Hello,
Just recently I used T-search for the first time and I was surprised at how easy it was to find some things.
For this tut, we will be using counterstrike. We will be getting the memory location using Tsearch.
First of all if you don't have Tsearch, I took the time to upload it here: www.valvesupport.info/tsearch_16b.zip
Next step will be to actually start Tsearch. You should be at a screen like so:
From here we will start counter strike. Once you have done that, go ahead and alt + tab back out to this window.
Ok, so we have counter strike loaded, and were ready to go. In Tsearch you should see a huge button called "Open process" go ahead and click that.
Then select "hl.exe".
Ok, now you should be looking for this button (right below Open process)
When you see that button, go ahead and click it. You will now see a few options, let me explain what they mean. (By quoting from another site, to lazy to type those all out)
From here, we need to decide what we want to search. In this case we will be searching for the memory location of "life" in counterstrike.
Go ahead and enter a game in counter strike. (Just make a local server, it will be important for a later step).
Ok, so now you are in game, you should have '100' life. So our life value is 100, thats what we need to search. This will need to be an exact value.
Then, the this will only be one byte as well. In the end it should look like so:
Go ahead and click ok. Now you will see alot of results, but thats ok, we are going to lower those results. The first button we orignaly clicked to search (the magnifying glass..) well directly on the right of that is another button, and thats what we will need to use soon.
Right now, go into counter strike and lose a bit of life. Then click the button I mentioned above ("search next") It will bring up a search box just like before, just fill in all the same as before, except this time for "Value" put in the value of life you currently have. (After losing some, like I said to above) and go and and click ok.
This should greatly narrow your results down, repeat that step to lower then down a bit more if you want.
Now you should be left with something like so:
Thats good, your almost done
ok, now we will go through each of these and figure out which one is our life memory address.
Double click the first memory address out of your list. Doing so will 'transfer' that over to the other side of the screen, so it will look like so:
Then, change the value to '100' and check counter strike again, if your life has moved up to 100, you have just found the addres, repeat these steps on down the list untill you find the correct one. (Transfering the addres on the left side to to the other side of the screen, changing the value to 100, checking CS life)
Evuantly, you will end up with: 1A1BFC8
Congrats! You've just successfully found the memory address you were looking for in Tsearch. The point of this tut is to tell you how to find these addres in Tsearch, not what to do with them, but I will provide some rought example code and ideas anyways.
With the memory location of life in counter strike, you could make a 'life bar' in autoit(C++ readprocessmemory is more affective, and more powerfull, but we will use autoit in this case)
Here is a fully working example code(porrly made by my self in about 10 seconds for this example):
You would need a memory UDF for this, so I'll provide that to:
Just recently I used T-search for the first time and I was surprised at how easy it was to find some things.
For this tut, we will be using counterstrike. We will be getting the memory location using Tsearch.
First of all if you don't have Tsearch, I took the time to upload it here: www.valvesupport.info/tsearch_16b.zip
Next step will be to actually start Tsearch. You should be at a screen like so:
From here we will start counter strike. Once you have done that, go ahead and alt + tab back out to this window.
Ok, so we have counter strike loaded, and were ready to go. In Tsearch you should see a huge button called "Open process" go ahead and click that.
Then select "hl.exe".
Ok, now you should be looking for this button (right below Open process)
When you see that button, go ahead and click it. You will now see a few options, let me explain what they mean. (By quoting from another site, to lazy to type those all out)
From here, we need to decide what we want to search. In this case we will be searching for the memory location of "life" in counterstrike.
Go ahead and enter a game in counter strike. (Just make a local server, it will be important for a later step).
Ok, so now you are in game, you should have '100' life. So our life value is 100, thats what we need to search. This will need to be an exact value.
Then, the this will only be one byte as well. In the end it should look like so:
Go ahead and click ok. Now you will see alot of results, but thats ok, we are going to lower those results. The first button we orignaly clicked to search (the magnifying glass..) well directly on the right of that is another button, and thats what we will need to use soon.
Right now, go into counter strike and lose a bit of life. Then click the button I mentioned above ("search next") It will bring up a search box just like before, just fill in all the same as before, except this time for "Value" put in the value of life you currently have. (After losing some, like I said to above) and go and and click ok.
This should greatly narrow your results down, repeat that step to lower then down a bit more if you want.
Now you should be left with something like so:
Thats good, your almost done
ok, now we will go through each of these and figure out which one is our life memory address.Double click the first memory address out of your list. Doing so will 'transfer' that over to the other side of the screen, so it will look like so:
Then, change the value to '100' and check counter strike again, if your life has moved up to 100, you have just found the addres, repeat these steps on down the list untill you find the correct one. (Transfering the addres on the left side to to the other side of the screen, changing the value to 100, checking CS life)
Evuantly, you will end up with: 1A1BFC8
Congrats! You've just successfully found the memory address you were looking for in Tsearch. The point of this tut is to tell you how to find these addres in Tsearch, not what to do with them, but I will provide some rought example code and ideas anyways.
With the memory location of life in counter strike, you could make a 'life bar' in autoit(C++ readprocessmemory is more affective, and more powerfull, but we will use autoit in this case)
Here is a fully working example code(porrly made by my self in about 10 seconds for this example):
Code:
$Process = 'hl.exe' ;-> Target process
$PID = ProcessExists($Process) ;-> Get Process ID
$Address = 0x1A1BFC8 ;-> Read/write address
$Value = 100 ;-> Value to write
$OpenProcess = _MemOpen(0x38, False, $PID) ;-> Enable reading/writing to the process and get the handle
$v_Read = _MemRead($OpenProcess, $Address, 1) ;-> Read a 1 byte value from the defined address
; MsgBox(0,"Info", "The value of address "&HEX($Address, 8)&" is now: "&$v_Read)
$button = GUICtrlCreateButton ("Start",75,70,70,20)
GUICreate("Counter-Strike life",220,100, 100,200)
$progressbar1 = GUICtrlCreateProgress (10,10,200,20)
GUICtrlSetColor(-1,32250); not working with Windows XP Style
GUISetState ()
While 1
$v_Read = _MemRead($OpenProcess, $Address, 1)
Sleep(10)
GUICtrlSetData ($progressbar1,$v_read)
Wend
_MemClose($OpenProcess)You would need a memory UDF for this, so I'll provide that to:
Code:
Func _MemRead($i_hProcess, $i_lpBaseAddress, $i_nSize, $v_lpNumberOfBytesRead = '')
Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
DllCall('kernel32.dll', 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
Local $v_Return = DllStructGetData ($v_Struct, 1)
$v_Struct=0
Return $v_Return
EndFunc ;==> _MemRead()
Func _MemWrite($i_hProcess, $i_lpBaseAddress, $v_Inject, $i_nSize, $v_lpNumberOfBytesRead = '')
Local $v_Struct = DllStructCreate ('byte[' & $i_nSize & ']')
DllStructSetData ($v_Struct, 1, $v_Inject)
$i_Call = DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
$v_Struct=0
Return $i_Call[0]
EndFunc ;==> _MemWrite()
Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)
$ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
If @error Then
SetError(1)
Return 0
EndIf
Return $ai_Handle[0]
EndFunc ;==> _MemOpen()
Func _MemClose($i_hProcess)
$av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
Return $av_CloseHandle[0]
EndFunc ;==> _MemClose()
