(pointer4+0x79C)
value:=ReadMemory(pointer5+0xA4)