[newbie guide] How to (not) get values from memory

[zdud]

I know this is a guide, but it's only related to memory reading, so I'm putting it here. If anyone feels the need to move this to the other section.. go ahead
I learnt all this looking at source codes and reading lots and lots of stuff on this and other forums.

I found this post and thought I would shed some light on those memory newbies:

TITLE: a simple gold read

Code:

#include <NomadMemory.au3>
Opt("WinTitleMatchMode", -1)
SetPrivilege("SeDebugPrivilege", 1)
$D3Exefile = "Diablo III.exe"
$list = ProcessList()
for $i = 1 to $list[0][0]
        if $list[$i][0] = $D3Exefile Then
                Global $ProcessID = $list[$i][1]
                ExitLoop
        EndIf
next
Local $d3 = _MemoryOpen($ProcessID)
If @Error Then
        MsgBox(4096, "ERROR", "Failed to open memory for process;" & $ProcessID)
    Exit
 EndIf

;read player gold amount
$gold = _MemoryRead(0x35B08E88,$d3)
MsgBox(0,"",$gold)

This doesn't work. It worked for him, at that time, but not anymore.

I've seen similar stuff on one of my programming classes:
Exercise: "Create a program that given 2 numbers prints their sum on the screen. example:

Code:

input a number: 3
input another number: 2
the sum is 5

There are many ways to do that program, the right one would be a program that would ask the user to input 2 numbers, store them, sum them and show them back at the user.
What some elements on the programming class did was this:

Code:

printf("input a number: 3");
printf("input another number: 2");
printf("the sum is 5");

they just printed the example on the screen.

And they are not totally wrong, it works, but only for the numbers 3 and 2

That is a similar thing he got there. It worked, but only for him, only at that time when he extracted the values.
Memory on the computer is constantly being written and overwritten, if you start diablo 3 and your gold is at position 0x123456AB in memory, probably, if you close d3 and start it again it would be at 0x16274532 in memory. it's totally random for values like gold, hp, item stats, etc.

Then how do people get gold value? and current character position?
There is a way to be sure that you get the right value: pointer chains. Pointer chains works like this:
you have a static address in memory of something (that static address is always the same, does not change if you close and re-open d3)
you read the value in that address as an unsigned integer and you find out that that value is a new memory address (we just found a pointer)
you see where that value leads to, you add some value, like 0x8F4 and you find your value (or if you don't find your value just yet, you keep following pointers and adding values to them, called offsets)
note: 0x8f4 is an example number, not a magic number that works every time.

for instance if you want to get the list of all the RActors (things from chests to mobs) you would need to get the ObjectManager static address.
From there you follow it (that static address is a pointer).
when you arrive at the new memory address, you add an offset (to get you to the beginning of the RActors container).
when you get there you have some data pretty well organized. you get a lot of info there on whats to come: the array of RActors.
on a determinate offset (not telling any specific offsets because the purpose it telling how it works, not mouthfeed you the pointers) you get the amount of ractors at that moment.
on another offset you get the size of a single ractor
on another offset you get the pointer to the first position on the RActors array.

from there it's simple:
to get the RActor at position 6, you calculate <1st position> + <single ractor size> * 6
from there you just read a number of bytes equal to <single ractor size> and you got yourself the info about a RActor.

of course, that is just numbers and more numbers, now you should leech or find out by yourself what is what (if it's a name, a pointer to something, a counter, an ID of some kind, a position...).


I've attached an image so you can get a visual idea of what I just wrote (don't you dare say my paint skills are not awesome

To conclude, looking at the image, you see that everything is relative in that image, the only values are offsets. If say the value of the X (the first position in the RActors array) is 0x17354A3D when you find it, if you close the game and re-open it (leaving and re-starting diablo, not just hitting resume game) it can be in some other totally random place like 0x14EC3A61.

note on the image: the offsets I put in there are NOT THE REAL OFFSETS, just some random numbers to explain how stuff works.

if you want to get the REAL VALUES that WORK EVERY TIME you should find some static address and then add offsets and follow pointers from there till you get your value, close and re-open the game and if you can get the value by the same method you are done (note that if you are trying to access a value that is in an array, you may have to consider the possibility of it being in another position in the same array )

If you want a living example of this, then go to unknowned's topic (http://www.ownedcore.com/forums/diab...rsion-2-a.html ([AutoIt] Diablo 3 Click To Move, Interaction, Actor Handling. (Version 2))) and study the source code.

well, if you have any questions, here is the place to ask