Выполните сканирование памяти в pilot с помощью readmem


			Помощь Поиск Пользователи Календарь Правила

Здравствуйте, гость ( Вход | Регистрация )

UoKit.com Форумы > Кликер > UO Pilot

ОБЩИЕ ПРАВИЛА ФОРУМА

Выполните сканирование памяти в pilot с помощью readmem, Perform memory scan using readmem()

Опции

neves	4.12.2020, 17:01 Сообщение #1
Novice Сообщений: 64 Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0 Пользователь №: 19.419 Возраст: 19	Hi, guys. I am trying to find a memory address which I want to manipulate. The only thing I know is the initial value of the memory address -> 349.3998718 , "F". I know you would suggest me, to find the offsets of the memory address, but this game have updates every week and all offsets changes. (IMG:style_emoticons/default/sad.gif) My idea is to perform a memory scan similar to the CE scanning. I already tried something, but I think I'm on the wrong way. First I tried to find the base address of the process, then I started reading address by address, each time increasing the memory address. Here is what I tried: Код local workwinpd = workwindow() local base_address = relativeaddress2absolute("game.exe" , workwinpd) local i = 0 while readmem(dec2hex(base_address + dec2hex(i)),"F","game.exe") ~= 349.3998718 do i = i + 4 log(readmem(dec2hex(base_address + dec2hex(i)),"F","game.exe")) end This code prints some values, but it's really slow! ~60 scans per second. CE's scan is extremely fast, when I write the value immediately shows the address. Also I am not sure if I find the base address correctly. How to perform a memory scan in pilot, similar to CE's scan? Have anyone tried to complete such task in the pilot using readmem()? Is there any other way doing this, without readmem?

DarkMaster	4.12.2020, 18:30 Сообщение #2
Модератор UOPilot Сообщений: 9.465 Регистрация: 2.12.2008 Группа: Супермодераторы Наличность: 27680 Пользователь №: 11.279	Readmem is rly slow becouse it have some sins from old syntax. Try to use that code for read float. https://forum.uokit.com/index.php?s=&sh...st&p=437715 -------------------- Скрипты UOPilot под заказ. Консультации по UOpilot 15$/час. Услуги Lua разработчика (не пилот, проекты, постоянка) Disсоrd: Kov____

neves	5.12.2020, 23:03 Сообщение #3
Novice Сообщений: 64 Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0 Пользователь №: 19.419 Возраст: 19	Цитата(DarkMaster @ 4.12.2020, 18:30) Readmem is rly slow becouse it have some sins from old syntax. Try to use that code for read float. https://forum.uokit.com/index.php?s=&sh...st&p=437715 Works good and it's much more faster than readmem(). ~600 addresses per second But is this actually the fastest possible memory reading in the pilot? Код local base_address = dec2hex(relativeaddress2absolute("game.exe" , workwinpd)) local i = 0 while readmemory(base_address + dec2hex(i)) ~= 97.799652 do i = i + 2 end local address = dec2hex(base_address + dec2hex(i)) log(address)

cirus	5.12.2020, 23:29 Сообщение #4
Elder Сообщений: 3.480 Регистрация: 18.8.2014 Группа: Пользователи Наличность: 26702 Пользователь №: 16.971 Возраст: 29	Цитата But is this actually the fastest possible memory reading in the pilot? Не нужно каждый раз открывать и закрывать процесс, это занимает много времени. Открыть процесс, поиск в памяти, закрыть процесс. Цитата OpenProcess while ReadProcessMemory end CloseHandle Цитата i = i + 2 float 4 bytes.

neves	6.12.2020, 2:36 Сообщение #5
Novice Сообщений: 64 Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0 Пользователь №: 19.419 Возраст: 19	Цитата(cirus @ 5.12.2020, 23:29) Не нужно каждый раз открывать и закрывать процесс, это занимает много времени. Открыть процесс, поиск в памяти, закрыть процесс. float 4 bytes. Спасибо.

cirus	21.12.2020, 3:52 Сообщение #6
Elder Сообщений: 3.480 Регистрация: 18.8.2014 Группа: Пользователи Наличность: 26702 Пользователь №: 16.971 Возраст: 29	find memory rounding float Код --lua local ffi = require("ffi") local PROCESS_VM_READ = 0x0010 local PROCESS_VM_WRITE = 0x0020 local PROCESS_VM_OPERATION = 0x0008 local PROCESS_QUERY_INFORMATION = 0x0400 local MEM_COMMIT = 0x1000 local MEM_PRIVATE = 0x20000 local TRUE = true local C = ffi.C ffi.cdef[[ typedef unsigned short WORD; typedef unsigned long DWORD; typedef const void* LPCVOID; typedef bool BOOL; typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; } DUMMYSTRUCTNAME;} DUMMYUNIONNAME; DWORD dwPageSize; DWORD lpMinimumApplicationAddress; DWORD lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO, LPSYSTEM_INFO; typedef struct _MEMORY_BASIC_INFORMATION { DWORD BaseAddress; DWORD AllocationBase; DWORD AllocationProtect; DWORD RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION, PMEMORY_BASIC_INFORMATION; void GetSystemInfo(LPSYSTEM_INFO lpSystemInfo); DWORD VirtualQueryEx(int hProcess, DWORD lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, DWORD dwLength); int OpenProcess(DWORD dwDesiredAccess, BOOL bInheritint, DWORD dwProcessId); BOOL CloseHandle(int hObject); BOOL ReadProcessMemory(int hProcess, int lpBaseAddress, void lpBuffer, int nSize, int lpNumberOfBytesRead); ]] function findmemory_f(data) if workwindow() == 0 then log ('Нет привязки к окну\r\nNo binding to the window') return nil, -1 end local result = {} local count = 0 local prc = C.OpenProcess(bit.bor(PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_VM_OPERATION, PROCESS_QUERY_INFORMATION), TRUE, workwindowpid()) if prc ~= 0 then local si = ffi.new('SYSTEM_INFO') local mbi = ffi.new('MEMORY_BASIC_INFORMATION') C.GetSystemInfo(si) local start_address = si.lpMinimumApplicationAddress local end_address = si.lpMaximumApplicationAddress while start_address < end_address do C.VirtualQueryEx(prc, start_address, mbi, ffi.sizeof(mbi)) if mbi.Type == MEM_PRIVATE and mbi.State == MEM_COMMIT then local array = ffi.new('float[?]', mbi.RegionSize/4) if C.ReadProcessMemory(prc, mbi.BaseAddress, array, mbi.RegionSize, nil) then for i=0, mbi.RegionSize/4-1 do if math.floor(array[i]) == math.floor(data) then result[#result+1] = string.format("0x%x", mbi.BaseAddress+i*4) count = count + 1 end end end end start_address = start_address + mbi.RegionSize end C.CloseHandle(prc) else log('Процесс не открылся\r\nThe process did not open') end if count == 0 then return nil, 0 end return result, count end log 'clear' log 'mode compact' local addr, count = findmemory_f(84380) -- search float hint ( count ) if count > 0 then for i=1, count do log(addr[i]) end end

neves	22.12.2020, 2:30 Сообщение #7
Novice Сообщений: 64 Регистрация: 4.10.2019 Группа: Пользователи Наличность: 0 Пользователь №: 19.419 Возраст: 19	Цитата(cirus @ 21.12.2020, 2:52) find memory rounding float Код --lua local ffi = require("ffi") local PROCESS_VM_READ = 0x0010 local PROCESS_VM_WRITE = 0x0020 local PROCESS_VM_OPERATION = 0x0008 local PROCESS_QUERY_INFORMATION = 0x0400 local MEM_COMMIT = 0x1000 local MEM_PRIVATE = 0x20000 local TRUE = true local C = ffi.C ffi.cdef[[ typedef unsigned short WORD; typedef unsigned long DWORD; typedef const void* LPCVOID; typedef bool BOOL; typedef struct _SYSTEM_INFO { union { DWORD dwOemId; struct { WORD wProcessorArchitecture; WORD wReserved; } DUMMYSTRUCTNAME;} DUMMYUNIONNAME; DWORD dwPageSize; DWORD lpMinimumApplicationAddress; DWORD lpMaximumApplicationAddress; DWORD dwActiveProcessorMask; DWORD dwNumberOfProcessors; DWORD dwProcessorType; DWORD dwAllocationGranularity; WORD wProcessorLevel; WORD wProcessorRevision; } SYSTEM_INFO, LPSYSTEM_INFO; typedef struct _MEMORY_BASIC_INFORMATION { DWORD BaseAddress; DWORD AllocationBase; DWORD AllocationProtect; DWORD RegionSize; DWORD State; DWORD Protect; DWORD Type; } MEMORY_BASIC_INFORMATION, PMEMORY_BASIC_INFORMATION; void GetSystemInfo(LPSYSTEM_INFO lpSystemInfo); DWORD VirtualQueryEx(int hProcess, DWORD lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, DWORD dwLength); int OpenProcess(DWORD dwDesiredAccess, BOOL bInheritint, DWORD dwProcessId); BOOL CloseHandle(int hObject); BOOL ReadProcessMemory(int hProcess, int lpBaseAddress, void lpBuffer, int nSize, int lpNumberOfBytesRead); ]] function findmemory_f(data) if workwindow() == 0 then log ('Нет привязки к окну\r\nNo binding to the window') return nil, -1 end local result = {} local count = 0 local prc = C.OpenProcess(bit.bor(PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_VM_OPERATION, PROCESS_QUERY_INFORMATION), TRUE, workwindowpid()) if prc ~= 0 then local si = ffi.new('SYSTEM_INFO') local mbi = ffi.new('MEMORY_BASIC_INFORMATION') C.GetSystemInfo(si) local start_address = si.lpMinimumApplicationAddress local end_address = si.lpMaximumApplicationAddress while start_address < end_address do C.VirtualQueryEx(prc, start_address, mbi, ffi.sizeof(mbi)) if mbi.Type == MEM_PRIVATE and mbi.State == MEM_COMMIT then local array = ffi.new('float[?]', mbi.RegionSize/4) if C.ReadProcessMemory(prc, mbi.BaseAddress, array, mbi.RegionSize, nil) then for i=0, mbi.RegionSize/4-1 do if math.floor(array[i]) == math.floor(data) then result[#result+1] = string.format("0x%x", mbi.BaseAddress+i*4) count = count + 1 end end end end start_address = start_address + mbi.RegionSize end C.CloseHandle(prc) else log('Процесс не открылся\r\nThe process did not open') end if count == 0 then return nil, 0 end return result, count end log 'clear' log 'mode compact' local addr, count = findmemory_f(84380) -- search float hint ( count ) if count > 0 then for i=1, count do log(addr[i]) end end That's perfect! Thank you, cirus.

« Предыдущая тема · UO Pilot · Следующая тема »

2 чел. читают эту тему (гостей: 2, скрытых пользователей: 0)

Пользователей: 0

Режим отображения: Стандартный · Переключить на: Линейный · Переключить на: Древовидный

Подписка на тему · Сообщить другу · Версия для печати · Подписка на этот форум

Текстовая версия | Версия для КПК

Сейчас: 19.4.2024, 5:00

Лицензия зарегистрирована на: UoKit.com