 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Zephir
Newbie cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 13
|
 Posted: Mon Apr 23, 2007 5:10 pm Post subject: problem with pointers! |
 |
|
Like topic said i have a problem finding a pointer in a game!!!
example:
i found the address where my characters hp are stored.this address changes every time i run the game.now i need to find the pointer....
did "find out what writes to this address" and got this:
| Code: | | http://img264.imageshack.us/img264/2073/helpkw6.jpg |
how do i use this info to find the pointer? havent slept 2 days now and read/watched every tut on this page without any good....
help 
p.s. screenshots would be amazing!
Edit:
See my problem is that it uses different locations:
mov eax, ......
mov ecx, ......
mov edx, ........
mov [eax+offset], ....
however the CE tutorial.exe explains only how to handle entries like:
move edx,.....
move edx, ......
move edx,.......
do i just ignore the rest? or do i have to work with them as well. please drop a line ...
mov
|
|
| Back to top |
|
 |
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Apr 24, 2007 6:22 am Post subject: |
|
|
Ok post a screen shot of the memory view of the address when you find what writes to it again.
Make sure the address is in both memory windows top and bottom window in CE.
Look at my image and the address of 0058FAFC
It is in both views. Be sure to get the whole window so we can see the module you are in.
|
|
| Back to top |
|
|
Zephir
Newbie cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 13
|
| Posted: Tue Apr 24, 2007 10:08 am Post subject: |
|
|
okay. now i got all the windows in one screenshot.
so the game is WoW.
the value i got is the currentHP of my char. it is dynamic. i need the pointer and cant figure out what the right offsets are...
screenshot:
| Code: | | http://img339.imageshack.us/my.php?image=unbenanntzi7.jpg |
step 2: i searched for the address the "Extra Info" gave me and got a new address. now if i add 58(constant offset) to this new address i get to the value of my hitpoints. however this is not the base pointer and every time i restart the game nothing works...
i made another screen of step 2:
| Code: | | http://img404.imageshack.us/my.php?image=unbenannt2cy9.jpg |
Thank you for your reply Labyrnth
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Apr 24, 2007 1:16 pm Post subject: |
|
|
Well, you should give up on this and second you dont have the address in both windows in memview, But it doesnt matter now because it is WOW.
You are wasting your time looking.
|
|
| Back to top |
|
|
Zephir
Newbie cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 13
|
| Posted: Tue Apr 24, 2007 1:32 pm Post subject: |
|
|
| i know that people managed to get those pointers. one of them is the maker of glider (however i would never say that i am as good as he is) and the other is one on the autoit forums. however he does not want to release his way of getting the data, because it is so hard...
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Apr 24, 2007 1:53 pm Post subject: |
|
|
In autoit, all they are doing is reading memory from a static address.
This helps the script to be a little smarter by knowing when certain things happen that will make the script run at the correct time.
Example of some autoit used to read memory so it can perform a function for Pinball:
It is no secrete really. So the guy is just misunderstood or he doesnt want to release source to his code.
================================================
| Code: | $Process = WinGetProcess($title_b, "")
$Mem_Players = "01028234"
$Mem_Balls_p1 = "00C4AE9E"
$Mem_Score_p1 = "00C4AEBA" |
|
|
| Back to top |
|
|
Zephir
Newbie cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 13
|
| Posted: Tue Apr 24, 2007 2:48 pm Post subject: |
|
|
i am familiar with AIv3
and i know how the functions work. but one dude wrote a bot for wow which is based on mem reading.... no pixel detection no more...
anyhow, i appreciate ur effort very much. too sad you are the only one on this forum willing to help a newb... 
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Tue Apr 24, 2007 2:56 pm Post subject: |
|
|
Thats what im talking about sir, reading memory with autoit.
Here is a complete script reading memory from pinball.
Now you right about the address's you need to find static address's to do this. Only drawback of this is when the game is patched the address's will need to be found again because of the patch "if it effected the file that held the address".
I think he is using coords that are in memory to work the bot.
Not sure how good it will be, but it would have to be programmed to the map your on. But hey anything is better then grinding hours on end to gain levels.
Thats good you are familiar with AIv3, you should have a good understanding of how this script works, so you can get to work.
| Code: | #NoTrayIcon
#include <GUIConstants.au3>
;#include <memory2.au3>
;#include <string.au3>
Opt("WinTitleMatchMode", 4)
$title = "Pinball, Space Cadet | Trainer by kris"
$title_a = 0
$title_b = "Pinball, Space Cadet | Trainer by kris"
$Process = WinGetProcess($title_b, "")
$Score_p1 = 0
$freeze_score_p1 = 0
$Score_p1_freeze_on = 0
$Score_p1_freeze_c1 = 0
$Balls_p1 = 0
$Players = 0
$Score_p1_Read = 0
$CheatMode = 0
$Not_running = 1
$loop = 0
$Mem_Players = "01028234"
$Mem_Balls_p1 = "00C4AE9E"
$Mem_Balls_p1_offset = 0
$Mem_Score_p1 = "00C4AEBA"
GUICreate("Pinball Space Cadet Trainer", 390, 335, -1, -1)
Opt("GUIOnEventMode", 1)
GUISetOnEvent($GUI_EVENT_CLOSE, "Quit")
;GUISetOnEvent($GUI_EVENT_MINIMIZE, "SpecialEvents")
;GUISetOnEvent($GUI_EVENT_RESTORE, "SpecialEvents")
;Options
;Opt("GUICoordMode",1)
;Opt("GUIResizeMode", 1)
$menu1 = GUICtrlCreateMenu("Start")
$menu1_item1 = GUICtrlCreateMenuitem("Launch game", $menu1)
GUICtrlSetOnEvent(-1, "game")
$menu1_item1 = GUICtrlCreateMenuitem("Exit", $menu1)
GUICtrlSetOnEvent(-1, "Quit")
GUICtrlCreateButton("Enable/Disable Cheat Mode", 12, 290, 160, 20)
GUICtrlSetOnEvent(-1, "CheatMode")
GUICtrlCreateButton("About", 184, 290, 90, 20)
GUICtrlSetOnEvent(-1, "About")
GUICtrlCreateButton("Exit", 290, 290, 90, 20)
GUICtrlSetOnEvent(-1, "Quit")
GUICtrlCreateLabel("players:", 10, 10, 40, 15)
GUICtrlCreateGroup("Player 1", 10, 30, 370, 70)
GUICtrlCreateLabel("ball nr:", 20, 70, 50, 15)
GUICtrlCreateLabel("score:", 20, 50, 40, 15)
$label_Players = GUICtrlCreateLabel($Players, 60, 10, 50, 15)
$Label_p1_Score = GUICtrlCreateLabel($Score_p1, 65, 50, 140, 15)
$Label_p1_Balls = GUICtrlCreateLabel($Balls_p1, 65, 70, 140, 15)
$Input_p1_Score_edit = GUICtrlCreateInput($Score_p1, 200, 38, 140, 20, $ES_NUMBER)
$Button_p1_Score_set = GUICtrlCreateButton("Set", 345, 58, 30, 15)
;GUICtrlSetOnEvent(-1, "Score_p1_Write")
$Button_p1_Score_freeze = GUICtrlCreateButton("Freeze", 325, 50, 30, 15)
GUICtrlDelete($Input_p1_Score_edit)
GUICtrlDelete($Button_p1_Score_set)
GUICtrlDelete($Button_p1_Score_freeze)
$Input_p1_Balls_edit = GUICtrlCreateInput($Balls_p1, 200, 58, 140, 20, $ES_NUMBER)
$Button_p1_Balls_set = GUICtrlCreateButton("Set", 345, 78, 30, 15)
;GUICtrlSetOnEvent(-1, "Balls_p1_Write")
$Button_p1_Balls_freeze = GUICtrlCreateButton("Freeze", 325, 50, 30, 15)
GUICtrlDelete($Input_p1_Balls_edit)
GUICtrlDelete($Button_p1_Balls_set)
GUICtrlDelete($Button_p1_Balls_freeze)
Func game()
If $Process = -1 Then
Run(@HomeDrive & "\Program Files\Windows NT\Pinball\PINBALL.EXE", @HomeDrive & "\Program Files\Windows NT\Pinball")
EndIf
EndFunc ;==>game
Func Quit()
;Select
;Case @GUI_CTRLID = $GUI_EVENT_CLOSE
If WinExists($title_b) Then WinSetTitle($title_b, "", $title)
Exit
;Case @GUI_CTRLID = $GUI_EVENT_MINIMIZE
;Case @GUI_CTRLID = $GUI_EVENT_RESTORE
;EndSelect
EndFunc ;==>Quit
Func About()
GUISetState(@SW_HIDE)
MsgBox(0, "3D Pinball Space Cadet Trainer", "A creation by Kris" & @CRLF & "Tested on Windows XP Media Center" & @CRLF & "For more information or help e-mail:" & @CRLF & "[email protected]")
GUISetState(@SW_SHOW)
EndFunc ;==>About
Func CheatMode()
If $CheatMode = 0 Then
If $Process = -1 Then
MsgBox(0, "3D Pinball Space Cadet Trainer", " Please start the game")
Else
$CheatMode = 1
EndIf
If $CheatMode = 1 Then
$Not_running = 0
$Input_p1_Score_edit = GUICtrlCreateInput($Score_p1, 170, 48, 120, 20, $ES_NUMBER)
$Button_p1_Score_set = GUICtrlCreateButton("Set", 295, 50, 30, 15)
GUICtrlSetOnEvent(-1, "Score_p1_Write")
$Button_p1_Score_freeze = GUICtrlCreateButton("Freeze", 325, 50, 50, 15)
GUICtrlSetOnEvent(-1, "Score_p1_Freeze")
$Input_p1_Balls_edit = GUICtrlCreateInput("Not working yet", 170, 68, 120, 20, $ES_NUMBER) ;$Balls_p1
$Button_p1_Balls_set = GUICtrlCreateButton("Set", 295, 70, 30, 15)
GUICtrlSetOnEvent(-1, "Balls_p1_Write")
$Button_p1_Balls_freeze = GUICtrlCreateButton("Freeze", 325, 70, 50, 15)
EndIf
ElseIf $CheatMode = 1 Then
GUICtrlDelete($Input_p1_Score_edit)
GUICtrlDelete($Button_p1_Score_set)
GUICtrlDelete($Button_p1_Score_freeze)
GUICtrlDelete($Input_p1_Balls_edit)
GUICtrlDelete($Button_p1_Balls_set)
GUICtrlDelete($Button_p1_Balls_freeze)
$CheatMode = 0
EndIf
EndFunc ;==>CheatMode
Func Read()
$M_open = _MemoryOpen($Process)
$Players = _MemoryRead($M_open, "0x" & $Mem_Players)
$Score_p1 = _MemoryRead($M_open, "0x" & $Mem_Score_p1)
;$Balls_p1 = _MemoryPointerRead($M_open, "0x" & "00C4AE9E", 0)
;$Balls_p1 = _MemoryRead($M_open, $Mem_Balls_p1)
$Balls_p1a = _MemoryRead($M_open, "0x" & $Mem_Balls_p1)
$Balls_p1b = '0x' & Hex($Balls_p1a + $Mem_Balls_p1_offset)
$Balls_p1 = _MemoryRead($M_open, $Balls_p1b)
_MemoryClose($M_open)
;$Players = Asc($Playersa)
;$Balls_p1 = Abs(Asc($Balls_p1a) - 3)
;$Score_p1 = Dec($Score_p1a)
;If StringLen ($Score_p1a) > 6 Then
; $Score_p1 = _StringInsert ($Score_p1a, "___", 2)
;Else
; $Score_p1 = $Score_p1a
;EndIf
EndFunc ;==>Read
Func Score_p1_Write()
If $Score_p1_freeze_c1 = 1 Then
$Score_p1_Read = $freeze_score_p1
$Score_p1_freeze_c1 = 0
ConsoleWrite($freeze_score_p1 & @CR)
Else
$Score_p1_Read = GUICtrlRead($Input_p1_Score_edit)
EndIf
$M_open = _MemoryOpen($Process)
_MemoryWrite($M_open, "0x" & $Mem_Score_p1, "0x" & Hex($Score_p1_Read))
_MemoryClose($M_open)
$freeze_score_p1 = $Score_p1_Read
EndFunc ;==>Score_p1_Write
Func Balls_p1_Write()
$Balls_p1_Read = GUICtrlRead($Input_p1_Balls_edit)
$M_open = _MemoryOpen($Process)
$Balls_p1a = _MemoryRead($M_open, "0x" & $Mem_Balls_p1)
$Balls_p1b = '0x' & Hex($Balls_p1a + $Mem_Balls_p1_offset)
_MemoryWrite($M_open, $Balls_p1b, "0x" & Hex($Balls_p1_Read))
;_MemoryWrite($M_open, "0x" & $Mem_Balls_p1, "0x" & Hex($Balls_p1_Read))
_MemoryClose($M_open)
EndFunc ;==>Balls_p1_Write
Func Score_p1_Freeze()
If $Score_p1_freeze_on = 0 Then
$freeze_score_p1 = $Score_p1
$Score_p1_freeze_on = 1
Else
$Score_p1_freeze_on = 0
EndIf
ConsoleWrite($Score_p1_freeze_on & @CR)
EndFunc ;==>Score_p1_Freeze
GUISetState(@SW_SHOW)
While 1
$Process = WinGetProcess($title_b, "")
If WinExists("3D Pinball") Then
$title = WinGetTitle("3D Pinball")
WinSetTitle($title, "", $title_b)
EndIf
;$loop += 1
;If $loop = 10 Then
Read()
; $loop = 0
;EndIf
GUICtrlSetData($label_Players, $Players)
GUICtrlSetData($Label_p1_Score, $Score_p1)
GUICtrlSetData($Label_p1_Balls, $Balls_p1)
If $Process = -1 And $Not_running = 0 Then
CheatMode()
$Not_running = 1
EndIf
If $Score_p1_freeze_on = 1 Then
If $CheatMode = 0 Then $Score_p1_freeze_on = 0
If $Score_p1 <> $freeze_score_p1 Then
$Score_p1_freeze_c1 = 1
Score_p1_Write()
EndIf
EndIf
Sleep(300)
WEnd
#Region MEM
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1)
If Not ProcessExists($iv_Pid) Then
SetError(1)
Return 0
EndIf
Local $ah_Handle[2] = [DllOpen('kernel32.dll') ]
If @error Then
SetError(2)
Return 0
EndIf
Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid)
If @error Then
DllClose($ah_Handle[0])
SetError(3)
Return 0
EndIf
$ah_Handle[1] = $av_OpenProcess[0]
Return $ah_Handle
EndFunc ;==>_MemoryOpen
Func _MemoryRead($ah_Handle, $iv_Address, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
EndIf
DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Local $v_Value = DllStructGetData($v_Buffer, 1)
Return $v_Value
Else
SetError(6)
Return 0
EndIf
EndFunc ;==>_MemoryRead
Func _MemoryWrite($ah_Handle, $iv_Address, $v_Data, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
Else
DllStructSetData($v_Buffer, 1, $v_Data)
If @error Then
SetError(6)
Return 0
EndIf
EndIf
DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Return 1
Else
SetError(7)
Return 0
EndIf
EndFunc ;==>_MemoryWrite
Func _MemoryClose($ah_Handle)
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
If Not @error Then
DllClose($ah_Handle[0])
Return 1
Else
DllClose($ah_Handle[0])
SetError(2)
Return 0
EndIf
EndFunc ;==>_MemoryClose
#endregion
|
|
|
| Back to top |
|
|
Zephir
Newbie cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 13
|
| Posted: Tue Apr 24, 2007 7:16 pm Post subject: |
|
|
Thanks for your reply.
Just found static addresses for my X/Y position and my rotation. as well as some other side infos. still cant get to my HPs... Blizzard did a good job on that one^^
Thank you for your code. However for some reason the Memory Reading Funcs wont work with me. I had tried 3 others before. seems to be some conflict between AIv3 and my OS (German). I am using the latest beta (April 2007) Those mem funcs seem to only work with English users
now this is the point where you tell me that you are not British/American to give me hope and the will to look for a solution. if i get those mem func to work... my bot is done
Big thanks to you again! :
Edit:
you use NomadMemory Script on this example dont you? this is what i tried it with just a couple of hours ago... dosnt work. I tried to find whats wrong.
My script opens the process (_MemoryOpen works),
it also tries to read the value from the address i want to read. however it always returns 0. and the stupid thing is: @error is also set to 0 which means... NO ERROR ^^ i am confused. but i believe this is not the place to discuss au3 issues, right? i posted this problem on the au3 forums and hope to get help soon. if you can help, feel free to do so 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
