How would I setup my scripts to auto update memory addresses
Forum rules
This is a sub-forum for things specific to MicroMacro.
This is not the place to ask questions about the RoM bot, which uses MicroMacro. There is a difference.
This is a sub-forum for things specific to MicroMacro.
This is not the place to ask questions about the RoM bot, which uses MicroMacro. There is a difference.
How would I setup my scripts to auto update memory addresses
How would I setup my scripts to auto update memory addresses?
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
I'm not sure what you're asking. Are you talking about something like the update script for RoM that will automatically scan for the new addresses after a patch? Or do you just mean to update the pointers while the game is running?
Re: How would I setup my scripts to auto update memory addresses
OH sorry, I mean like the update script you use.
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
First, find the current static addresses. Next, use a debugger such as OllyDbg to find a constant (right click in CPU window, Search for->Constant). Search for the address.
You should be brought to something like this:
This is the code that moves the address (0x9693C0 in this example) into a register. 8B0D is, simply put, the MOV to ECX register command. What you're after here is creating a pattern from the surrounding bytes (that will usually not change unless they change that function in the game client).
The nearby ASM is as follows:
So you could use a pattern like:
0F 84 ?? ?? ?? ?? 8B 07 8B 0D ?? ?? ?? ?? 56 50
You use findPatternInProcess() to find the pattern in the executable. Once found, it's simple math. You will find the start of the pattern (0x5D7F67 in my example), so you just need to add a few bytes to get it to the location of the start of the actual address we need (0x5D7F71). There is a 10 byte difference, so just add 10 to the found location, and you now know the location of the address we want to read. Now, just memoryReadInt() it.
The actual patterns I used in the update script are slightly different than the above example, but you should be able to figure it out.
You should be brought to something like this:
Code: Select all
005D7F6F 8B0D C0939600 MOV ECX,DWORD PTR DS:[9693C0]
The nearby ASM is as follows:
Code: Select all
005D7F67 0F84 07040000 JE Client.005D8374
005D7F6D 8B07 MOV EAX,DWORD PTR DS:[EDI]
005D7F6F 8B0D C0939600 MOV ECX,DWORD PTR DS:[9693C0]
005D7F75 56 PUSH ESI
005D7F76 50 PUSH EAX
0F 84 ?? ?? ?? ?? 8B 07 8B 0D ?? ?? ?? ?? 56 50
You use findPatternInProcess() to find the pattern in the executable. Once found, it's simple math. You will find the start of the pattern (0x5D7F67 in my example), so you just need to add a few bytes to get it to the location of the start of the actual address we need (0x5D7F71). There is a 10 byte difference, so just add 10 to the found location, and you now know the location of the address we want to read. Now, just memoryReadInt() it.
The actual patterns I used in the update script are slightly different than the above example, but you should be able to figure it out.
Code: Select all
local charUpdatePattern = string.char(0x8B, 0x07, 0x8B, 0x0D, 0xFF, 0xFF, 0xFF, 0xFF, 0x56, 0x50, 0xE8);
local charUpdateMask = "xxxx????xxx";
local charUpdateOffset = 4;
function findOffsets()
local staticcharbase, staticmacrobase;
-- Find the character's static base
local found = findPatternInProcess(getProc(), getCharUpdatePattern(), getCharUpdateMask(), 0x550000, 0xA0000);
if( found == 0 ) then
error("Unable to find static char base pointer in module.", 0);
end
addresses.staticpattern_char = found;
addresses.staticbase_char = memoryReadInt(getProc(), found + getCharUpdateOffset());
if( addresses.staticbase_char == nil ) then
error("Found char pattern, but unable to read memory.\n");
end
-- Find the macro static base
local found = findPatternInProcess(getProc(), getMacroUpdatePattern(), getMacroUpdateMask(), 0x6F0000, 0xA0000);
if( found == 0 ) then
error("Unable to find static macro base pointer in module.", 0);
end
addresses.staticpattern_macro = found;
addresses.staticbase_macro = memoryReadInt(getProc(), found + getMacroUpdateOffset());
if( addresses.staticbase_macro == nil ) then
error("Found macro pattern, but unable to read memory.\n");
end
printf("addresses.staticbase_char: 0x%X\n", addresses.staticbase_char);
printf("addresses.staticbase_macro: 0x%X\n", addresses.staticbase_macro);
end
Re: How would I setup my scripts to auto update memory addre
Do I need to start adding the pattern from the JPE SHORT fff... all the way to the address i need or do i keep going down a few?
Code: Select all
03B85066 7A 69 JPE SHORT fff.03B850D1
03B85068 0300 ADD EAX,DWORD PTR DS:[EAX]
03B8506A 0000 ADD BYTE PTR DS:[EAX],AL
03B8506C 6203 BOUND EAX,QWORD PTR DS:[EBX]
03B8506E 0000 ADD BYTE PTR DS:[EAX],AL
03B85070 005D 55 ADD BYTE PTR SS:[EBP+55],BL
03B85073 47 INC EDI
03B85074 0000 ADD BYTE PTR DS:[EAX],AL
03B85076 0000 ADD BYTE PTR DS:[EAX],AL
03B85078 3F AAS ////////////////This is the address I need.///////////////////////
03B85079 0000 ADD BYTE PTR DS:[EAX],AL
03B8507B 0029 ADD BYTE PTR DS:[ECX],CH
03B8507D 5C POP ESP
03B8507E 8F ??? ; Unknown command
03B8507F 3F AAS
03B85080 0000 ADD BYTE PTR DS:[EAX],AL
03B85082 0000 ADD BYTE PTR DS:[EAX],AL
03B85084 0000 ADD BYTE PTR DS:[EAX],AL
03B85086 0000 ADD BYTE PTR DS:[EAX],AL
03B85088 0000 ADD BYTE PTR DS:[EAX],AL
03B8508A 0000 ADD BYTE PTR DS:[EAX],AL
Last edited by Exempt on Tue Nov 16, 2010 8:09 pm, edited 1 time in total.
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
You start wherever you want.Do I need to start adding the pattern from the JPE SHORT xenimus
I don't think so. There's no address in an AAS command. You're looking for a constant first.03B85078 3F AAS ////////////////This is the address I need.///////////////////////
Re: How would I setup my scripts to auto update memory addre
Edit: 03785078 is the address I need to read from in my script. Also this address has no pointers or anything like that, it's the address that never changes unless an updates to the game.
Edit: I'm having some trouble finding the correct address for this. The address I need it to find is 03785078.
Edit: I'm having some trouble finding the correct address for this. The address I need it to find is 03785078.
Code: Select all
printf("fff\n");
setStartKey(key.VK_DELETE);
setStopKey(key.VK_END);
function main()
myProc = openProcess( findProcess("fff") );
local HPPattern = string.char(0x3F, 0x00, 0x00, 0x00, 0x29, 0x5C, 0x8F, 0x3F);
local HPMask = "xxxxxxxx";
local HPAddress = findPatternInProcess(myProc, HPPattern, HPMask, 0x300000, 0x10000);
if( HPAddress == 0 ) then
printf("Failed to find the pattern in the process.\n");
end
printf("HP Adress: %d\n", HPAddress);
HP = memoryReadByte(myProc, HPAddress);
printf("HP Value: %d\n", HP);
running = false;
while(running) do
--curX = memoryReadInt(myProc, 0x02C85944); --My current X position
--curY = memoryReadInt(myProc, 0x0157D78C); --My current Y position
end
end
startMacro(main);
Last edited by Exempt on Tue Nov 16, 2010 8:10 pm, edited 1 time in total.
- 3cmSailorfuku
- Posts: 354
- Joined: Mon Jan 21, 2008 6:25 pm
Re: How would I setup my scripts to auto update memory addresses
Start the game a few times and make snapshots of the same stack area to find out which opcodes are dynamic and which not.Exempt wrote:Do I need to start adding the pattern from the JPE SHORT xenimus... all the way to the address i need or do i keep going down a few?
It's probably the easiest way to do this if you are unsure.
And yes, it doesn't matter where you start. You could take a point that is 200 lines/offsets away, aslong as the distance doesn't change of the adress you want.
Re: How would I setup my scripts to auto update memory addresses
Hm, I must be doing this wrong then. When i start OllyDBG this is what I see.
I go to Search -> Constant then I type in the address I need in the Hex Box which is 03785078.
After that it does nothing at all, it shows the exact same addressesas above.
I typed to Search for the memory Adress with Go To -> Expression -> Type in 03785078.
I get this...
I used 3F 00 00 00 29 5C 8F 3F in my pattern.
My full code is in the post above.
Code: Select all
77AE000D C3 RETN
77AE000E 90 NOP
77AE000F 90 NOP
77AE0010 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
77AE0014 F641 04 06 TEST BYTE PTR DS:[ECX+4],6
77AE0018 74 05 JE SHORT ntdll.77AE001F
77AE001A E8 411D0100 CALL ntdll.ZwTestAlert
After that it does nothing at all, it shows the exact same addressesas above.
I typed to Search for the memory Adress with Go To -> Expression -> Type in 03785078.
I get this...
Code: Select all
03B85078 3F AAS
03B85079 0000 ADD BYTE PTR DS:[EAX],AL
03B8507B 0029 ADD BYTE PTR DS:[ECX],CH
03B8507D 5C POP ESP
03B8507E 8F ??? ; Unknown command
03B8507F 3F AAS
03B85080 0000 ADD BYTE PTR DS:[EAX],AL
03B85082 0000 ADD BYTE PTR DS:[EAX],AL
Code: Select all
local HPPattern = string.char(0x3F, 0x00, 0x00, 0x00, 0x29, 0x5C, 0x8F, 0x3F);
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
You're not trying to find that address directly. You're trying to find code that references that address. If you need to search for a byte array, you need to do it in reverse order. That is, if your address is 0x12345678, you search 78 56 34 12.
It looks like you are using the address directly, too. You probably should have a base pointer (entry to struct) plus some offset instead. You'd need to search for the pointer to the struct; not the actual address.
It looks like you are using the address directly, too. You probably should have a base pointer (entry to struct) plus some offset instead. You'd need to search for the pointer to the struct; not the actual address.
Re: How would I setup my scripts to auto update memory addresses
Hm, It's not an array I'm looking for it's a 1 byte value for my HP in game (0-63).
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
Again, you are misunderstanding what I'm saying. If you are searching for 0x03785078 (the address you gave me), the byte order is going to be reversed in the binary, so you search for 78 50 78 03, not 03 78 50 78.
Re: How would I setup my scripts to auto update memory addresses
Alright, thats easy enough. Where do I search for that at exactly? When I tried searching for that value with the Search For -> Constant it would only search for 78. I'm still doing something wrong here.
I went to Search For -> Binary String and came to this...
What exactly do I put in the search box when i search for a constant?
I went to Search For -> Binary String and came to this...
Code: Select all
77B6F546 EB 07 JMP SHORT ntdll.77B6F54F
77B6F548 33C0 XOR EAX,EAX
77B6F54A 40 INC EAX
77B6F54B C3 RETN
77B6F54C 8B65 E8 MOV ESP,DWORD PTR SS:[EBP-18]
77B6F54F C745 FC FEFFFFFF MOV DWORD PTR SS:[EBP-4],-2
77B6F556 6A 00 PUSH 0
77B6F558 E8 1B2DFBFF CALL ntdll.RtlExitUserThread
77B6F55D CC INT3
77B6F55E 90 NOP
77B6F55F 90 NOP
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
I think I just noticed your problem. You use a 64 bit OS, don't you? Since the game is (probably) 32 bit, it's run through a compatibility layer. This means that when you open it with Olly, you're automatically dumped into ntdll, not the game itself. I often make this mistake myself. Open the executables module window (if it's not open already, press ALT+E). Double click on the game client. Make sure you check the Path section in this window to make sure you get the right one (For example, I see C:\...\Client.exe for Runes of Magic).
Now, you go back to the CPU window, right click, search for, constant. You type the full address, as is (not reverse byte order) without the 0x. Since your address is 0x03785078, search for the constant 03785078.
Now, you go back to the CPU window, right click, search for, constant. You type the full address, as is (not reverse byte order) without the 0x. Since your address is 0x03785078, search for the constant 03785078.
Re: How would I setup my scripts to auto update memory addre
Ah, good I'm not completely stupid after all. I am using a 64 bit OS. I will give this a try, thanks a bunch.
Edit: Thats seemed to work for me but I'm still not getting the right addresses.
This is what i get after i search for a constant.
I use this as my pattern.
I end up with this as my address
My code is
Edit: Thats seemed to work for me but I'm still not getting the right addresses.
This is what i get after i search for a constant.
Code: Select all
004198F6 . E8 5583FEFF CALL fff.00401C50
004198FB . B9 98D88506 MOV ECX,Xenimus.0685D898
00419900 . E8 8B7FFEFF CALL fff.00401890
00419905 . A1 B0D88506 MOV EAX,DWORD PTR DS:[685D8B0] --This is where search constant stops.
0041990A . 8B0D B4D88506 MOV ECX,DWORD PTR DS:[685D8B4]
00419910 . 8B15 B8D88506 MOV EDX,DWORD PTR DS:[685D8B8]
00419916 . A3 BCC91903 MOV DWORD PTR DS:[319C9BC],EAX
0041991B . 2B05 2490F403 SUB EAX,DWORD PTR DS:[3F49024]
00419921 . 890D 8C32E502 MOV DWORD PTR DS:[2E5328C],ECX
00419927 . 890424 MOV DWORD PTR SS:[ESP],EAX
Code: Select all
0xA1, 0xFF, 0xFF, 0xFF, 0xFF, 0x8B, 0x0D, 0xFF, 0xFF, 0xFF, 0xFF,
0x8B, 0x15, 0xFF, 0xFF, 0xFF, 0xFF, 0xA3
I end up with this as my address
Code: Select all
mouseX Address: 0x419905
mouseY Address: 0x419909
mouseX Value: -95
mouseY Value: 6
Stopping execution.
Code: Select all
printf("fff\n");
setStartKey(key.VK_DELETE);
setStopKey(key.VK_END);
function main()
myProc = openProcess( findProcess("fff") );
local mouseXPat = string.char(0xA1, 0xFF, 0xFF, 0xFF, 0xFF, 0x8B, 0x0D, 0xFF, 0xFF, 0xFF, 0xFF,
0x8B, 0x15, 0xFF, 0xFF, 0xFF, 0xFF, 0xA3);
local mouseXMask = "x????xx????xx????";
local mouseXAdd = findPatternInProcess(myProc, mouseXPat, mouseXMask, 0x400000, 0x40000);
local mouseYAdd = mouseXAdd + 0x4;
if( mouseXAdd == 0 ) then
printf("Failed to find the pattern in the process.\n");
end
mouseX = memoryReadByte(myProc, mouseXAdd);
mouseY = memoryReadByte(myProc, mouseYAdd);
printf("mouseX Address: 0x%X\n", mouseXAdd);
printf("mouseY Address: 0x%X\n", mouseYAdd);
printf("mouseX Value: %d\n", mouseX);
printf("mouseY Value: %d\n", mouseY);
running = false;
while(running) do
--curX = memoryReadInt(myProc, 0x02C85944); --My current X position
--curY = memoryReadInt(myProc, 0x0157D78C); --My current Y position
end
end
startMacro(main);
Last edited by Exempt on Tue Nov 16, 2010 8:11 pm, edited 1 time in total.
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
Since your pattern starts with the MOV command (0xA1), you need to add 1 byte to the result so that you're reading the address; not the 0xA1 + 3 bytes of the address.local mouseXAdd = findPatternInProcess(myProc, mouseXPat, mouseXMask, 0x400000, 0x40000) +1;
You should also verify that 0x685D8B0 is pointing to the right address (if it's not already the address you need) since it's a DWORD pointer.
Re: How would I setup my scripts to auto update memory addresses
hm, 0685D8B0 is the green address in cheat engine. I assume it's the right address.
Edit: I double checked and tried adding the +1 it till does not return the address containing my mouse X coord.
Edit: It's only return the constant address to me not the address of the mouse X.
Edit: I double checked and tried adding the +1 it till does not return the address containing my mouse X coord.
Edit: It's only return the constant address to me not the address of the mouse X.
Last edited by Exempt on Sat Mar 06, 2010 11:49 pm, edited 1 time in total.
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
If that's the correct address, then ignore what I previously said. You're heading in the right direction. Add a print statement to print out the value of mouseXAdd first. Take things from there.
Re: How would I setup my scripts to auto update memory addresses
It's only return the constant address to me not the address of the mouse X.
Code: Select all
Started.
mouseX Address: 0x419905 --This is the address it returns
mouseY Address: 0x419909 --This address is mouseX +0x4
mouseX Value: -2049396575 --This is mouseX's value
mouseY Value: -1274180858 --This is mouseY's value
Stopping execution.
- Administrator
- Site Admin
- Posts: 5313
- Joined: Sat Jan 05, 2008 4:21 pm
Re: How would I setup my scripts to auto update memory addresses
You're using memoryReadByte(), not memoryReadInt() in the code you posted before. Have you changed this? You should definitely be reading 4 bytes from 0x419906.
Who is online
Users browsing this forum: No registered users and 0 guests