Memory Hacking Software

[Ereb]

Ok I'm working on a Rappelz Epic 4 bot using your software and i can almost guarantee I'm gonna be asking a lot of questions cause i'm not the most intelegent coder, and I've only had experience with C++. So i'm going to start a thread here so I'm not making millions of threads for one project. Please bear with me i'm trying to learn this and my apologies if i get on anyone's nerves with the dumb questions.
Right now I'm trying to get a string value from a SFrame.exe and test if it is equal to a value.

EDIT: (Sorry changed code didn't realize i had a reply already)

so far this program has either crashed MHS or returned nothing.
i think it has to do with my pointers but i'm not positive.

[L. Spiro]

Code: Select all

void On_HK_2(){
   // Local buffer where the string will be stored.
   CHAR * pcBuffer = NULL;
   
   // Get the address of the variable in the target address.
   extern VOID * e_pvAddressInTarget = { "sframe.exe", 0x1E78763F };
   // We set use and assign its address as sframe.exe+0x1E78763F.  The value
   //   there is not really a VOID * type, but we are not actually using this
   //   extern variable.  We only create this extern variable because using
   //   the & (address-of) operator on it returns its address (in the target
   //   process) as a DWORD.
   
   // Copy it over (using &e_pvAddressInTarget to get the address in the target
   //   process).
   if ( !ExternStringToLocalString( &e_pvAddressInTarget, &pcBuffer ) ) {
      // Failed?
      PrintF( "Failed to copy the string from the target process to local space." );
      return;
   }
   // Copying worked so operate on it.
   if ( StrCmp( pcBuffer, "hello</SHADOW>" ) == 0 ) {
      // String matches, so print something.
      PrintF( "It worked!" );
   }
   else {
      // String did not match.
      PrintF( "It failed: %s", pcBuffer );
   }
   
   // Free the string.
   Free( pcBuffer );
}

BOOL ExternStringToLocalString( DWORD dwExternAddress, CHAR ** pcRet ) {
   // Make an external variable pointing to the source string.
   extern CHAR * e_pcExtern = { "", dwExternAddress };
   // Free the buffer where we are going to copy the string.
   Free( (*pcRet) );
   (*pcRet) = NULL;
   // Keep track of how many characters we copy into our buffer.
   DWORD dwLen = 0;
   DWORD I = 0;
   for ( ; e_pcExtern[I]; ++I ) {
      // If we are about to overflow our buffer, reallocate it to make it longer (by 0x10 characters).
      if ( I >= dwLen ) {
         // Make the string longer.
         CHAR * pcNew = ReAlloc( (*pcRet), dwLen + 0x10 );
         // If the allocation fails, handle it or MHS may crash.
         // But really this never happens.
         if ( !pcNew ) {
            Free( (*pcRet) );
            (*pcRet) = NULL;
            return FALSE;
         }
         // The allocation did not fail, so update our buffer and counter.
         (*pcRet) = pcNew;
         dwLen += 0x10;
      }
      
      // By this point the buffer is guaranteed to be large enough so copy the character
      //   from the target process to our buffer.
      (*pcRet)[I] = e_pcExtern[I];
   }
   // Copy the NULL character as well.
   (*pcRet)[I] = '\0';
   return TRUE;
}

The example shows how to print a string with PrintF().


sframe.exe + 0x1E78763F is not a valid address. This code will work when you supply a valid address for the target string.


L. Spiro

[Ereb]

Wow really fast reply ty. Gonna try this and post back

[Ereb]

Ok well i cant get the script to work and it is because i'm not really sure what the "correct" address would be . I've used MHS to find an address with the value i want but that address doesn't work when inserted. I guess i don't quite understand the extern variables very well and how MHS accesses them. I've looked through the help files and unfortunately they left me with more questions then answers. I am trying a much simpler code this time, just getting a value and printing it. I cant get this to work either.

With the following script i tried to mimic the workings of your minesweeper bot so i opened SFrame.exe and attempted this and it returns 0 or 1500 and never seems to change.

Code: Select all

void On_HK_1(){
     extern int target_health_external = {"SFrame.exe" , 0x364C079C};
     int target_healther_local = target_health_externel;
     PrintF("%d", target_health_local);





}



I'm sorry bout all the trouble its just so many new functions / syntax changes from C++,

[mezzo]

I could be wrong, but I believe "{"SFrame.exe" , 0x364C079C}" is a bit over
the top. Are you sure that the address you are using is relative to the SFrame.exe binary ?

Try it with:

Code: Select all

extern int target_health_external = {"" , 0x364C079C};

[Ereb]

Well that was so simple I'm kicking myself. Thanks for the quick answer. Think i figured out why the minesweeper bot example is different (and plz correct me if i'm wrong) is that the minesweeper bot was dealing with values that were defined within it's process's allocated memory. Thus why the memory address was so short because the prefix was the same for all of the values. Thankyou so much i should have beta 1 of the bot out by the end of the night.

[Ereb]

Ok i've got yet another question regarding strings. I have the address to a string and i want to use it "real time" in comparisons ... my current test function is this

Code: Select all

void test(){
     extern VOID * ptr_totargetaddress = {"", 0x14B9A2B0};
     char *target;
     target = ptr_totargetaddress;
     PrintF("%c", *target);
}


My apologies to L. Spiro if the script above does just this, but i wanted to make it shorter and if I'm not mistaken I'd have to call that function repeatedly to update the local variable

[L. Spiro]

Code: Select all

void On_HK_1(){
     extern int target_health_external = { "", 0x364C079C};
     PrintF("%d", target_health_external);
}

You do not need to copy it to a local variable; it is not a string. And I also removed the model name since that is part of your other problem.

Ok i've got yet another question regarding strings. I have the address to a string and i want to use it "real time" in comparisons ... my current test function is this

Code: Select all

void test(){
     extern VOID * ptr_totargetaddress = {"", 0x14B9A2B0};
     char *target;
     target = ptr_totargetaddress;
     PrintF("%c", *target);
}


My apologies to L. Spiro if the script above does just this, but i wanted to make it shorter and if I'm not mistaken I'd have to call that function repeatedly to update the local variable

You can not compare strings without copying them locally first.
You need to use ExternStringToLocalString() as written above.


L. Spiro

[Ereb]

I know this is getting rather repetitive but i've worked on this for the last few days and this is the one wall i can't seem to over come on my own. I have an address to a string (which i found in Cheat Engine "Text" search) that represents a target's name. I need to be able to use this locally to test if the target is a bot-trap and if there is a target at all. I've tried using the Script L. Spiro posted but when i use it, MHS crashes. This is what i have so far all it is supposed to do is retrieve the value of the current target at the address and print it.

Code: Select all

void On_HK_5(){
   // Local buffer where the string will be stored.
   CHAR * pcBuffer = NULL;
   
   // Get the address of the variable in the target address.
   extern VOID * e_pvAddressInTarget = { "", 0x146A0FD8 };
   // We set use and assign its address as sframe.exe+0x1E78763F.  The value
   //   there is not really a VOID * type, but we are not actually using this
   //   extern variable.  We only create this extern variable because using
   //   the & (address-of) operator on it returns its address (in the target
   //   process) as a DWORD.
   
   // Copy it over (using &e_pvAddressInTarget to get the address in the target
   //   process).
   if ( !ExternStringToLocalString( &e_pvAddressInTarget, &pcBuffer ) ) {
      // Failed?
      PrintF( "Failed to copy the string from the target process to local space." );
      return;
   }
   // Copying worked so operate on it.
   PrintF("%s", pcBuffer);
   
   // Free the string.
   Free( pcBuffer );
}

BOOL ExternStringToLocalString( DWORD dwExternAddress, CHAR ** pcRet ) {
   // Make an external variable pointing to the source string.
   extern CHAR * e_pcExtern = { "", dwExternAddress };
   // Free the buffer where we are going to copy the string.
   Free( (*pcRet) );
   (*pcRet) = NULL;
   // Keep track of how many characters we copy into our buffer.
   DWORD dwLen = 0;
   DWORD I = 0;
   for ( ; e_pcExtern[I]; ++I ) {
      // If we are about to overflow our buffer, reallocate it to make it longer (by 0x10 characters).
      if ( I >= dwLen ) {
         // Make the string longer.
         CHAR * pcNew = ReAlloc( (*pcRet), dwLen + 0x10 );
         // If the allocation fails, handle it or MHS may crash.
         // But really this never happens.
         if ( !pcNew ) {
            Free( (*pcRet) );
            (*pcRet) = NULL;
            return FALSE;
         }
         // The allocation did not fail, so update our buffer and counter.
         (*pcRet) = pcNew;
         dwLen += 0x10;
      }
     
      // By this point the buffer is guaranteed to be large enough so copy the character
      //   from the target process to our buffer.
      (*pcRet)[I] = e_pcExtern[I];
   }
   // Copy the NULL character as well.
   (*pcRet)[I] = '\0';
   return TRUE;
}


Again i know i'm probably missing something so insainly simple everyone will shake their heads in disappointment, but i will get the hang of it soon. thank you in advance and in retro-spec for all the help.

[L. Spiro]

I found some kind of bug in the language related to the for loop.

I will have to investigate this, but meanwhile you can use this code:

Code: Select all

BOOL ExternStringToLocalString( DWORD dwExternAddress, CHAR ** pcRet ) {
   // Make an external variable pointing to the source string.
   extern CHAR e_pcExtern[1] = { "", dwExternAddress };
   // Free the buffer where we are going to copy the string.
   Free( (*pcRet) );
   (*pcRet) = NULL;
   // Keep track of how many characters we copy into our buffer.
   DWORD dwLen = 0;
   CHAR cThis = 1;
   for ( DWORD I = 0; TRUE; I++ ) {
      // If we are about to overflow our buffer, reallocate it to make it longer (by 0x10 characters).
      if ( I >= dwLen ) {
         // Make the string longer.
         CHAR * pcNew = ReAlloc( (*pcRet), dwLen + 0x10 );
         // If the allocation fails, handle it or MHS may crash.
         // But really this never happens.
         if ( !pcNew ) {
            Free( (*pcRet) );
            (*pcRet) = NULL;
            return FALSE;
         }
         // The allocation did not fail, so update our buffer and counter.
         (*pcRet) = pcNew;
         dwLen += 0x10;
      }
      // By this point the buffer is guaranteed to be large enough so copy the character
      //   from the target process to our buffer.
      cThis = e_pcExtern[I];
      (*pcRet)[I] = cThis;
      if ( !cThis ) { return TRUE; }
      I++;
   }
}

This appears incorrect because it increases I twice, but for some reason the I++ in the for () is not being executed.
Later, when this is fixed, you will need to fix this code to not increase I twice.


L. Spiro

[Ereb]

ok well ty for the explaination but i don't think this quite fixed it. I gave the script the right address but it printed nothing so i put in some PrintF's to find where it is getting stuck.

Code: Select all

void On_HK_5(){
   PrintF("hello");
   // Local buffer where the string will be stored.
   CHAR * pcBuffer = NULL;
   
   // Get the address of the variable in the target address.
   extern VOID * e_pvAddressInTarget = { "", 0x0685D778 };
   // We set use and assign its address as sframe.exe+0x1E78763F.  The value
   //   there is not really a VOID * type, but we are not actually using this
   //   extern variable.  We only create this extern variable because using
   //   the & (address-of) operator on it returns its address (in the target
   //   process) as a DWORD.
   
   // Copy it over (using &e_pvAddressInTarget to get the address in the target
   //   process).
   if ( !ExternStringToLocalString( &e_pvAddressInTarget, &pcBuffer ) ) {
      // Failed?
      PrintF( "Failed to copy the string from the target process to local space." );
      return;
   }
   // Copying worked so operate on it.
   PrintF("%s", pcBuffer);
   
   // Free the string.
   Free( pcBuffer );
}

BOOL ExternStringToLocalString( DWORD dwExternAddress, CHAR ** pcRet ) {
   PrintF("This works");
   // Make an external variable pointing to the source string.
   extern CHAR e_pcExtern[1] = { "", dwExternAddress };
   // Free the buffer where we are going to copy the string.
   Free( (*pcRet) );
   (*pcRet) = NULL;
   // Keep track of how many characters we copy into our buffer.
   DWORD dwLen = 0;
   CHAR cThis = 1;
   PrintF("And This");
   for ( DWORD I = 0; TRUE; I++ ) {
      // If we are about to overflow our buffer, reallocate it to make it longer (by 0x10 characters).
      if ( I >= dwLen ) {
         // Make the string longer.
         PrintF("how about this");
         CHAR * pcNew = ReAlloc( (*pcRet), dwLen + 0x10 );
         // If the allocation fails, handle it or MHS may crash.
         // But really this never happens.
         if ( !pcNew ) {
            Free( (*pcRet) );
            (*pcRet) = NULL;
            return FALSE;
         }
         // The allocation did not fail, so update our buffer and counter.
         (*pcRet) = pcNew;
         dwLen += 0x10;
         PrintF("This worked");
      }
      // By this point the buffer is guaranteed to be large enough so copy the character
      //   from the target process to our buffer.
      cThis = e_pcExtern[I];
      (*pcRet)[I] = cThis;
      if ( !cThis ) { return TRUE; }
      I++;
      PrintF("Hello world");
   }
}


it prints all but the last "Hello world" so it is getting stuck in the loop still or for some reason is messed up I'm going to try a while loop version of the script and see if i can have any luck if i do i will post back

[L. Spiro]

MHS 5.001 has been released with the script fix that was causing this code problems.

The for loop is now completely stable and normal.
That was the last script-related bug.


L. Spiro

[Ereb]

Alright then the script works, but i do have a question. When i use the extern to local it seems to jumble the words abit, ie Orc Leader becomes O3cLa
e
and i'm guessing this has to do with unicode somehow but i'm unsure.

EDIT: solved this problem it was because of the second I++ i forgot to remove after the bug fix. Thank you for the help and i hope to have a working version of the bot out within the next couple of days.

[Ereb]

Well here is version beta 2... Still rather bugged and you need to insert the addresses manually. (working on static pointers atm)

http://www.filefactory.com/file/8ed099/ ... rm_Bot_zip

Rather prone to killing itself but the basics are working so it is expansions from here. enjoy

[Ereb]

First I'd like to thank L.Spiro and the community for bearing with me being such a noob coder. I've learned alot in the last month and honestly it all came from this forum and the MHS help file (sad i know but true).

Now i have what might be a repeat question but for the life of me i cant find a post that mentions this. I did find this http://www.memoryhacking.com/forums/viewtopic.php?t=1605 but the basic syntax hasn't worked for me.

My current test script looks like this

Code: Select all

extern DWORD Base = {"", 0xb2ee10};
DWORD PlayerStructAddress =  Base+0x68;
extern DWORD PlayerStruct = {"", PlayerStructAddress};
extern long player_health = {"", PlayerStruct + 0x18};

void print_player_health(){
     PrintF("%i",player_health);
}
void On_HK_5(){
     print_player_health();
}


Upon compile i recieve two errors

Code: Select all

ERROR: Line: 2 Code emition failed!
ERROR: Line: 2 Unable to set the initialization data for “extern” global “PlayerStructAddress” (error evaluating second initializer).


I'm assuming it has to do with how i entered the offset into the braces but it looks (to me) very much like the addresses in the post i mentioned above.