|
|
|
Выполните сканирование памяти в pilot с помощью readmem, Perform memory scan using readmem() |
|
|
neves |
4.12.2020, 17:01
|
Novice
Сообщений: 64
Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0
Пользователь №: 19.419
Возраст: 19
|
Hi, guys. I am trying to find a memory address which I want to manipulate. The only thing I know is the initial value of the memory address -> 349.3998718 , "F". I know you would suggest me, to find the offsets of the memory address, but this game have updates every week and all offsets changes. (IMG: style_emoticons/default/sad.gif) My idea is to perform a memory scan similar to the CE scanning. I already tried something, but I think I'm on the wrong way. First I tried to find the base address of the process, then I started reading address by address, each time increasing the memory address. Here is what I tried: Код local workwinpd = workwindow() local base_address = relativeaddress2absolute("game.exe" , workwinpd) local i = 0 while readmem(dec2hex(base_address + dec2hex(i)),"F","game.exe") ~= 349.3998718 do i = i + 4 log(readmem(dec2hex(base_address + dec2hex(i)),"F","game.exe")) end This code prints some values, but it's really slow! ~60 scans per second. CE's scan is extremely fast, when I write the value immediately shows the address. Also I am not sure if I find the base address correctly. How to perform a memory scan in pilot, similar to CE's scan?Have anyone tried to complete such task in the pilot using readmem()? Is there any other way doing this, without readmem?
|
|
|
|
neves |
5.12.2020, 23:03
|
Novice
Сообщений: 64
Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0
Пользователь №: 19.419
Возраст: 19
|
Цитата(DarkMaster @ 4.12.2020, 18:30) Readmem is rly slow becouse it have some sins from old syntax. Try to use that code for read float. https://forum.uokit.com/index.php?s=&sh...st&p=437715Works good and it's much more faster than readmem(). ~600 addresses per second But is this actually the fastest possible memory reading in the pilot? Код local base_address = dec2hex(relativeaddress2absolute("game.exe" , workwinpd)) local i = 0 while readmemory(base_address + dec2hex(i)) ~= 97.799652 do i = i + 2 end local address = dec2hex(base_address + dec2hex(i)) log(address)
|
|
|
|
cirus |
21.12.2020, 3:52
|
Elder
Сообщений: 3.480
Регистрация: 18.8.2014 Группа: Пользователи Наличность: 26707
Пользователь №: 16.971
Возраст: 29
|
find memory rounding float
Код --lua local ffi = require("ffi")
local PROCESS_VM_READ = 0x0010 local PROCESS_VM_WRITE = 0x0020 local PROCESS_VM_OPERATION = 0x0008 local PROCESS_QUERY_INFORMATION = 0x0400 local MEM_COMMIT = 0x1000 local MEM_PRIVATE = 0x20000 local TRUE = true local C = ffi.C
ffi.cdef[[ typedef unsigned short WORD; typedef unsigned long DWORD; typedef const void* LPCVOID; typedef bool BOOL; typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; } DUMMYSTRUCTNAME;} DUMMYUNIONNAME; DWORD dwPageSize; DWORD lpMinimumApplicationAddress; DWORD lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO, *LPSYSTEM_INFO; typedef struct _MEMORY_BASIC_INFORMATION { DWORD BaseAddress; DWORD AllocationBase; DWORD AllocationProtect; DWORD RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; void GetSystemInfo(LPSYSTEM_INFO lpSystemInfo); DWORD VirtualQueryEx(int hProcess, DWORD lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, DWORD dwLength); int OpenProcess(DWORD dwDesiredAccess, BOOL bInheritint, DWORD dwProcessId); BOOL CloseHandle(int hObject); BOOL ReadProcessMemory(int hProcess, int lpBaseAddress, void *lpBuffer, int nSize, int *lpNumberOfBytesRead); ]]
function findmemory_f(data) if workwindow() == 0 then log ('Нет привязки к окну\r\nNo binding to the window') return nil, -1 end
local result = {} local count = 0 local prc = C.OpenProcess(bit.bor(PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_VM_OPERATION, PROCESS_QUERY_INFORMATION), TRUE, workwindowpid()) if prc ~= 0 then local si = ffi.new('SYSTEM_INFO') local mbi = ffi.new('MEMORY_BASIC_INFORMATION') C.GetSystemInfo(si) local start_address = si.lpMinimumApplicationAddress local end_address = si.lpMaximumApplicationAddress
while start_address < end_address do C.VirtualQueryEx(prc, start_address, mbi, ffi.sizeof(mbi)) if mbi.Type == MEM_PRIVATE and mbi.State == MEM_COMMIT then local array = ffi.new('float[?]', mbi.RegionSize/4) if C.ReadProcessMemory(prc, mbi.BaseAddress, array, mbi.RegionSize, nil) then for i=0, mbi.RegionSize/4-1 do if math.floor(array[i]) == math.floor(data) then result[#result+1] = string.format("0x%x", mbi.BaseAddress+i*4) count = count + 1 end end end end start_address = start_address + mbi.RegionSize end C.CloseHandle(prc) else log('Процесс не открылся\r\nThe process did not open') end
if count == 0 then return nil, 0 end return result, count end
log 'clear' log 'mode compact'
local addr, count = findmemory_f(84380) -- search float hint ( count ) if count > 0 then for i=1, count do log(addr[i]) end end
|
|
|
|
neves |
22.12.2020, 2:30
|
Novice
Сообщений: 64
Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0
Пользователь №: 19.419
Возраст: 19
|
Цитата(cirus @ 21.12.2020, 2:52) find memory rounding float
Код --lua local ffi = require("ffi")
local PROCESS_VM_READ = 0x0010 local PROCESS_VM_WRITE = 0x0020 local PROCESS_VM_OPERATION = 0x0008 local PROCESS_QUERY_INFORMATION = 0x0400 local MEM_COMMIT = 0x1000 local MEM_PRIVATE = 0x20000 local TRUE = true local C = ffi.C
ffi.cdef[[ typedef unsigned short WORD; typedef unsigned long DWORD; typedef const void* LPCVOID; typedef bool BOOL; typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; } DUMMYSTRUCTNAME;} DUMMYUNIONNAME; DWORD dwPageSize; DWORD lpMinimumApplicationAddress; DWORD lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO, *LPSYSTEM_INFO; typedef struct _MEMORY_BASIC_INFORMATION { DWORD BaseAddress; DWORD AllocationBase; DWORD AllocationProtect; DWORD RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; void GetSystemInfo(LPSYSTEM_INFO lpSystemInfo); DWORD VirtualQueryEx(int hProcess, DWORD lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, DWORD dwLength); int OpenProcess(DWORD dwDesiredAccess, BOOL bInheritint, DWORD dwProcessId); BOOL CloseHandle(int hObject); BOOL ReadProcessMemory(int hProcess, int lpBaseAddress, void *lpBuffer, int nSize, int *lpNumberOfBytesRead); ]] function findmemory_f(data) if workwindow() == 0 then log ('Нет привязки к окну\r\nNo binding to the window') return nil, -1 end
local result = {} local count = 0 local prc = C.OpenProcess(bit.bor(PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_VM_OPERATION, PROCESS_QUERY_INFORMATION), TRUE, workwindowpid()) if prc ~= 0 then local si = ffi.new('SYSTEM_INFO') local mbi = ffi.new('MEMORY_BASIC_INFORMATION') C.GetSystemInfo(si) local start_address = si.lpMinimumApplicationAddress local end_address = si.lpMaximumApplicationAddress
while start_address < end_address do C.VirtualQueryEx(prc, start_address, mbi, ffi.sizeof(mbi)) if mbi.Type == MEM_PRIVATE and mbi.State == MEM_COMMIT then local array = ffi.new('float[?]', mbi.RegionSize/4) if C.ReadProcessMemory(prc, mbi.BaseAddress, array, mbi.RegionSize, nil) then for i=0, mbi.RegionSize/4-1 do if math.floor(array[i]) == math.floor(data) then result[#result+1] = string.format("0x%x", mbi.BaseAddress+i*4) count = count + 1 end end end end start_address = start_address + mbi.RegionSize end C.CloseHandle(prc) else log('Процесс не открылся\r\nThe process did not open') end
if count == 0 then return nil, 0 end return result, count end log 'clear' log 'mode compact'
local addr, count = findmemory_f(84380) -- search float hint ( count ) if count > 0 then for i=1, count do log(addr[i]) end end That's perfect! Thank you, cirus.
|
|
|
|
|
|
1 чел. читают эту тему (гостей: 1, скрытых пользователей: 0)
Пользователей: 0
|
|