Read memory and offsets Topic is solved

Get help with using AutoHotkey and its commands and hotkeys
kyuuuri
Posts: 92
Joined: 09 Jan 2016, 19:20

Read memory and offsets

14 Feb 2018, 15:48

Hello i used cheat engine to scan for pointers and got the following:
Image
From what i understand this means:

Code: [Select all] [Download] GeSHi © Codebox Plus

BaseOffset := 0x00B8C83C
offset0 := 0x0
offset1 := 0xA8
offset2 := 0x3FC

The first thing i don't understand is:
If those values are always the same then what changes the result? I think that it's the BaseAddress that i still don't know how to find (yes used google but can't find something that i understand)

Then if the BaseAddress changes how do i get that address everytime i launch the exe?

Also tried the following (obtained this while searching on the forum before posting)

Code: [Select all] [Expand] [Download] GeSHi © Codebox Plus



Result i get: Image

Thank you for your time.

@edit:
Okay i found this and it worked BUT i still have a question about this:

Code: [Select all] [Expand] [Download] GeSHi © Codebox Plus


I tried reading and searching each line but i don't understand what is this for. As Lexikos said in the same post i obtained this code from:
EXE files typically have a fixed base, determined when the file is compiled. You can read it from the file's header

Does this means that if i share my exe then this base address won't change?. Then i don't have to check this address everytime unless exe changes?

Again thank you for your time
RHCP
Posts: 182
Joined: 30 Sep 2013, 10:59

Re: Read memory and offsets  Topic is solved

14 Feb 2018, 22:21

I tried reading and searching each line but i don't understand what is this for.


Programs will either have a dynamic (ASLR) base address which changes every time it is run, or they will have a static base address which never changes.

In the case of the static base address, this address is set when the program is compiled/created - a value is written into the exe which specifies the base address, it is typically 0x400000. Lexikos' function will find and read this value from the exe.

With regards to reading memory of a program which has a static base address, there is no real point in using the above function, as the base address never changes - instead you can hard code this value (usually 0x400000) into your script. There are a number of ways to find this base address in CE, but the simplest is to add the process name as an address in CE, the example below shows that the game FTLGAME.exe has a base address of 0x00A90000.

Image

To determine if a process uses a dynamic or static base address, simply add the process name as an address just like above and restart the program - if the base address is the same after restarting, then it is a static address. It sounds like your program has a static base address.

If a program has a dynamic base address, then Lexikos' function will not work, as the address is not hard coded into the executable. Instead you will have to use another function - see the code provided below.

Does this means that if i share my exe then this base address won't change?. Then i don't have to check this address everytime unless exe changes?


Correct.

If you ever need to find a dynamic base address, read memory values other than UInts, or wish to read pointers in a single line, then this memory class can help.
https://github.com/Kalamity/classMemory


Here is an example used to read your pointer - you would need to change the "FTLGAME.exe" to match your EXEs name.

Code: [Select all] [Expand] [Download] GeSHi © Codebox Plus

kyuuuri
Posts: 92
Joined: 09 Jan 2016, 19:20

Re: Read memory and offsets

14 Feb 2018, 22:55

Wow didn't expect an aswer like that. Thank you for the time you took to write that.
You helped a lot now i understand what i'm doing with that code haha. Thank you!!
FanaticGuru
Posts: 1097
Joined: 30 Sep 2013, 22:25

Re: Read memory and offsets

14 Feb 2018, 23:59

RHCP wrote:If you ever need to find a dynamic base address, read memory values other than UInts, or wish to read pointers in a single line, then this memory class can help.
https://github.com/Kalamity/classMemory

Mainly as just a shoutout and thank you to RHCP, I also use classMemory and highly recommend it.

FG
Hotkey Help - Help Dialog for Currently Running AHK Scripts

AHK Startup - Consolidate Multiply AHK Scripts with one Tray Icon

Google Search, Dictionary, Thesaurus - Quickly Get Information from Specific Web Resources

[Function] Timer - Create and Manage Timers

Return to “Ask For Help”

Who is online

Users browsing this forum: Meow and 25 guests