[Question] reading static address from cheat engine

[gononono64]

Okay, thing you should know:

-Im using cheat engine
-Im creating the program in autoit for fun and learning
-Im pretty good in autoit (its not really that hard:P)
-I know basics of olly
-Im a little too intimidated by IDA at this time
-Im in the middle of learning c++

So i can find a dynamic address using cheat engine (on wow) for my players hp.
After narrowing it down to 3 choices (1 being max health and the other 2 the amount of health you actually have) i decided to pick one of the 2 and scan its pointers (right clicking on the address and clicking "pointer scan for this address") after doing this bout 13 times i get a pointer (actually more like 11) that looks something like this :

Base Address: Wow.exe+00924720
offset1:38
offset2:24
offset3:9C
offset4:5C
offset5:48

So my questions are, what does Wow.exe equal? How would i go about finding what it equals? And how would i go about reading the memory with all of its offsets in autoit (or really any language)?

If you need more info, im sorry for not displaying it and i will be quick to answer.
Thank you all very much in advance

[JuJuBoSc]

It's the Wow.exe base address, just do little search here it was asked many time since 4.X

[gononono64]

would that be this by chance?: 0x1000

[Megamike55]

gononono64, no the address of wow.exe changes every time you run it. It is no longer always 0x400000 anymore ever since 4.0, unless of course you have ASLR turned off on your machine, which would be a silly thing to do.
I have never bothered with autoit, but heres a great link to solve your problem

Look at the function posted there called Func GETWOWBASEADDRESS()

-- Edit1:

The basic idea is to get a list of processes, find the one with the title "World of Warcraft", look at that processes modules, find the module named "wow.exe" and get that modules' address in memory.

-- Edit2:

The 0x1000 that you posted is not really important, since most offsets you find here or through Cheat Engine (I assume) are based to 0x1000 anyway. So just tack on the address of wow.exe and you are good to go. If you want an explanation of where the 0x1000 comes from, there is a good thread somewhere around here that explains it thoroughly.

[gononono64]

kk so i knew about the playerbase (wasnt sure how to find it... and im still kinda not sure but ill google it). But there is no way to use what i grabbed from cheat engine?

[Megamike55]

Your question doesn't really make any sense. What does the player base have to do with my post? I just linked a page with autoit code to grab the address of wow.exe in memory. Then you can use your values found in cheatengine...

I recommend googling around for a good example of a WOW memory reader (Written recently) and studying that to get a better understanding of what you need to be doing. The code on the page that I found earlier seems like it would give you a really good idea of what you need to be doing, even if the forum is in german (?) the code is in english. And it seems relatively up-to-date.

[gononono64]

i got a different link than what you posted in the update(?)... it started talking about the playerbase address... and how all object have... i dont know... im so lost... im going to look at the link (now updated?) and read that.

[Megamike55]

You must be watching this thread like a hawk. I did edit the link soon after my post, I thought I was fast enough but I guess not.

I have never programmed in autoit, but I can tell you a few things judging from the example code on that site.

1) You need to include a memory reading library. The ones used in that example code are <Memory.au3> and <NomadMemory.au3>, it seems
2) You need to initialize the memory reader with a line such as this one:
$wow = _MemoryOpen(WinGetProcess("World of Warcraft"))
3) You need to run the function GETWOWBASEADDRESS to grab the address of wow.exe in memory. Go ahead and set that value to a variable like $WowBase. You will need it for all of the memory reading you do.
4) You need to read from memory like this:
Global Const $ADDRIWANTTOREAD = 0x00924720
_MemoryRead("0x" & hex($WowBase + $ADDRIWANTTOREAD), $wow, "dword")

Replace "dword" to match whatever it is you are trying to read.
Never used autoit, but this is what I would assume and try first.
Hope it helps.

Cheers.

Edit: 2) and 3) were switched. Fixed.

[gononono64]

wow you are awesome thank you.... i get the idea behind it now. But getting that wowbase is a little confusing. I kinda get what its doing (basically checking the you process for wow.exe then getting the memory based on that) but it seems complicated so i will try and learn more and keep googling

[gononono64]

Okay... so i did more searching... and apparently there was a function the whole time in a newer nomad file allowing me to get the base address... except that i am getting and error with it. The error being "Failed to find correct allocation address."

This is my code (sloppy as it is because im just testing):

Code:

#include <NomadMemory.au3>
#include <Misc.au3>

SetPrivilege("SeDebugPrivilege", 1)
$Wow_process = _MemoryOpen(ProcessExists("Wow.exe"))

If @error Then
	MsgBox(0,"Error", "could not find wow.exe")
	exit
EndIf

$wow_Base = _MemoryGetBaseAddress($Wow_process,0)
If @error Then
	MsgBox(0,"", @error)
	EndIf

;Camera distance vars
Const $sPtr_Camera =0x990C28 + $wow_Base ;second address changes
Const $oCamera1 =0x7f48
Const $oCamera2 =0x100
;End

;_Get_Cam_Dist()


Func _Get_Cam_Dist()
$sPtr_Camera1 = _MemoryRead($sPtr_Camera, $Wow_process,'ptr')
$sPtr_Camera1 = _MemoryRead($sPtr_Camera1 + $oCamera1, $Wow_process,'ptr')
$sPtr_Camera1 = _MemoryRead($sPtr_Camera1 + $oCamera2, $Wow_process,'float')
ConsoleWrite("You camera distance is: " & $sPtr_Camera1 & @CRLF)
EndFunc

and this is nomad:

Code:

#include-once
#region _Memory
;=================================================================================================
; AutoIt Version:    3.1.127 (beta)
; Language:            English
; Platform:            All Windows
; Author:            Nomad
; Requirements:        These functions will only work with beta.
;=================================================================================================
; Credits:    wOuter - These functions are based on his original _Mem() functions.  But they are
;            easier to comprehend and more reliable.  These functions are in no way a direct copy
;            of his functions.  His functions only provided a foundation from which these evolved.
;=================================================================================================
;
; Functions:
;
;=================================================================================================
; Function:            _MemoryOpen($iv_Pid(, $iv_DesiredAccess(, $iv_InheritHandle)))
; Description:        Opens a process and enables all possible access rights to the process.  The
;                    Process ID of the process is used to specify which process to open.  You must
;                    call this function before calling _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):        $iv_Pid - The Process ID of the program you want to open.
;                    $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which enables all
;                                        possible access rights to the process specified by the
;                                        Process ID.
;                    $if_InheritHandle - (optional) If this value is TRUE, all processes created by
;                                        this process will inherit the access handle.  Set to TRUE
;                                        (1) by default.  Set to 0 if you want it to be FALSE.
; Requirement(s):    A valid process ID.
; Return Value(s):     On Success - Returns an array containing the Dll handle and an open handle to
;                                 the specified process.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                             1 = Invalid $iv_Pid.
;                             2 = Failed to open Kernel32.dll.
;                             3 = Failed to open the specified process.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1)

    If Not ProcessExists($iv_Pid) Then
        SetError(1)
        Return 0
    EndIf

    Local $ah_Handle[2] = [DllOpen('kernel32.dll')]

    If @Error Then
        SetError(2)
        Return 0
    EndIf

    Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid)

    If @Error Then
        DllClose($ah_Handle[0])
        SetError(3)
        Return 0
    EndIf

    $ah_Handle[1] = $av_OpenProcess[0]

    Return $ah_Handle

EndFunc

;=================================================================================================
; Function:            _MemoryRead($iv_Address, $ah_Handle(, $sv_Type))
; Description:        Reads the value located in the memory address specified.
; Parameter(s):        $iv_Address - The memory address you want to read from. It must be in hex
;                                  format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $sv_Type - (optional) The "Type" of value you intend to read.  This is set to
;                                'dword'(32bit(4byte) signed integer) by default.  See the help file
;                                for DllStructCreate for all types.
;                                An example: If you want to read a word that is 15 characters in
;                                length, you would use 'char[16]'.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns the value located at the specified address.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                             1 = Invalid $ah_Handle.
;                             2 = $sv_Type was not a string.
;                             3 = $sv_Type is an unknown data type.
;                             4 = Failed to allocate the memory needed for the DllStructure.
;                             5 = Error allocating memory for $sv_Type.
;                             6 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):            Values returned are in Decimal format, unless specified as a 'char' type, then
;                    they are returned in ASCII format.  Also note that size ('char[size]') for all
;                    'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    Local $v_Buffer = DllStructCreate($sv_Type)

    If @Error Then
        SetError(@Error + 1)
        Return 0
    EndIf

    DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

    If Not @Error Then
        Local $v_Value = DllStructGetData($v_Buffer, 1)
        Return $v_Value
    Else
        SetError(6)
        Return 0
    EndIf

EndFunc

;=================================================================================================
; Function:            _MemoryWrite($iv_Address, $ah_Handle, $v_Data(, $sv_Type))
; Description:        Writes data to the specified memory address.
; Parameter(s):        $iv_Address - The memory address you want to write to.  It must be in hex
;                                  format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $v_Data - The data to be written.
;                    $sv_Type - (optional) The "Type" of value you intend to write.  This is set to
;                                'dword'(32bit(4byte) signed integer) by default.  See the help file
;                                for DllStructCreate for all types.
;                                An example: If you want to write a word that is 15 characters in
;                                length, you would use 'char[16]'.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns 1
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                             1 = Invalid $ah_Handle.
;                             2 = $sv_Type was not a string.
;                             3 = $sv_Type is an unknown data type.
;                             4 = Failed to allocate the memory needed for the DllStructure.
;                             5 = Error allocating memory for $sv_Type.
;                             6 = $v_Data is not in the proper format to be used with the "Type"
;                                 selected for $sv_Type, or it is out of range.
;                             7 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):            Values sent must be in Decimal format, unless specified as a 'char' type, then
;                    they must be in ASCII format.  Also note that size ('char[size]') for all
;                    'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    Local $v_Buffer = DllStructCreate($sv_Type)

    If @Error Then
        SetError(@Error + 1)
        Return 0
    Else
        DllStructSetData($v_Buffer, 1, $v_Data)
        If @Error Then
            SetError(6)
            Return 0
        EndIf
    EndIf

    DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

    If Not @Error Then
        Return 1
    Else
        SetError(7)
        Return 0
    EndIf

EndFunc

;=================================================================================================
; Function:            _MemoryClose($ah_Handle)
; Description:        Closes the process handle opened by using _MemoryOpen().
; Parameter(s):        $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns 1
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                             1 = Invalid $ah_Handle.
;                             2 = Unable to close the process handle.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryClose($ah_Handle)

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf

    DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
    If Not @Error Then
        DllClose($ah_Handle[0])
        Return 1
    Else
        DllClose($ah_Handle[0])
        SetError(2)
        Return 0
    EndIf

EndFunc

;=================================================================================================
; Function:            _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset(, $sv_Type))
; Description:        Reads a chain of pointers and returns an array containing the destination
;                    address and the data at the address.
; Parameter(s):        $iv_Address - The static memory address you want to start at. It must be in
;                                  hex format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                 offset.  If there is no offset for a pointer, enter 0 for that
;                                 array dimension. (Offsets must be in decimal format, NOT hex!)
;                    $sv_Type - (optional) The "Type" of data you intend to read at the destination
;                                 address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                 default.  See the help file for DllStructCreate for all types.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns an array containing the destination address and the value
;                                 located at the address.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                             1 = $av_Offset is not an array.
;                             2 = Invalid $ah_Handle.
;                             3 = $sv_Type is not a string.
;                             4 = $sv_Type is an unknown data type.
;                             5 = Failed to allocate the memory needed for the DllStructure.
;                             6 = Error allocating memory for $sv_Type.
;                             7 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):            Values returned are in Decimal format, unless a 'char' type is selected.
;                    Set $av_Offset like this:
;                    $av_Offset[0] = NULL (not used)
;                    $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                    $av_Offset[2] = Offset for pointer 2
;                    etc...
;                    (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')

    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf

    Local $iv_Data[2], $i
    Local $v_Buffer = DllStructCreate('dword')

    For $i = 0 to $iv_PointerCount

        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @Error Then
                SetError(@Error + 2)
                Return 0
            EndIf

            $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        Else
            $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf

            $iv_Data[1] = DllStructGetData($v_Buffer, 1)

        EndIf

    Next

    $iv_Data[0] = $iv_Address

    Return $iv_Data

EndFunc

;=================================================================================================
; Function:            _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data(, $sv_Type))
; Description:        Reads a chain of pointers and writes the data to the destination address.
; Parameter(s):        $iv_Address - The static memory address you want to start at. It must be in
;                                  hex format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                 process as returned by _MemoryOpen().
;                    $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                 offset.  If there is no offset for a pointer, enter 0 for that
;                                 array dimension.
;                    $v_Data - The data to be written.
;                    $sv_Type - (optional) The "Type" of data you intend to write at the destination
;                                 address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                 default.  See the help file for DllStructCreate for all types.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns the destination address.
;                    On Failure - Returns 0.
;                    @Error - 0 = No error.
;                             1 = $av_Offset is not an array.
;                             2 = Invalid $ah_Handle.
;                             3 = Failed to read from the specified process.
;                             4 = $sv_Type is not a string.
;                             5 = $sv_Type is an unknown data type.
;                             6 = Failed to allocate the memory needed for the DllStructure.
;                             7 = Error allocating memory for $sv_Type.
;                             8 = $v_Data is not in the proper format to be used with the
;                                 "Type" selected for $sv_Type, or it is out of range.
;                             9 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):            Data written is in Decimal format, unless a 'char' type is selected.
;                    Set $av_Offset like this:
;                    $av_Offset[0] = NULL (not used, doesn't matter what's entered)
;                    $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                    $av_Offset[2] = Offset for pointer 2
;                    etc...
;                    (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword')

    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf

    Local $iv_StructData, $i
    Local $v_Buffer = DllStructCreate('dword')

    For $i = 0 to $iv_PointerCount
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @Error Then
                SetError(@Error + 3)
                Return 0
            EndIf

            DllStructSetData($v_Buffer, 1, $v_Data)
            If @Error Then
                SetError(8)
                Return 0
            EndIf

            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(9)
                Return 0
            Else
                Return $iv_Address
            EndIf
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf

            $iv_StructData = DllStructGetData($v_Buffer, 1)

        Else
            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf

            $iv_StructData = DllStructGetData($v_Buffer, 1)

        EndIf
    Next

EndFunc


;==================================================================================
; Function:            SetPrivilege( $privilege, $bEnable )
; Description:        Enables (or disables) the $privilege on the current process
;                   (Probably) requires administrator privileges to run
;
; Author(s):        Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
;==================================================================================

Func SetPrivilege( $privilege, $bEnable )
    Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
    Const $TOKEN_QUERY = 0x0008
    Const $SE_PRIVILEGE_ENABLED = 0x0002
    Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
    $nTokens = 1
    $LUID = DLLStructCreate("dword;int")
    If IsArray($privilege) Then    $nTokens = UBound($privilege)
    $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
    $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
            "int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int*",0)
    If $SP_auxret[0] Then
        $hToken = $SP_auxret[3]
        DLLStructSetData($TOKEN_PRIVILEGES,1,1)
        $nTokenIndex = 1
        While $nTokenIndex <= $nTokens
            If IsArray($privilege) Then
                $ntokenvar=$ntokenindex-1
                $priv = $privilege[$ntokenvar]
            Else
                $priv = $privilege
            EndIf
            $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
                    "ptr",DLLStructGetPtr($LUID))
            If $ret[0] Then
                If $bEnable Then
                    DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
                Else
                    DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
                EndIf
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
                DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
                DLLStructSetData($LUID,1,0)
                DLLStructSetData($LUID,2,0)
            EndIf
            $nTokenIndex += 1
        WEnd
        $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
                "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
                "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
        $f = DLLCall("kernel32.dll","int","GetLastError")
    EndIf
    $NEWTOKEN_PRIVILEGES=0
    $TOKEN_PRIVILEGES=0
    $LUID=0
    If $SP_auxret[0] = 0 Then Return 0
    $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
    If Not $ret[0] And Not $SP_auxret[0] Then Return 0
    return $ret[0]
EndFunc  ;==>SetPrivilege

;===================================================================================================

; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                               process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                       |0 = Hex (Default)
;                       |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                  |1 = Invalid $ah_Handle.
;                  |2 = Failed to find correct allocation address.
;                  |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
;===================================================================================================

Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0)

    Local $iv_Address = 0x00100000
    Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $vData
    Local $vType

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf


    DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))

    If Not @Error Then

        $vData = Hex(DllStructGetData($v_Buffer, 2))
        $vType = Hex(DllStructGetData($v_Buffer, 3))

        While $vType <> "00000080"
            DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
            $vData = Hex(DllStructGetData($v_Buffer, 2))
            $vType = Hex(DllStructGetData($v_Buffer, 3))
            If Hex($iv_Address) = "01000000" Then ExitLoop
            $iv_Address += 65536

        WEnd

        If $vType = "00000080" Then
            SetError(0)
            If $iHexDec = 1 Then
                Return Dec($vData)
            Else
                Return $vData
            EndIf

        Else
            SetError(2)
            Return 0
        EndIf

    Else
        SetError(3)
        Return 0
    EndIf

EndFunc   ;==>_MemoryGetBaseAddress

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local   $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

#endregion

[xx3fb]

Good ,it helped me a lot !

[gononono64]

Okay but what is going wrong in my code?... anyone know?

[amadmonk]

There's yer problem:

Local $iv_Address = 0x00100000

Hard-coded assumption about the process base. The library function is invalid.

And no, I won't fix it for you.

[gononono64]

Gah im so confused... I wish i knew more about dlls and memory...there is just not a lot for autoit and the autoit forum does not allow any type of game haxing XD GAH!!!!!!!!!! *is frustrated*

[killermiller]

Try to learn things on your own instead of blindingly complaining! Autoit might not be the best choice for "game haxing" but the problem definitely isn't Autoit, it is you. If you wish to know more about DLLs and memory just go and ****ing learn please! I have been lurking in these forums for god knows how long, but haven't said anything because I am simply trying to learn on my own, not get handouts.

And I fail, I fail spectacularly, I don't think I managed to create a single useful thing through all my dabblings in memory editing, but I know that is because I never took the time and put in the effort to actually sit down and learn everything I need to, or spend enough time to achieve my goals. That is why I don't post, because I know I haven't got the experience to contribute much so I try to do some more research and take everything one step at a time.

This might be my first post, mostly because I never had anything useful to say and I still don't have anything useful to say, but I just felt the need to just tell it like it is.
Stop whining, either sit down and try to do some work, shut up and wait for handouts or get out and don't waste anyones time.

Thank you