 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
KryziK
Expert Cheater
![]() Reputation: 3
Joined: 16 Aug 2009
Posts: 199
|
 Posted: Wed Aug 25, 2010 1:57 pm Post subject: [Tut] AutoIt 3 Memory Editing |
 |
|
Alright, so I've seen plenty of people asking for help with AutoIt3 and NomadMemory, and I've decided to make my first tutorial!
You need:
AutoIt3
SciTE4AutoIt3
NomadMemory Script
Alright, so install AutoIt3 and SciTE if you haven't. Then download the NomadMemory Script and place it in your AutoIt folder's Include folder.
The path may be "C:\Program Files\AutoIt3\Include\".
Now right click your Desktop, and go to New->AutoIt v3 Script. Name it "CE Tutorial Trainer.au3". Make sure it isn't a text file! The image of the file should be a blue/silver A.
Now you may want to place Cheat Engine's Tutorial.exe next to your script for easy access. It's located in the CE install folder.
Now right click your new script and select "Edit". SciTE should open.
SciTE is IMPORTANT because it has syntax highlighting, error checking, and extra tools like a GUI creator for AutoIt.
Now, if there is any text in the window of your script you can choose to leave it, or erase it. Lines starting with ; are comments and so they won't hurt your script.
Now you want to add these few lines:
| Code: | #RequireAdmin ;User Account must have Administrator privlidges
#include <NomadMemory.au3> ;Include the NomadMemory functions in this script |
Now copy this code and add it to the end of your script (line 3 if you deleted all of the comments before we started).
| Code: | #include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
Global $hMemory ;A global variable
#Region ### START Koda GUI section ###
$hGUI = GUICreate("CE Tutorial Trainer", 259, 75, 192, 124)
$hAttach = GUICtrlCreateButton("Attach", 8, 8, 75, 25, $WS_GROUP)
$hDetach = GUICtrlCreateButton("Detach", 88, 8, 83, 25, $WS_GROUP)
GUICtrlSetState($hDetach, $GUI_DISABLE)
$hStep2 = GUICtrlCreateButton("Patch Step2", 8, 40, 243, 25, $WS_GROUP)
$hQuit = GUICtrlCreateButton("Quit", 176, 8, 75, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
Switch GUIGetMsg()
Case $hAttach
;MemoryOpen
Case $hDetach
;MemoryClose
Case $hStep2
;Patch Step2
Case $hQuit
Exit
Case $GUI_EVENT_CLOSE
Exit
EndSwitch
WEnd |
This is the code for a basic GUI we're going to use. To create your own go to Tools->Koda(Form Designer) in SciTE. I'm not going to go over how to use it, but it's similar to most other form designers.
Now, you can press F5 in SciTE to run your current script. If there are errors it will tell you what code is wrong before your script runs.
This should pop up:
If not then something wrong happened on your end.
Congratulations! This is the look of your basic trainer. You can change anything you want from the text to the size, and even the color. Just press F1 on any line of code to open the help file on that function.
So now we're going to start using NomadMemory.
The functions we will use are:
| Code: | _MemoryOpen(PID)
_MemoryWrite(Address,Handle,Data,Type)
_MemoryClose(Handle)
_MemoryGetBaseAddress(Handle, HD)
|
_MemoryOpen takes a few parameters, but only the first one is required. The rest will default to certain values. The required parameter is the Process ID or PID. This can be obtained by using the code
| Code: | | ProcessExists("process.exe") |
So we will put the lines:
| Code: | $hMemory = _MemoryOpen(ProcessExists("tutorial.exe"))
GUICtrlSetState($hDetach,$GUI_ENABLE)
GUICtrlSetState($hAttach,$GUI_DISABLE) |
where the comment ";MemoryOpen" is. This will store the result of _MemoryOpen() in $hMemory. In this case it is the handle used in the other functions.
Now where it says ";MemoryClose" we will put the lines:
| Code: | _MemoryClose($hMemory)
GUICtrlSetState($hAttach,$GUI_ENABLE)
GUICtrlSetState($hDetach,$GUI_DISABLE) |
Now we're going to head over to CE and find the POINTER in Step 2.
Open up tutorial.exe and Cheat Engine, attach Cheat Engine to it, and go to Step 2 in the tutorial.
Scan for the Health value and get the single address. Now add it to your code list and right click it. Select "Find out what Writes to this Address". Then press "Hit me" again and something similar to this should pop up:
Press "More Information" and write down these two numbers:
One is the offset you need and the other is what you need to scan for now.
Press "New Scan", check "Hex", and put that address in the box. Scan for it and you should get a fairly good sized list of addresses.
Find the address that is GREEN! That's a static address. It should be "00460C54".
Now add an address manually, select pointer, put in the address you just found and the offset we found before.
It SHOULD look like this:
Note how the final address is equal to the one we found earlier.
So now we need to add this to our script.
Add this to the very end of our script:
| Code: | Func _PatchStep2()
Local $Offset[2] = ["0", Dec("314")]
;Get Base Address
$BaseAddress = _MemoryGetBaseAddress($MemoryOpen, 1)
If $BaseAddress = 0 Then
Select
Case @error = 1
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Invalid handle to open process")
Case @error = 2
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to find correct allocation address")
Case @error = 3
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to read from the specified process")
EndSelect
EndIf
;Calculate and Write
$StaticOffset = Dec("460C54") - $BaseAddress
$FinalAddress = "0x" & Hex($BaseAddress + $StaticOffset)
$Write = _MemoryPointerWrite($FinalAddress, $MemoryOpen, $Offset, "1000")
EndFunc |
This is the function that will be called when we press "Patch Step2", but first we need to add
where it says ";Patch Step2".
Now if you take a look at the function I just gave you, you can see that our offsets are at the top. You ALWAYS start with 0, and then go up the list, like so:
Note: Don't do what's in this image, it's for example only.
I'm not going to explain why what's done in this function is done, but all you need to know is that you'll only change these two things, depending on your program/variable:
| Code: | $Offset[2] = [0, Dec(314)]
$StaticOffset = Dec("460C54") - $BaseAddress |
If there are more offsets then make SURE to change the [2] as WELL as add them between the [] where 0 and Dec(314) are.
The only thing you need to change in the second line is "460C54". This should be changed to whatever your green address is. The leading 0's can be stripped (The address is really "00460C54").
So, if you've been able to follow this tutorial (Doubtful, because even I realize that it's a little messy), you should have ended up with this code. If not, you can simply copy and paste it.
| Code: |
#RequireAdmin ;User Account must have Administrator privlidges
#include <NomadMemory.au3> ;Include the NomadMemory functions in this script
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
Global $hMemory ;A global variable
#Region ### START Koda GUI section ###
$hGUI = GUICreate("CE Tutorial Trainer", 259, 75, 192, 124)
$hAttach = GUICtrlCreateButton("Attach", 8, 8, 75, 25, $WS_GROUP)
$hDetach = GUICtrlCreateButton("Detach", 88, 8, 83, 25, $WS_GROUP)
GUICtrlSetState($hDetach, $GUI_DISABLE)
$hStep2 = GUICtrlCreateButton("Patch Step2", 8, 40, 243, 25, $WS_GROUP)
$hQuit = GUICtrlCreateButton("Quit", 176, 8, 75, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
Switch GUIGetMsg()
Case $hAttach
$hMemory = _MemoryOpen(ProcessExists("tutorial.exe"))
GUICtrlSetState($hDetach,$GUI_ENABLE)
GUICtrlSetState($hAttach,$GUI_DISABLE)
Case $hDetach
_MemoryClose($hMemory)
GUICtrlSetState($hAttach,$GUI_ENABLE)
GUICtrlSetState($hDetach,$GUI_DISABLE)
Case $hStep2
_PatchStep2()
Case $hQuit
Exit
Case $GUI_EVENT_CLOSE
Exit
EndSwitch
WEnd
Func _PatchStep2()
Local $Offset[2] = [0, Dec(314)]
;Get Base Address
$BaseAddress = _MemoryGetBaseAddress($hMemory, 1)
If $BaseAddress = 0 Then
Select
Case @error = 1
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Invalid handle to open process")
Case @error = 2
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to find correct allocation address")
Case @error = 3
MsgBox(0, "Error", "Error getting base address: " & @CRLF & "Failed to read from the specified process")
EndSelect
EndIf
;Calculate and Write
$StaticOffset = Dec("460C54") - $BaseAddress
$FinalAddress = "0x" & Hex($BaseAddress + $StaticOffset)
$Write = _MemoryPointerWrite($FinalAddress, $hMemory, $Offset, "1000")
EndFunc
|
One other thing I forgot to mention. If the address you want is already GREEN, and you don't need to make a pointer, simply use this function:
| Code: | Func _Function()
$Write = _MemoryWrite($address, $hMemory, $value) ;Address must be in 0x00000000 format
EndFunc |
I STRONGLY STRONGLY suggest that you Right Click -> Edit NomadMemory.au3 to read what the parameters are for the functions, or you will find yourself messing up. There are a lot of extra parameters that are optional, but very useful.
PLEASE ask questions if you need help, and any feedback is welcomed.
Edit: It seems I've forgot the most important part of this tutorial! Close tutorial.exe and re-open it.
Go to step 2.
Press Attach on the Trainer.
Press Patch Step 2.
Next SHOULD become available.
Last edited by KryziK on Sat Jan 12, 2013 4:10 pm; edited 3 times in total |
|
| Back to top |
|
 |
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Wed Aug 25, 2010 5:12 pm Post subject: |
|
|
For those of us, like myself, who are unfamiliar with AutoIT and the other tools you're describing - what exactly does this do and why is it useful?
Thanks,
adude |
|
| Back to top |
|
|
KryziK
Expert Cheater
![]() Reputation: 3
Joined: 16 Aug 2009
Posts: 199
|
| Posted: Wed Aug 25, 2010 5:16 pm Post subject: |
|
|
| justa_dude wrote: | For those of us, like myself, who are unfamiliar with AutoIT and the other tools you're describing - what exactly does this do and why is it useful?
Thanks,
adude |
AutoIt is a basic-like scripting language that can be used to automate an infinite number of tasks. You can call DLLs allowing external functionality.
NomadMemory is a script that contains functions for memory editing using an external Windows DLL.
So basically you can make trainers and memory edit with it. You can create custom GUIs or have console applications, etc. In my opinion it's an easier alternative to making trainers with VB. You can check out their site for more info.
Edit: You can also compile your scripts which embeds them in a copy of the AutoIt exe. You can then distribute a single .exe file.
Somewhere around here is dib's autoclicker, which I made for him. It's made in AutoIt. |
|
| Back to top |
|
|
Fantasy
I post too much
![]() Reputation: 13
Joined: 29 Jul 2007
Posts: 3113
|
| Posted: Thu Aug 26, 2010 12:11 am Post subject: |
|
|
| I always get excited when I see I'm not the only one using AutoIt :3 |
|
| Back to top |
|
|
KryziK
Expert Cheater
![]() Reputation: 3
Joined: 16 Aug 2009
Posts: 199
|
| Posted: Thu Aug 26, 2010 12:12 am Post subject: |
|
|
| Hehe, this is like one of the least advanced things I've done in AutoIt... |
|
| Back to top |
|
|
pangyaaaaaa
How do I cheat?
![]() Reputation: 0
Joined: 20 Sep 2010
Posts: 2
|
| Posted: Mon Sep 20, 2010 4:14 pm Post subject: |
|
|
I like it very much but i have a problem.
 )
it wont work for me. i pasted your final code
at patch STep2 it give out:
Error getting base adress:
Failed to find correrct allocation adress
i have looked at my tutorial.exe but its the same adress and offset ..
whats wrong?? |
|
| Back to top |
|
|
KryziK
Expert Cheater
![]() Reputation: 3
Joined: 16 Aug 2009
Posts: 199
|
| Posted: Mon Sep 20, 2010 4:17 pm Post subject: |
|
|
Well, it seems that people on x64 machines have problems with the getting the base address. If you are on a x64 machine, save the file, then right click the file and Run in x86 compatibility mode.
If you aren't on a x64 machine then let me know and I'll try to help you further. |
|
| Back to top |
|
|
noko_112
Grandmaster Cheater
![]() Reputation: 0
Joined: 09 Jun 2009
Posts: 585
|
| Posted: Tue Sep 21, 2010 12:28 am Post subject: |
|
|
| Fantasy wrote: | | I always get excited when I see I'm not the only one using AutoIt :3 |
This so much. Personally i use it for making web bots (Together with tesseract <- Google OCR) |
|
| Back to top |
|
|
DamiPL
Grandmaster Cheater Supreme
 Reputation: 3
Joined: 02 Jul 2006
Posts: 1195
Location: 11001110
|
| Posted: Tue Sep 21, 2010 3:43 am Post subject: |
|
|
nice tut, thanks
_________________
|
|
| Back to top |
|
|
pangyaaaaaa
How do I cheat?
![]() Reputation: 0
Joined: 20 Sep 2010
Posts: 2
|
| Posted: Tue Sep 21, 2010 3:18 pm Post subject: |
|
|
yes iam on a x64 system.
i tryed that and it dont work..[Run in x86 compatibility mode]
hope you can help me to fix it for my x64 system.
or does i need to solve it with a secondary OS ??
thx 4 all your
nice work:)
see ya |
|
| Back to top |
|
|
False Prophet
Expert Cheater
 Reputation: -1
Joined: 28 May 2006
Posts: 121
|
| Posted: Fri Sep 24, 2010 3:07 am Post subject: |
|
|
No offense, but, AutoIt is bad. It would do you great justice to forget about it and learn an actual programming language like C.
_________________
|
|
| Back to top |
|
|
noko_112
Grandmaster Cheater
![]() Reputation: 0
Joined: 09 Jun 2009
Posts: 585
|
| Posted: Fri Sep 24, 2010 10:03 am Post subject: |
|
|
| Another.False.Prophet wrote: | | No offense, but, AutoIt is bad. It would do you great justice to forget about it and learn an actual programming language like C. |
Autoit was actually only meant for macro'ing, so it will kinda suck for every other thing. Just think about it, what is fastest making something in? C++ or autoit? |
|
| Back to top |
|
|
False Prophet
Expert Cheater
Reputation: -1
Joined: 28 May 2006
Posts: 121
|
| Posted: Fri Sep 24, 2010 3:06 pm Post subject: |
|
|
| Noko_112 wrote: | | Another.False.Prophet wrote: | | No offense, but, AutoIt is bad. It would do you great justice to forget about it and learn an actual programming language like C. |
Autoit was actually only meant for macro'ing, so it will kinda suck for every other thing. Just think about it, what is fastest making something in? C++ or autoit? |
A BASIC language, or Python.
_________________
|
|
| Back to top |
|
|
KryziK
Expert Cheater
![]() Reputation: 3
Joined: 16 Aug 2009
Posts: 199
|
| Posted: Fri Sep 24, 2010 3:57 pm Post subject: |
|
|
"AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting."
You can't even compare something like this to an actual programming language because they do two different things. |
|
| Back to top |
|
|
Junk_autoit
How do I cheat?
![]() Reputation: 0
Joined: 24 Apr 2012
Posts: 4
|
| Posted: Tue Apr 24, 2012 4:43 pm Post subject: |
|
|
| Very good! There are chances that go wrong, that is, he gets the wrong address in memory? Where else can I help with autoit? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
