VB: Trying to create Memory Reading .dll for community, offsets being awkward!

[Lionhart280]

Alright so, short story is I've made some nice tools for other online MMORPGs in the past and really haven't been into them for a few years. I've gotten really into diablo 3 since release, and have decided to go about making a nice little library for fellow programmers who don't feel like digging down into deep memory editting and whatnot, and want a nice clean and crisp .dll of tools to keep their programs straightforward.

However, for some reason the offsets and pointers aren't really working for me properly in my program, and I can't figure out why, so I'm guessing Diablo III is using the offsets in a way thats a bit different from what I'm used to.

Here's the important parts of my code:

Code:

Private baseaddress As IntPtr

    Public Function GetProcessNames() As List(Of String)
        Dim Processes As Process() = Process.GetProcessesByName("Diablo III")
        If Processes.Length = 0 Then
            MsgBox("Diablo III not detected", MsgBoxStyle.OkOnly)
            Stop
        End If
        Dim names As List(Of String) = New List(Of String)

        For Each Process As Process In Processes
            Dim handle As IntPtr = Process.Handle
            baseaddress = Process.MainModule.BaseAddress

            Dim Pointer As String = "005F314C"
            Dim Offset As String = "8"
            Dim NameAddress As IntPtr = FindAddress(handle, Pointer, Offset)

            Dim namebuffer(31) As Byte
            ReadProcessMemory(handle, NameAddress, namebuffer, namebuffer.Length, Nothing)
            names.Add(System.Text.Encoding.ASCII.GetString(namebuffer))
        Next

        Return names
    End Function

    Private Function FindAddress(ByVal pHandle As IntPtr, ByVal Staticpointer As String, ByVal Offset As String) As IntPtr

        Dim buffer(3) As Byte
        Dim TrueAddress As IntPtr = Convert.ToInt32(Staticpointer, 16) + baseaddress

        ReadProcessMemory(pHandle, TrueAddress, buffer, 4, 0)
        TrueAddress = BitConverter.ToInt32(buffer, 0) + Convert.ToInt32(Offset, 16) <--------

        ReadProcessMemory(pHandle, TrueAddress, buffer, 4, 0)
        Return BitConverter.ToInt32(buffer, 0)

    End Function

However at the line I have the arrow at, the conversion gives me a giant negative int, and then when I try to read that memory I just get 0 0 0 0

As far as I remember my base address and stat pointer are fine, here's my output from cheatengine I used and the offsets it gave me.



Even if Im supposed to use all 4 offsets, the first one isn't even working let alone letting me keep going down the chain

Am I just missing something obvious here? Also when I just run this code:

Code:

            ReadProcessMemory(handle, Convert.ToInt32("08F62518", 16), namebuffer, namebuffer.Length, Nothing)
            names.Add(System.Text.Encoding.ASCII.GetString(namebuffer))

Where 08F62518 is the current memory location of my character's name, it outputs it nice and neat for me, so I know I imported ReadProcessMemory perfectly fine. :|

[iamclint]

looks like you are making it way harder than it has to be.

battle.net.dll+005f314c+8->34->244->60->F8=08f62518
or
readint(readint(readint(readint(readint(readint(battle.net.dll+005f314c)++34)+244)+60)+f=08f62518
readint(readint(readint(readint(readint(readint(readint(battle.net.dll+005f314c) ++34)+244)+60)+f)=integer value at this address as you can tell this can easily be put into a loop and make the function have a array param.

Example:

Code:

 Public Function readInt(ByVal address As integer, ByVal ParamArray offsets As integer()) As integer
            Dim retval As Integer = readInt(address)
            For Each i As integer In offsets
                retval = readInt(retval+ i)
            Next
            Return retval
end function

which now becomes

Code:

readint(battle.net.dll+005f314c, 8, 34, 244, 60, &hf8)

with battle.net.dll being the actual address

[Lionhart280]

So wait, are the offsets only in hex if they have letters or something? Because wouldn't I want to run readint(battle.net.dll+005f314c, &8, &34, &244, &60, &hf? Or is that my entire problem?

Edit also I wasn't really asking about the efficiency of my program, I understand I can recursively call the function. My point is Battle.net.dll+&005f314c is giving me a giant negative integer when I use bit converter on it.

Also your recursive function just never gets past line 1 and calls itself infinitely, need to add a base case, something like if offsets.length = 0 return Readaddress.

[Evozer]

1. Why are you using Strings for numbers? Aren't there any hex literals like 0x5F314C or something?
2. Are you sure the MainModule is actually battle.net.dll? Otherwise your baseaddress is wrong obviously
3. All offsets in cheat engines pointer scanner are in hex, don't worry about that

[Lionhart280]

1. Why are you using Strings for numbers? Aren't there any hex literals like 0x5F314C or something?
2. Are you sure the MainModule is actually battle.net.dll? Otherwise your baseaddress is wrong obviously
3. All offsets in cheat engines pointer scanner are in hex, don't worry about that

Ah yeah ok, I was using Diablo.exe instead of battle.net.dll, so I fixed it a bit. However my memory reading is still not returning anything however now I'm getting real memory points.

Edit: Ok I got it working now, here was my issue


I was dong battle.net.dll+&H5F314C -> +&H0 -> +&H528 -> &H484 -> +&H2A4 -> +&H38 -> Output

However at the very end, it's actually just the last offset I add that IS the address, not what it points to. So I actually found my character's name and then was trying to use that as a pointer since my loop went one step too far down the chain.

Seems to be working now, whoot!

New Code (anyone can feel free to use for their own programs if they wish, I'll make a tut later on how to use this code to hook your program onto a specific window so a user can have multiple accounts all hooked at once even if minimized.)

Code:

''' <summary>
    ''' Gets names of active character on all open Diablo 3 games.
    ''' </summary>
    ''' <returns>List of all active diablo 3 accounts running.</returns>
    ''' <remarks></remarks>
    Public Function GetProcessNames() As List(Of String)
        'Get list of all running Diablo 3 games.
        Dim Character As New Character
        Dim Processes As Process() = Process.GetProcessesByName("Diablo III")


        If Processes.Length = 0 Then ' Check if Diablo 3 is running.
            MsgBox("Diablo III not detected", MsgBoxStyle.OkOnly)
            Stop
        End If

        'Create empty list to fill with names.
        Dim names As List(Of String) = New List(Of String)

        'Start obtainng the active character name for each game running.
        For Each Process As Process In Processes
            names.Add(Character.name(Process))
        Next

        Return names
    End Function

    ''' <summary>
    ''' Gets the process ID of a Diablo III game by matching the character name
    ''' </summary>
    ''' <param name="CharacterName">Name of Character to find</param>
    ''' <returns>Id of active game containing that character</returns>
    ''' <remarks></remarks>
    Public Function GetProcessID(ByVal CharacterName) As Integer
        'Get list of all running Diablo 3 games.
        Dim Character As New Character
        Dim Processes As Process() = Process.GetProcessesByName("Diablo III")

        If Processes.Length = 0 Then ' Check if Diablo 3 is running.
            MsgBox("Diablo III not detected", MsgBoxStyle.OkOnly)
            Stop
        End If

        'Scan through games until you find matching one and return its ID
        For Each Process As Process In Processes
            If Character.name(Process) = CharacterName Then
                Return Process.Id
            End If
        Next

        Return 0
    End Function

#Region "Memory Editting"
    ''' <summary>
    ''' finds the baseaddress of the matching DLL
    ''' </summary>
    ''' <param name="ModuleList">List of modules located in Diablo.exe</param>
    ''' <param name="Matchname">Name of DLL to match</param>
    ''' <returns>Base Address of Matching DLL</returns>
    ''' <remarks></remarks>
    Private Function GetBaseAddress(ByVal ModuleList As ProcessModuleCollection, ByVal Matchname As String) As IntPtr
        For Each Address As ProcessModule In ModuleList
            If Address.ModuleName = Matchname Then
                Return Address.BaseAddress
            End If
        Next
        MsgBox("Unable to find base address of " + Matchname, MsgBoxStyle.OkOnly, "Couldn't find base address")
        Return 0
    End Function

    ''' <summary>
    ''' Finds the address from a pointer and its list of offsets
    ''' </summary>
    ''' <param name="pHandle">Handle of Diablo III Process</param>
    ''' <param name="Address">Address of Pointer to use</param>
    ''' <param name="Offsets">List of offsets to use wth pointer</param>
    ''' <returns>Address of searched item.</returns>
    ''' <remarks>Remember to add BaseAddress to Pointer!</remarks>
    Private Function ReadAddress(ByVal pHandle As IntPtr, ByVal Address As IntPtr, ByVal ParamArray Offsets As Integer()) As IntPtr
        Dim buffer(3) As Byte
        Dim TrueAddress As IntPtr = Address
        For Each offset As Integer In Offsets
            ReadProcessMemory(pHandle, TrueAddress, buffer, 4, 0)
            TrueAddress = BitConverter.ToInt32(buffer, 0)
            ReDim buffer(3)
            TrueAddress += offset
        Next
        Return TrueAddress
    End Function

#End Region

#Region "Classes"

    Public Class Character
        Private READER As New DReader
        Public Function name(ByVal Process As Process) As String
            'GetBaseAddress of battle.net.dll
            Dim baseaddress As IntPtr = READER.GetBaseAddress(Process.Modules, "battle.net.dll")
            'Get the memory address of where name is stored.
            Dim NameAddress As IntPtr = READER.ReadAddress(Process.Handle, &H5F314C + baseaddress, &H0, &H528, &H484, &H2A4, &H38)
            Dim namebuffer(120) As Byte
            ReadProcessMemory(Process.Handle, NameAddress, namebuffer, namebuffer.Length, Nothing)
            Return System.Text.Encoding.ASCII.GetString(namebuffer)
        End Function

    End Class
#End Region

However &H5F314C, &H0, &H528, &H484, &H2A4, &H38 stopped working so I guess I got a bad address, do we have a collection of the best working pointer addresses somewhere here? I see the offsets but Im not seeing pointer lists.

[iamclint]

well i wasn't 100% clear on my initial post
they are hex values and I was meaning another instance of the function readint only accepting an address so its not using recursion on itself

[Lionhart280]

Ok well I found a working pointer and set of offsets, so I can now find the active character name every time and hook onto the window.

However now I've run into a new problem, I can;t find any pointer for how much gold you have at all! My first scan for pointers returns thousands of results, but on reload not a single pointer is pointing to the new gold address at all, this one has completely stumped me. I tried seeing if there were any more pointers pointing to the pointers in an attempt to go up another level but I got nothing there. Whats going on here?