Auto IT : _MemoryWrite - HELP !

[yourahoe]

I have no idea how to make "_MemoryWrite() " work.. i've spent nearly 4 hours flipping on it upside down and then sideways but it just doesnt work =.= , you can see how desperate i become i even tried using the reading function x_X ..fml, pls help

Code:

        SetPrivilege("SetDebugPrivilege", 1)
        #include <NomadMemory.au3>
		#include <memmodulebaddr.au3>

        Global $PID
        Global $sModule = "MemoryMan.dll"
        Global $StaticOffset
        Global $openmem

        $PID = ProcessExists("Tutorial-i386.exe")
		;$openmem = _MemoryOpen($PID)

Global $Offset1[3]
$Offset1[0] = 0 ; Is ALWAYS 0.
$Offset1[1] = Dec("49c") ; 2nd pointr
$Offset1[2] = Dec("4") ; 1st pointr

;Step 2
$StaticOffset = Dec("6903C0")


	$baseADDR = _MemoryGetBaseAddress($PID)
	$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)

	$r = _MemoryRead($finaladdr,$openmem)
	$r = _MemoryRead($r + $Offset1[1],$openmem)
	$r = _MemoryRead($r + $Offset1[2],$openmem)
	$Write = _MemoryWrite($r, $openmem, 2000)

[yourahoe]

wow, noone? im pretty sure someone knows what im doing wrong =.=

[Deject3d]

wow, noone? im pretty sure someone knows what im doing wrong =.=

in the future, saying anything along the lines of " but it just doesnt work =.=" is useless.

describing exactly what is happening and the steps you've taken to fix it is far more valuable. you're also more likely to realize the problem yourself if you write down everything in a post.

the easier you make it to answer your question, the more likely you are to receive an answer.

personally, i think you just have no idea what you're doing and that no amount of help will truly satisfy you.

[yourahoe]

your argument is valid, and i shall be back with a more in-depth argument to support my case once all the information is gained - please be prepared to help in in the unfortunate case that i will not be able to help myself once ive understood what im supposed to.

[yourahoe]

"For the sake of the argument.."

Let's say that, for the sake of the argument and scientifical proof AND to lower the error margin, i will use two address debuggers.

One of them is "Cheat Engine" and the second being "MHS".

Asuming i've done step 1 to 9 in their amazing tutorial program-training, in "Cheat engine", i've then gained
the trust in myself as a "reverse engineer" to obtain the information to Read the desired memory location and then obtain the information located accordingly.
This includes multilevel pointers which includes more than 1 offset.

Having this knowledge I thought to myself that i should first learn to Read and Write memory in Auto-It as a reference to future programming, to see if it works if you will.

First step was google, google pointed me to this website; WoW Simple Player pointer and info Scanner... - Example Scripts - AutoIt Forums

There i obtained the "NomadMemory.au3" file and functions to ease my "project."
I then continued on to look for how to manipulate multi-level pointers and see how the offsets would
be coded into auto-it scripting langue; because, for instance, in "MHS", in order to read a multi-level pointer the address and offsets are lined accordingly:

*baseaddress, the green address if searched correctly. worth finding out 2 diferent memory scanners to make sure its the correct one.
Lets asume, for the sake of argument, that i've obtained a Base address and it took me 2 pointers, 2 offsets, to get there.
These were
Baseaddress: 0xBASEADRESS
Offset 0x04 (the first pointer, pointed me to the second pointer.)
Offset 0x49c (the second pointer, pointed me to the base address.)

MHS needs it to be setup like this to obtain the value at the Baseaddress
[[BaseAddress]+0x49c]+0x4 <- A constant address that leads to a value.


In Cheat engine, its a bit diferent. The engineer had decided for the program to be setup like this:

[offset]
[offset]
[baseaddress] -> Value

And so it was pretty obvious, i added the first offset i got at the top and the second offset after that and then the base address:

[04]
[49c]
[BASEADRESS] -> value


Alright ! That does work indeed.. the values are correct on both spots so with this in mind i then proceeded onto learning how to read the memory in Auto it.. and ofc the way its coded is new to me, never done auto it before.

One thing led to another and i ended up at ownedcore and found this thread:
http://www.ownedcore.com/forums/star...ue-memory.html

With that information i realized the code should be something like this:

Code:

	$StaticOffset = Dec("006903C0") ;base addr (green) was the same both times - this is the correct base addr..


Global $Offset1[3]
$Offset1[0] = 0 ; Is ALWAYS 0.
$Offset1[1] = Dec("49c") ; 2nd pointr
$Offset1[2] = Dec("4") ; 1st pointr

$baseADDR = _MemoryModuleGetBaseAddress($PID, $sModule)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)

$r = _MemoryRead($finaladdr,$openmem)
$r = _MemoryRead($r + $Offset1[1],$openmem)
$r = _MemoryRead($r + $Offset1[2],$openmem, "float")

Simple, clean and it works!


Now! To the _MemoryWrite() function .. oh shit, brace yourselves..
First thing first; google!

Best result: Cheat Engine :: View topic - [Tut] AutoIt 3 Memory Editing

Obtained information, "How to write memory with a Base address";
Func _Function()
$Write = _MemoryWrite($address, $hMemory, $value) ;Address must be in 0x00000000 format
EndFunc


So, accordingly to this post my function should look like this(With the same offset+Baseaddress as MemoryRead);
$Write = _MemoryWrite(0x006903C0, $openmem, "5000", "float")

Here's what I don't really understand, where exactly do i use my Offsets here? I'm pretty sure you need the offsets to create the original adress;
something in the lines of:
$Write = _MemoryWrite(((0x006903C0)+0x0000049c)+0x00000004, $openmem, "5000", "float")

I could also keep trying this all day, which i basically have because i cannot find a source anywhere which use a multilevel pointer ... atleast not as simple as it was finding MemoryRead, lol.

[Deject3d]

so you seem to understand how reading multi-level pointers works - you just need to apply that logic to the memorywrite. you must follow the chain of pointers and write to the final address.

something like:

Code:

$StaticOffset = Dec("006903C0") ;base addr (green) was the same both times - this is the correct base addr..


Global $Offset1[3]
$Offset1[0] = 0 ; Is ALWAYS 0.
$Offset1[1] = Dec("49c") ; 2nd pointr
$Offset1[2] = Dec("4") ; 1st pointr

$baseADDR = _MemoryModuleGetBaseAddress($PID, $sModule)
$finalADDR = "0x" & Hex($baseADDR + $StaticOffset)

$r = _MemoryRead($finaladdr,$openmem)
$r = _MemoryRead($r + $Offset1[1],$openmem)
$r = _MemoryWrite($r + $Offset1[2],$openmem, $data, type)

i am rusty so i could be wrong - but this seems like your issue. you have to follow the pointers until you know the final memory address you want to write to.

[yourahoe]

that works, thank you so much !

a new reverse engineer is born!


..alltho im taking math this year, so hopefully ill be born next summer ;o