How to read memory at specific instructions

[zer0]

Hey all,
I am trying to do a few things extra with my bot, but found that I need to read memory addresses at specific ASM instructions, my question is how would I go about doing this? DLL injection? And if so how would I code the DLL and use it in MicroMacro? Can you provide a reference or a tutorial as to how this may be done as I'm not familiar with DLL injection period.

My example is here:
I want to read the address that has the name of targetted object. I have found it occurs only at a specific instruction.

Shaiya - release 40
At instruction 0x4e670a (eb 1e = jmp 0x1e), I want to read the memory offset 0x17950c (contains the monster name string).

Here is a pic to show you what I mean.


Remember, this is my first time attempting to do a DLL injection and in MM, so please dumb it down or I'm gonna be lost.

[Administrator]

Looks to me like 0x4E6700 is the base. Add 0xB to it to read the short offset as a byte (offset is read from 0x4E670B). Now, take 0x4E670B + read offset (0x1E) to get the full pointer to the monsters name.

This could be done through either memory reading functions in MicroMacro, or though DLL injection. Injecting a DLL has little benefit over just reading the memory in this case and would just be a lot more work.

[zer0]

That doesn't sound right Elverion, because I've already searched the memory for a changing target name and found nothing.

So I looked for the base address of a Monster name, then searched for what accesses the address, and isolated the instructions that way, as far as I can tell it uses temporary memory only, which can be read when the 0x4E670A jmp 0x1e instruction is reached.

Or have I completely misunderstood you?

Here was my pic of what I thought u were trying to get me to do:


The first pic had a breakpoint on 0x4E670A, which is why I could read the target name at 0x17950c which was "Black Claw Succubus".


At instruction 0x4E6700, the address it's going to write the target monster name is located on the EDX register (0x17950c).

Or alternatively I could read what's on the ECX register, but it will have to be when it hits instruction 0x4E6700.

So from what I can tell I need something to read the EIP Register (which has the current instruction address?), and read memory when it reaches the specific instruction.

Assembly is kinda new to me, so I apologise if some of this doesn't make sense, as it is uncharted territory for me.

[Administrator]

No, that's not quite what I had meant, but if you are sure it is temporary memory then yes, you would probably need to use DLL injection. You'd probably be better off asking about that on http://forum.gamedeception.net/.

[zer0]

edited:

Elv there isn't a way MM could be programmed to do it without me using any fancy DLL injections is there? I've encountered a few things that are temporary memory, but have been unable to access them due to MM's limitations.

Would it be possible to have a read register function (I have no idea if this is possible).

Code: Select all

// instruction_address To wait until EIP register hits that number then read the register parsed.
// register would be EAX, EBX, ECX, EDX ... etc.
readRegister(handle, instruction_address, register)

If that is possible then you should be able to read memory locations when it hits that instruction, by retrieving the register memory addresses, and looking at that memory.

Don't laugh at me too much but could that be done? I think it would be extremely useful if you could implement it.

[Administrator]

For the most part, no, it's not possible. Although it might be able to be done, it would also require a lot more work than just injecting a DLL. DLL injection really is quite simple. But like I said, Game Deception forums would be a good place to ask. They have many knowledgeable users.

[3cmSailorfuku]

For the most part, no, it's not possible. Although it might be able to be done, it would also require a lot more work than just injecting a DLL. DLL injection really is quite simple. But like I said, Game Deception forums would be a good place to ask. They have many knowledgeable users.

It might be possible if you were able to give the injected dll a parameter that contains the function being used to read/write data and then using detours to hook the part that Zero meant to get all the strings being logged. The Problem is that its hard to customize this to make it work for most of the games.

[zer0]

Btw here was the other thread:
http://forum.gamedeception.net/showthread.php?t=15321