Code:
#RequireAdmin
SetPrivilege("SetDebugPrivilege", 1)
#include <nomadMemory.au3>
Global $searchString = "4621" ;the value I am searching for (x offset although this may be wrong its an example)
Global $numOffsetsToSearch = 100;
Global $PID
Global $sModule = "MemoryMan.dll"
Global $StaticOffset
Global $openmem
$PID = ProcessExists("swtor.exe")
If $PID == 0 Then
MsgBox(4096,"Error","SWTOR not running!",3)
Return
EndIf
$openmem = _MemoryOpen($PID)
If @error Then
Return
EndIf
Local $Offset[1]
$Offset[0] = 0 ; Is ALWAYS 0.
$StaticOffset = Dec("27E8C")
$baseADDR = _MemoryModuleGetBaseAddress($PID, $sModule)
MsgBox(0, "Base address", "Base:" & $baseADDR)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
MsgBox(0, "Final address", "Final:" & $finalADDR)
$i = 0
While $i < $numOffsetsToSearch
$r = _MemoryRead("0x" & Hex($baseADDR+ $i),$openmem)
If $r == 0 Then
;ignore 0 values completely
Else
If $r == $searchString Then
MsgBox(0, "Found it! @ i(base + distance):" & $i & " val:" & $r)
Else
MsgBox(0, "value of i", "i:" & $i & " val:" & $r)
EndIf
EndIf
$i = $i+1
WEnd
$r = _MemoryRead($r + 0x798,$openmem)
$r = _MemoryRead($r + 0x504,$openmem)
$r = _MemoryRead($r + 0x14,$openmem)
$r = _MemoryRead($r + 0x8,$openmem)
$r = _MemoryRead($r + 0x40,$openmem, "float")
ConsoleWrite("Pointer Value:" & $r & @CRLF)
;MsgBox(0, "value of r", "r val:" & $r)
;=================================================================================================
; Function: _MemoryModuleGetBaseAddress($iPID, $sModule)
; Description: Found this on the internets, seems to open up a DLL running within a process and
; gets the base offset?
; Parameter(s): $PID - process id
; $sModule String representing the name of the DLL (not entireley sure)
; Requirement(s): The $ah_Handle returned from _MemoryOpen.
; Return Value(s): On Success - Returns the destination address.
; On Failure - Returns 0.
; Author(s): Unknown
; Note(s): This is NOT my code, and im not even sure if its what is required
;=================================================================================================
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
;**
;=================================================================================================
; Function: SetPrivilege( $privilege, $bEnable )
; Description: Found this on the internets
; Parameter(s): $PID - process id
; Author(s): Unknown
; Note(s): This is NOT my code, and im not even sure if its what is required
;=================================================================================================
Func SetPrivilege( $privilege, $bEnable )
Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020
Const $MY_TOKEN_QUERY = 0x0008
Const $MY_SE_PRIVILEGE_ENABLED = 0x0002
Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
$nTokens = 1
$LUID = DLLStructCreate("dword;int")
If IsArray($privilege) Then $nTokens = UBound($privilege)
$TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
$SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _
"int",BitOR($MY_TOKEN_ADJUST_PRIVILEGES,$MY_TOKEN_QUERY),"int*",0)
If $SP_auxret[0] Then
$hToken = $SP_auxret[3]
DLLStructSetData($TOKEN_PRIVILEGES,1,1)
$nTokenIndex = 1
While $nTokenIndex <= $nTokens
If IsArray($privilege) Then
$priv = $privilege[$nTokenIndex-1]
Else
$priv = $privilege
EndIf
$ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _
"ptr",DLLStructGetPtr($LUID))
If $ret[0] Then
If $bEnable Then
DLLStructSetData($TOKEN_PRIVILEGES,2,$MY_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
Else
DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
EndIf
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
DLLStructSetData($LUID,1,0)
DLLStructSetData($LUID,2,0)
EndIf
$nTokenIndex += 1
WEnd
$ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _
"ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _
"ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
$f = DLLCall("kernel32.dll","int","GetLastError")
EndIf
$NEWTOKEN_PRIVILEGES=0
$TOKEN_PRIVILEGES=0
$LUID=0
If $SP_auxret[0] = 0 Then Return 0
$SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
If Not $ret[0] And Not $SP_auxret[0] Then Return 0
return $ret[0]
EndFunc ;==>SetPrivilege
NomadMemory.au3 can be found here: