ฟอรั่มของบล็อก http://pssix.blogspot.com


เขียนคำสั่งให้หน่อยครับ

Share
avatar
Arm
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Master PSsix Program Coder
จำนวนข้อความ : 267
ความนิยม : 54
เข้าร่วมเมื่อ : 31/03/2011
อายุ : 20

เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by Arm on 05/10/11, 09:36 am

แบบต้องการให้กดปุ่ม F1 แล้วให้ Freeze ค่า address 0022F3B4 = 0
แล้วถ้ากด F1 อีกครั้งให้ UnFreeze น่ะครับ

เกม VVVVVV
[You must be registered and logged in to see this link.]
avatar
flapjack
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Moderator PSsix Master PSsix Game Coder
จำนวนข้อความ : 312
ความนิยม : 74
เข้าร่วมเมื่อ : 05/10/2010

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by flapjack on 05/10/11, 12:16 pm

ต้องรอผู้รู้มาตอบล่ะครับ... em230
ปล.(การ Freeze นี้จะเหมือนหลักการ MemoryWrite หรือเปล่า...?)
avatar
Arm
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Master PSsix Program Coder
จำนวนข้อความ : 267
ความนิยม : 54
เข้าร่วมเมื่อ : 31/03/2011
อายุ : 20

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by Arm on 05/10/11, 01:18 pm

ใช้ครับเวลาเปลี่ยนแปลงค่าใน CE โปรแกรมมันจะ freeze สถานะไว้ครับ
สมมุติเช่นเปลี่ยนค่าพลังชีวิตจาก 2 เป็น 6 พอมัน freeze ไว้ค่านั้นก็จะคงอยู่ตลอดไปไม่เปลี่ยนแปลงครับ em218
avatar
Arm
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Master PSsix Program Coder
จำนวนข้อความ : 267
ความนิยม : 54
เข้าร่วมเมื่อ : 31/03/2011
อายุ : 20

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by Arm on 05/10/11, 01:21 pm

ถ้าจะ Freeze ไว้ก็คงใช้ประมาณนี้ละมั้งครับ em218 ชินจัง
Code:
AdlibRegister("A1", 500)

Func A1()
   MemoryWrite("0022F3B4", "zzxx")
EndFunc
avatar
asokura
PSsix Member High Class
PSsix Member High Class

PSsix Game Coder
จำนวนข้อความ : 72
ความนิยม : 11
เข้าร่วมเมื่อ : 03/09/2011

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by asokura on 05/10/11, 04:12 pm

การ Freeze มีเขียนไว้ที่เว็ปนี่ครับ [You must be registered and logged in to see this link.]
การให้กดปุ่มเพื่อหยุดและให้ทำต่อ Admin เขียนไว้ตรง Func Pause() ที่ [You must be registered and logged in to see this link.]

ลองนำมา mix กันดูน๊ะครับ


Fast
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Program Coder
จำนวนข้อความ : 217
ความนิยม : 52
เข้าร่วมเมื่อ : 19/06/2011

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by Fast on 05/10/11, 05:04 pm

^^
^^
เข้ามาดูลิ้ง _Freeze_Value() ขอก๊อปมาให้ดูตรงนี้ละกัน วิธีการทำเขาใส่ While 1 เอาไว้ระหว่างคำสั่งสคริ๊ปเขียนเมมคับ เอามาแก้เขียนเองง่ายกว่านะ เขียนแบบนี้ใส่ sleep ไปด้วยซีพียูจะไม่โดนใช้หนักเกิน

While 1
MemoryWrite("0022F3B4", "zzxx")
sleep(10)
WEnd



;;;;;;;;;;;;;;;สคริ๊ป _Freeze_Value() ;;;;;;;;;;;;;;;;;;;;;;


#include "Nomadmemory.au3"
;===============================================================================
; Function Name: _Freeze_Value()
; Description: Freezes a Value just like Cheat Engine
; Syntax:
; Parameter(s): $Address - Address you want to freesze

; $ID
; An array containing the Dll handle and the handle
; of the open process as returned by _MemoryOpen()

; $Value - Value you want to freeze it at

; $sv_Type - (optional) The "Type" of value you intend to read.
; This is set to 'dword'(32bit(4byte) signed integer)
; by default. See the help file for DllStructCreate
; for all types. An example: If you want to read a
; word that is 15 characters in length, you would use
; 'char[16]' since a 'char' is 8 bits (1 byte) in size.

; Your main While 1 loop in the Script duplicated, put into a function
; Requirement(s): Need #Nomadmemory, Need 2 Main while 1 one reg while one, the other func() EX.
;
;
;while 1 ---------> Main while in script
; $nMsg = GUIGetMsg()
; Switch $nMsg
; Case $GUI_EVENT_CLOSE
; SoundPlay (@HomeDrive& "\Windows\System\t1alarm.wav")
; Exit
;Endswitch
;WEnd
;
;Func While -------->While 1 loop duplicated, into a function (this is the one that = $mainloop, without the ()), (you must have Both)
; $nMsg = GUIGetMsg()
; Switch $nMsg
; Case $GUI_EVENT_CLOSE
; Exit
;EndSwitch
;EndFunc

; Return Value(s): Success = Freezes Value
; Author(s): Liiten \ tri407tiny
; Modification(s):
;===============================================================================
Func _Freeze_Value($ID, $Address, $value, $mainloop)
SetPrivilege("SeDebugPrivilege", 1)
$M1 = _Memoryread($Address)
if $M1 <> $Value then
while 1 ;; ใส่ while เพื่อทำงานคำสั่งซ้ำเดิม
_memorywrite($ID, $address, $Value) ;คำสั่งเขียนเมม
$mainloop ()
WEnd
EndIf
EndFunc
avatar
Arm
PSsix Member Super Class III
PSsix Member Super Class III

PSsix Master PSsix Program Coder
จำนวนข้อความ : 267
ความนิยม : 54
เข้าร่วมเมื่อ : 31/03/2011
อายุ : 20

Re: เขียนคำสั่งให้หน่อยครับ

ตั้งหัวข้อ by Arm on 05/10/11, 08:43 pm

ที่จริงก็..ทำได้แล้วล่ะครับ
ขอบคุณสำหรับทุกๆคำแนะนำนะครับ
ลองเปิดไฟล์ Freeze.au3 แล้ว
ที่หัวสคริปต์มี
Code:
#include "Nomadmemory.au3"
งั้นก็ เอา Function จาก Freeze.au3 ไปใส่ใน Nomadmemory.au3 ได้เลยน่ะสิครับ em230
เหมือนท่าน Admin จะอัพไฟล์ NomadMemoryPSsix.zip ไว้แถวไหนก็ไม่รู้..ลองไปหาโหลดกันนะครับ

Example:....VVVVVV_Test.au3 ;ชื่อไฟล์ที่ทำโกงเกม
Code:
#AutoIt3Wrapper_UseX64=n
#RequireAdmin
#NoTrayIcon
#include <NomadMemoryPSsix.au3> ; อ้างอิงไฟล์ NomadMemoryPSsix.au3 จาก NomadMemoryPSsix.zip

#cs
   การอ่านและเขียนค่าลงแอดเดรสที่แน่นอน
   ซึ่งแอดเดรสนี้จะไม่มีวันเปลี่ยนแม้จะเปิดโปรแกรมมากี่ครั้งก็ตาม
#ce


Global $address = "0x0022F3B4" ;ใส่ตำแหน่งแอดเดรส ที่ต้องการจะอ่านค่า

$memopen = _MEMORYOPEN(ProcessExists("vvvvvv.exe")) ;เปลี่ยนชื่อไฟล์เกมส์
If $memopen = 0 Then
   ConsoleWrite('ผิดพลาดไม่มีโปรแกรม =' & $memopen & @CRLF)
   Exit
EndIf

;;  1 อ่านค่า address  ในตำแหน่งที่แน่นอน
$value = _MEMORYREAD(($address), $memopen) ;ค่าที่อ่านได้จะเก็บไว้ในตัวแปร  $value
ConsoleWrite('ค่าที่อ่านได้จากแอดเดรส ' & $address & ' = ' & $value & @CRLF) ;แสดงผลค่าออกมา

;;  1 เขียนค่า address  ในตำแหน่งที่แน่นอน
$WriteValue = "0"
_MemoryWrite($address, $memopen, $WriteValue) ;เขียนค่า
ConsoleWrite('เปลี่ยนแปลงค่าเป็น ' & $WriteValue & ' เรียบร้อยแล้ว' & @CRLF)
ConsoleWrite('ต่อจากนี้ไปจะทำการเขียนค่าเป็น ' & $WriteValue & ' ตลอด' & @CRLF)
AdlibRegister("FreezeState", 500)
;~ HotKeySet("{ESC}", "_Exit")
OnAutoItExitRegister("_Exit")

While 1
   Sleep(100)
   If ProcessExists("vvvvvv.exe") = 0 Then _Exit()
WEnd

;FreezeState
Func FreezeState()
   _MemoryWrite($address, $memopen, $WriteValue) ;เขียนค่า
EndFunc

Func _Exit()
   _MEMORYCLOSE($memopen) ;ปิดการอ่านหน่วยความจำ นำไปวางไว้ท้ายสุดเมื่อไม่ต้องการอ่านหรือเขียนแล้ว  เช่น ตอนปิดโปรแกรม
   Exit
EndFunc
สำหรับไฟล์ NomadMemoryPSsix.au3 ที่ผมโมมาแล้วนั้นสามารถดาวน์โหลดได้จากที่นี่เลยครับ
NomadMemoryPSsix_Modified.au3
Code:
#include-once
#region _Memory

;==================================================================================
; Test on AutoIt Version:  3.3.6.1 By  http://pssix.blogspot.com          v1.0
;==================================================================================

;Function Reference
;~ _MemoryOpen
;~  _MemoryRead
;~  _MemoryWrite
;~ _MemoryClose
;~ _MemoryPointerRead
;~ _MemoryPointerWrite
;~ SetPrivilege
;~ _MemoryGetBaseAddress
;~ _MemoryModuleGetBaseAddress
;~  _MemReadDLL
;~  _MemWriteDLL
;~ _MemWriteDLLByteArray
;~ _MemoryWriteByteArray


SetPrivilege("SeDebugPrivilege", 1)

;=================================================================================================
; Language:            English
; Platform:            All Windows
; Author:            Nomad
; Requirements:        These functions will only work with beta.
;=================================================================================================
; Credits:    wOuter - These functions are based on his original _Mem() functions.  But they are
;            easier to comprehend and more reliable.  These functions are in no way a direct copy
;            of his functions.  His functions only provided a foundation from which these evolved.
;=================================================================================================


;=================================================================================================
; Function:            _MemoryOpen($iv_Pid(, $iv_DesiredAccess(, $iv_InheritHandle)))
; Description:        Opens a process and enables all possible access rights to the process.  The
;                    Process ID of the process is used to specify which process to open.  You must
;                    call this function before calling _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):        $iv_Pid - The Process ID of the program you want to open.
;                    $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which enables all
;                                        possible access rights to the process specified by the
;                                        Process ID.
;                    $if_InheritHandle - (optional) If this value is TRUE, all processes created by
;                                        this process will inherit the access handle.  Set to TRUE
;                                        (1) by default.  Set to 0 if you want it to be FALSE.
; Requirement(s):    A valid process ID.
; Return Value(s):    On Success - Returns an array containing the Dll handle and an open handle to
;                                the specified process.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                            1 = Invalid $iv_Pid.
;                            2 = Failed to open Kernel32.dll.
;                            3 = Failed to open the specified process.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1)

   If Not ProcessExists($iv_Pid) Then
      SetError(1)
      Return 0
   EndIf

   Local $ah_Handle[2] = [DllOpen('kernel32.dll')]

   If @error Then
      SetError(2)
      Return 0
   EndIf

   Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid)

   If @error Then
      DllClose($ah_Handle[0])
      SetError(3)
      Return 0
   EndIf

   $ah_Handle[1] = $av_OpenProcess[0]

   Return $ah_Handle

EndFunc  ;==>_MemoryOpen


;=================================================================================================
; Function:            _MemoryRead($iv_Address, $ah_Handle(, $sv_Type))
; Description:        Reads the value located in the memory address specified.
; Parameter(s):        $iv_Address - The memory address you want to read from. It must be in hex
;                                  format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                    $sv_Type - (optional) The "Type" of value you intend to read.  This is set to
;                                'dword'(32bit(4byte) signed integer) by default.  See the help file
;                                for DllStructCreate for all types.
;                                An example: If you want to read a word that is 15 characters in
;                                length, you would use 'char[16]'.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns the value located at the specified address.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):            Values returned are in Decimal format, unless specified as a 'char' type, then
;                    they are returned in ASCII format.  Also note that size ('char[size]') for all
;                    'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')

   If Not IsArray($ah_Handle) Then
      SetError(1)
      Return 0
   EndIf

   Local $v_Buffer = DllStructCreate($sv_Type)

   If @error Then
      SetError(@error + 1)
      Return 0
   EndIf

   DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

   If Not @error Then
      Local $v_Value = DllStructGetData($v_Buffer, 1)
      Return $v_Value
   Else
      SetError(6)
      Return 0
   EndIf

EndFunc  ;==>_MemoryRead


;=================================================================================================
; Function:            _MemoryWrite($iv_Address, $ah_Handle, $v_Data(, $sv_Type))
; Description:        Writes data to the specified memory address.
; Parameter(s):        $iv_Address - The memory address you want to write to.  It must be in hex
;                                  format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                    $v_Data - The data to be written.
;                    $sv_Type - (optional) The "Type" of value you intend to write.  This is set to
;                                'dword'(32bit(4byte) signed integer) by default.  See the help file
;                                for DllStructCreate for all types.
;                                An example: If you want to write a word that is 15 characters in
;                                length, you would use 'char[16]'.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns 1
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = $v_Data is not in the proper format to be used with the "Type"
;                                selected for $sv_Type, or it is out of range.
;                            7 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):            Values sent must be in Decimal format, unless specified as a 'char' type, then
;                    they must be in ASCII format.  Also note that size ('char[size]') for all
;                    'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')

   If Not IsArray($ah_Handle) Then
      SetError(1)
      Return 0
   EndIf

   Local $v_Buffer = DllStructCreate($sv_Type)

   If @error Then
      SetError(@error + 1)
      Return 0
   Else
      DllStructSetData($v_Buffer, 1, $v_Data)
      If @error Then
         SetError(6)
         Return 0
      EndIf
   EndIf

   DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')

   If Not @error Then
      Return 1
   Else
      SetError(7)
      Return 0
   EndIf

EndFunc  ;==>_MemoryWrite


;=================================================================================================
; Function:            _MemoryClose($ah_Handle)
; Description:        Closes the process handle opened by using _MemoryOpen().
; Parameter(s):        $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns 1
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = Unable to close the process handle.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryClose($ah_Handle)

   If Not IsArray($ah_Handle) Then
      SetError(1)
      Return 0
   EndIf

   DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
   If Not @error Then
      DllClose($ah_Handle[0])
      Return 1
   Else
      DllClose($ah_Handle[0])
      SetError(2)
      Return 0
   EndIf

EndFunc  ;==>_MemoryClose


;=================================================================================================
; Function:            _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset(, $sv_Type))
; Description:        Reads a chain of pointers and returns an array containing the destination
;                    address and the data at the address.
; Parameter(s):        $iv_Address - The static memory address you want to start at. It must be in
;                                  hex format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                    $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                offset.  If there is no offset for a pointer, enter 0 for that
;                                array dimension. (Offsets must be in decimal format, NOT hex!)
;                    $sv_Type - (optional) The "Type" of data you intend to read at the destination
;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                default.  See the help file for DllStructCreate for all types.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns an array containing the destination address and the value
;                                located at the address.
;                    On Failure - Returns 0
;                    @Error - 0 = No error.
;                            1 = $av_Offset is not an array.
;                            2 = Invalid $ah_Handle.
;                            3 = $sv_Type is not a string.
;                            4 = $sv_Type is an unknown data type.
;                            5 = Failed to allocate the memory needed for the DllStructure.
;                            6 = Error allocating memory for $sv_Type.
;                            7 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):            Values returned are in Decimal format, unless a 'char' type is selected.
;                    Set $av_Offset like this:
;                    $av_Offset[0] = NULL (not used)
;                    $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                    $av_Offset[2] = Offset for pointer 2
;                    etc...
;                    (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')

   If IsArray($av_Offset) Then
      If IsArray($ah_Handle) Then
         Local $iv_PointerCount = UBound($av_Offset) - 1
      Else
         SetError(2)
         Return 0
      EndIf
   Else
      SetError(1)
      Return 0
   EndIf

   Local $iv_Data[2], $i
   Local $v_Buffer = DllStructCreate('dword')

   For $i = 0 To $iv_PointerCount

      If $i = $iv_PointerCount Then
         $v_Buffer = DllStructCreate($sv_Type)
         If @error Then
            SetError(@error + 2)
            Return 0
         EndIf

         $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
         DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(7)
            Return 0
         EndIf

         $iv_Data[1] = DllStructGetData($v_Buffer, 1)

      ElseIf $i = 0 Then
         DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(7)
            Return 0
         EndIf

         $iv_Data[1] = DllStructGetData($v_Buffer, 1)

      Else
         $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
         DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(7)
            Return 0
         EndIf

         $iv_Data[1] = DllStructGetData($v_Buffer, 1)

      EndIf

   Next

   $iv_Data[0] = $iv_Address

   Return $iv_Data

EndFunc  ;==>_MemoryPointerRead


;=================================================================================================
; Function:            _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data(, $sv_Type))
; Description:        Reads a chain of pointers and writes the data to the destination address.
; Parameter(s):        $iv_Address - The static memory address you want to start at. It must be in
;                                  hex format (0x00000000).
;                    $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                    $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                offset.  If there is no offset for a pointer, enter 0 for that
;                                array dimension.
;                    $v_Data - The data to be written.
;                    $sv_Type - (optional) The "Type" of data you intend to write at the destination
;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                default.  See the help file for DllStructCreate for all types.
; Requirement(s):    The $ah_Handle returned from _MemoryOpen.
; Return Value(s):    On Success - Returns the destination address.
;                    On Failure - Returns 0.
;                    @Error - 0 = No error.
;                            1 = $av_Offset is not an array.
;                            2 = Invalid $ah_Handle.
;                            3 = Failed to read from the specified process.
;                            4 = $sv_Type is not a string.
;                            5 = $sv_Type is an unknown data type.
;                            6 = Failed to allocate the memory needed for the DllStructure.
;                            7 = Error allocating memory for $sv_Type.
;                            8 = $v_Data is not in the proper format to be used with the
;                                "Type" selected for $sv_Type, or it is out of range.
;                            9 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):            Data written is in Decimal format, unless a 'char' type is selected.
;                    Set $av_Offset like this:
;                    $av_Offset[0] = NULL (not used, doesn't matter what's entered)
;                    $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                    $av_Offset[2] = Offset for pointer 2
;                    etc...
;                    (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerWrite($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword')

   If IsArray($av_Offset) Then
      If IsArray($ah_Handle) Then
         Local $iv_PointerCount = UBound($av_Offset) - 1
      Else
         SetError(2)
         Return 0
      EndIf
   Else
      SetError(1)
      Return 0
   EndIf

   Local $iv_StructData, $i
   Local $v_Buffer = DllStructCreate('dword')

   For $i = 0 To $iv_PointerCount
      If $i = $iv_PointerCount Then
         $v_Buffer = DllStructCreate($sv_Type)
         If @error Then
            SetError(@error + 3)
            Return 0
         EndIf

         DllStructSetData($v_Buffer, 1, $v_Data)
         If @error Then
            SetError(8)
            Return 0
         EndIf

         $iv_Address = '0x' & Hex($iv_StructData + $av_Offset[$i])
         DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(9)
            Return 0
         Else
            Return $iv_Address
         EndIf
      ElseIf $i = 0 Then
         DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(3)
            Return 0
         EndIf

         $iv_StructData = DllStructGetData($v_Buffer, 1)

      Else
         $iv_Address = '0x' & Hex($iv_StructData + $av_Offset[$i])
         DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
         If @error Then
            SetError(3)
            Return 0
         EndIf

         $iv_StructData = DllStructGetData($v_Buffer, 1)

      EndIf
   Next

EndFunc  ;==>_MemoryPointerWrite


;==================================================================================
; Function:            SetPrivilege( $privilege, $bEnable )
; Description:        Enables (or disables) the $privilege on the current process
;                  (Probably) requires administrator privileges to run
;
; Author(s):        Larry (from autoitscript.com's Forum)
; Notes(s):
; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
;==================================================================================

Func SetPrivilege($privilege, $bEnable)
   Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
   Const $TOKEN_QUERY = 0x0008
   Const $SE_PRIVILEGE_ENABLED = 0x0002
   Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
   $nTokens = 1
   $LUID = DllStructCreate("dword;int")
   If IsArray($privilege) Then $nTokens = UBound($privilege)
   $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
   $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
   $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")
   $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _
         "int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int*", 0)
   If $SP_auxret[0] Then
      $hToken = $SP_auxret[3]
      DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
      $nTokenIndex = 1
      While $nTokenIndex <= $nTokens
         If IsArray($privilege) Then
            $ntokenvar = $nTokenIndex - 1 ;;modify
            $priv = $privilege[$ntokenvar]
         Else
            $priv = $privilege
         EndIf
         $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _
               "ptr", DllStructGetPtr($LUID))
         If $ret[0] Then
            If $bEnable Then
               DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex))
            Else
               DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex))
            EndIf
            DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1)
            DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2)
            DllStructSetData($LUID, 1, 0)
            DllStructSetData($LUID, 2, 0)
         EndIf
         $nTokenIndex += 1
      WEnd
      $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _
            "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _
            "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0)
      $f = DllCall("kernel32.dll", "int", "GetLastError")
   EndIf
   $NEWTOKEN_PRIVILEGES = 0
   $TOKEN_PRIVILEGES = 0
   $LUID = 0
   If $SP_auxret[0] = 0 Then Return 0
   $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken)
   If Not $ret[0] And Not $SP_auxret[0] Then Return 0
   Return $ret[0]
EndFunc  ;==>SetPrivilege


;===================================================================================================
; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                              process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                      |0 = Hex (Default)
;                      |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                  |1 = Invalid $ah_Handle.
;                  |2 = Failed to find correct allocation address.
;                  |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
; Note(s).........:  Go to [You must be registered and logged in to see this link.] for the latest version of CheatEngine.
;===================================================================================================

Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0)

   Local $iv_Address = 0x00100000
   Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
   Local $vData
   Local $vType

   If Not IsArray($ah_Handle) Then
      SetError(1)
      Return 0
   EndIf


   DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))

   If Not @error Then

      $vData = Hex(DllStructGetData($v_Buffer, 2))
      $vType = Hex(DllStructGetData($v_Buffer, 3))

      While $vType <> "00000080"
         DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
         $vData = Hex(DllStructGetData($v_Buffer, 2))
         $vType = Hex(DllStructGetData($v_Buffer, 3))
         If Hex($iv_Address) = "01000000" Then ExitLoop
         $iv_Address += 65536

      WEnd

      If $vType = "00000080" Then
         SetError(0)
         If $iHexDec = 1 Then
            Return Dec($vData)
         Else
            Return $vData
         EndIf

      Else
         SetError(2)
         Return 0
      EndIf

   Else
      SetError(3)
      Return 0
   EndIf

EndFunc  ;==>_MemoryGetBaseAddress


Func _MemoryModuleGetBaseAddress($iPID, $sModule)
   If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

   If Not IsString($sModule) Then Return SetError(2, 0, 0)

   Local $PSAPI = DllOpen("psapi.dll")

   ;Get Process Handle
   Local $hProcess
   Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

   If $iPID > 0 Then
      Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
      If $hProcess[0] Then
         $hProcess = $hProcess[0]
      EndIf
   EndIf

   ;EnumProcessModules
   Local $Modules = DllStructCreate("ptr[1024]")
   Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
   If $aCall[4] > 0 Then
      Local $iModnum = $aCall[4] / 4
      Local $aTemp
      For $i = 1 To $iModnum
         $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
         If $aTemp[3] = $sModule Then
            DllClose($PSAPI)
            Return Ptr(DllStructGetData($Modules, 1, $i))
         EndIf
      Next
   EndIf

   DllClose($PSAPI)
   Return SetError(-1, 0, 0)

EndFunc  ;==>_MemoryModuleGetBaseAddress


;============================================================================================
; MemReadDLL - Function
;    Quick way of accessing a module offset.
;============================================================================================

Func _MemReadDLL($dll, $offset, $ah_Handle, $sv_Type = 'dword')
   $StaticOffset = Dec($offset)
   $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
   $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
   $MemTest = _MemoryRead($finalADDR, $ah_Handle, $sv_Type)
   Return $MemTest
EndFunc  ;==>_MemReadDLL


;============================================================================================
; MemWriteDLL - Function
;    Quick way of writing to a module offset.
;============================================================================================

Func _MemWriteDLL($dll, $offset, $value, $ah_Handle, $sv_Type = 'dword')
   $StaticOffset = Dec($offset)
   $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
   $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
   $MemTest = _MemoryWrite($finalADDR, $ah_Handle, $value, $sv_Type)
   Return $MemTest
EndFunc  ;==>_MemWriteDLL


;============================================================================================
; MemWriteDLLByteArray - Function
;   Writes an array of bytes to memory
;============================================================================================

Func _MemWriteDLLByteArray($dll, $offset, $ah_Handle, $v_Array)
   Local $StaticOffset = Dec($offset)
   Local $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
   Local $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
   Local $MemTest = _MemoryWriteByteArray($finalADDR, $ah_Handle, $v_Array)
   Return $MemTest
EndFunc  ;==>_MemWriteDLLByteArray


;============================================================================================
; _MemoryWriteByteArray - Function
;   Writes an array of bytes to memory
;============================================================================================

Func _MemoryWriteByteArray($iv_Address, $ah_Handle, $v_Array)
   If Not IsArray($ah_Handle) Then
      SetError(1)
      Return 0
   EndIf

   If Not IsArray($v_Array) Then
      Return 0
   EndIf

   Local $eMax = UBound($v_Array)
   Local $byteString = ""
   For $i = 0 To $eMax - 1
      $byteString = $byteString & "byte;"
   Next
   Local $v_Buffer = DllStructCreate($byteString)
   If @error Then
      Return 0
   Else
      For $i = 1 To $eMax
         DllStructSetData($v_Buffer, $i, $v_Array[$i - 1])
         If @error Then
            Return 0
         EndIf
      Next
   EndIf
   DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
   If Not @error Then
      Return 1
   Else
      SetError(7)
      Return 0
   EndIf
EndFunc  ;==>_MemoryWriteByteArray


[b]; @@@@@@@@@@@@@@@@@ Freeze.au3 @@@@@@@@@@@@@@@@@  (Freeze.au3 ==>> NomadMemoryPSsix_Modified.au3)[/b]
[b]; นำ Function จากไฟล์ Freeze.au3 มาใส่ใน NomadMemoryPSsix_Modified.au3 ครับ[/b]
[b]; Modified by Arm at http://www.pssix.blogspot.com[/b]
[b];===============================================================================[/b]
[b]; Function Name:    _Freeze_Value()[/b]
[b]; Description:          Freezes a Value just like Cheat Engine[/b]
[b]; Parameter(s):    $Address - Address you want to freesze[/b]
[b];[/b]
[b];               $ID[/b]
[b];                 An array containing the Dll handle and the handle[/b]
[b];               of the open process as returned by _MemoryOpen()[/b]
[b];[/b]
[b];                  $Value - Value you want to freeze it at[/b]
[b];[/b]
[b];               $sv_Type - (optional) The "Type" of value you intend to read.[/b]
[b];               This is set to 'dword'(32bit(4byte) signed integer)[/b]
[b];               by default.  See the help file for DllStructCreate[/b]
[b];               for all types.  An example: If you want to read a[/b]
[b];               word that is 15 characters in length, you would use[/b]
[b];               'char[16]' since a 'char' is 8 bits (1 byte) in size.[/b]
[b];[/b]
[b];               Your main While 1 loop in the Script duplicated, put into a function [/b]
[b];[/b]
[b]; Return Value(s):  Success = Freezes Value[/b]
[b]; Author(s):  Liiten \ tri407tiny[/b]
[b];===============================================================================[/b]

[b]Func _Freeze_Value($ID, $Address, $value, $mainloop)[/b]
[b]   SetPrivilege("SeDebugPrivilege", 1)[/b]
[b]   $M1 = _Memoryread($Address)[/b]
[b]   if $M1 <> $Value then [/b]
[b]      while 1[/b]
[b]      _memorywrite($ID, $address, $Value)[/b]
[b]      $mainloop ()[/b]
[b]      WEnd[/b]
[b]   EndIf[/b]
[b]EndFunc[/b]


#endregion _Memory
em218 em233 ชินจัง
ดาวน์โหลด..เล้ย ไฟล์ NomadMemoryPSsix_Modified.au3 ครับ (คลิกตรงนี้แหละ ^^)

    เวลาขณะนี้ 29/05/17, 09:09 am