1

in the sample script

import pymem
import pymem.process
import pymem.memory

process = pymem.process
mem = pymem.memory



DMC5 = pymem.Pymem("Game.exe")
DMC5_base = DMC5.process_handle

         
adress = 0x1F1BFF714C8
value = 99

mem.write_int(DMC5_base, adress, value)

the script works fine without any problems. but if I turn off the game and turn it on again, the address will change and you will have to manually insert a new one into the script. Is there any way to enter static data?

Jim Simson
  • 2,774
  • 3
  • 22
  • 30
mikethecoonlik
  • 11
  • 1
  • 5

2 Answers2

0

To find a reliable pointer, you need to find a static address, plus offsets, that always points to the address you want. This is a common issue when cheating in games via memory modification. Here's a tutorial on how to do it for Cheat Engine: https://www.solarstrike.net/phpBB3/viewtopic.php?t=65

Here's another tutorial on how to do it with MHS + CE: https://progamercity.net/ghack-tut/229-tutorial-maplestory-finding-pointers-ce-amp-mhs.html

Essentially though, the way it's typically done is via using a debugger to get the address of any code that reads or writes the address, and then introspect the assembly code to determine what addresses and pointers were used to get that address. Then, you take the base address it added the pointer to, and then use the debugger to see what reads that value, and what offsets and pointers it uses. You'll usually have to do this 2-3 times before you'll find a static address.

Once you get the pointer offsets and base address, you would then access that memory address via regular pointer logic. Here's an example of how: How do I look up the value of a multi-level pointer inside a process in Python?

You can also use the ReadWriteMemory module.

For example - here's a Python script that reads and writes the multi-level pointer value from Step 8 of the 32-bit Cheat Engine tutorial:

from ReadWriteMemory import ReadWriteMemory

base_address = 0x00400000  # "Tutorial-i386.exe"
static_address_offset = 0x002426E0  # the offset from the base of the static address of the pointer chain
pointer_static_address = base_address + static_address_offset  # "Tutorial-i386.exe" + 2426E0
offsets = [0x0C, 0x14, 0x00, 0x18]

rwm = ReadWriteMemory()
process = rwm.get_process_by_name('Tutorial-i386.exe')
process.open()
my_pointer = process.get_pointer(pointer_static_address, offsets=offsets)
pointer_value = process.read(my_pointer)
print(f'Value: {pointer_value}')
value_to_set = int(input('Enter a value: '))
process.write(my_pointer, value_to_set)
Random Davis
  • 6,662
  • 4
  • 14
  • 24
  • I've already mastered doing this with the cheat engine. CheatEngine saves this address, however, and so changes, but in the cheat engine it is static. The problem now is that if the address changes (but in the cheat engine you rather know how it is, it saves it) and I can't put it into the program code because the address keeps changing – mikethecoonlik Jan 05 '21 at 23:37
  • 1
    Your comment doesn't make sense to me. If you found the static address and offsets in Cheat Engine, then you already have everything you need. Cheat engine doesn't do magic when the address changes, it just uses basic pointer logic. You just need to do basic pointer logic in Python to get the address you want. As for getting the base address of the .exe, [here](https://stackoverflow.com/questions/13045864/python-how-to-get-the-start-base-address-of-a-process) is how. – Random Davis Jan 05 '21 at 23:43
  • otherwise, now I want the same to happen in python – mikethecoonlik Jan 05 '21 at 23:49
  • @mikethecoonlik I know. I updated my answer with more info. – Random Davis Jan 05 '21 at 23:50
  • @mikethecoonlik I updated it again. There should be far more than enough info now for you to get started. Let me know if you get stuck though. – Random Davis Jan 06 '21 at 00:00
  • I understand that I should enter game_name.exe as process, but what should I enter as baseadress? the one who came out of the pointer? – mikethecoonlik Jan 06 '21 at 00:30
  • I sat a bit and did it like this ```from ReadWriteMemory import ReadWriteMemory base_address = 0x004A7428 # equivalent to Cheat Engine's "whatever.exe+0x000df73c" rwm = ReadWriteMemory() process = rwm.get_process_by_name('game.exe') process.open() my_pointer = process.get_pointer(base_address, offsets=[0x2A0, 0x230, 0x390, 0xCC8, 0x18, 0x198, 0x18]) pointer_value = process.read(my_pointer) print(pointer_value)``` prints to me all the time 0 why? I enter point result, click on the process that is responsible for it and I can see someting.dll + 004A7428 and 7 offests – mikethecoonlik Jan 06 '21 at 05:52
  • soo i stuck here – mikethecoonlik Jan 06 '21 at 05:57
  • can help me ? please – mikethecoonlik Jan 07 '21 at 04:31
  • @mikethecoonlik the base address I used was just a random example, so of course that didn't work. You can use cheat engine to get it. Just create a pointer with no offsets that points to `game.exe+0xSomething` in cheat engine, and then look at the actual address it appears as in the cheats list. That's the base address. When I said it was equivalent to Cheat Engine's `whatever.exe+0xWhatever`, I meant you had to actually use Cheat Engine to get that value. There might be other ways but that's the easy way I know of. I can try making a video of it if that still doesn't help. – Random Davis Jan 08 '21 at 05:14
  • I would be grateful if you would make a video that would show an example showing this – mikethecoonlik Jan 08 '21 at 08:24
  • @mikethecoonlik okay I plan on making one this evening (pacific standard time). Will link it here. In the meantime though this could be helpful: https://stackoverflow.com/questions/14027459/finding-the-baseaddress-of-a-running-process. This too: https://stackoverflow.com/questions/40032537/how-to-get-processs-base-address-with-moduleentry32/57156465#57156465 Those are both Python solutions that don't require you to use Cheat Engine. – Random Davis Jan 08 '21 at 16:19
  • @mikethecoonlik I've made a quick video demonstrating this in action: https://youtu.be/x4WE3mSJoRA I also updated my answer to reflect a couple changes I made to the script when making the video. I hope that helps. I wouldn't say this is the ideal general way to get a pointer into Python, but it's a really quick and easy way to get one from Cheat Engine into Python. – Random Davis Jan 09 '21 at 04:33
0

Theres a very big chance you will find the offsets listed on some forum i reccomend googling for the offsets

Eko
  • 1
  • 1