How to Collect Samples for 32-bit Memory Reading Development

This post explains how to record an example of a game client. Such examples can be used to test a bot and to support the development of memory reading frameworks.

The tool we use in this guide works only for 32-bit processes. 32-bit processes are marked as such in the Windows Task Manager in the name column.
image

If you are working with 64-bit processes, switch to the guide at Sanderling/how-to-collect-samples-for-64-bit-memory-reading-development.md at main · Arcitectus/Sanderling · GitHub

The process measurement tool copies the memory contents of a choosen Windows process (such as a game client) and takes a screenshot from its main window and writes those to a file. This data is used in development to correlate screen contents with memory contents.

Steps to collect a sample:

  • choose the source process in the “source” tab. Currently, the only way to choose a process is by selecting its main window. To select the window, tick the checkbox next to the label “pick next focused window” and then focus the window of the process to be read from. If selection was successful, the title of the selected window appears under “last picked window”.
  • take the measurement. This is started by clicking the button “take measurement” in the tab “Measurement”. This might take a few seconds and freeze the UI.
  • write the measurement to a file: Open windows explorer and choose a directory where the file should be placed. Drag and drop the destination directory on the button “write to file” in the tab “Measurement”. Compression of measurement happens in this stage, thus it will take some processing time and the resulting file is often smaller than the process size.
    The file dropping might not work if you choose “Run as Administrator” to run the tool or use not the same windows user account as used for windows explorer.
  • verify the measurement: You should see a PNG file named Client.Raster.png in the directory MainWindow which shows a screenshot of the main window.

Things to keep in mind:

  • The measurement will not contain the state of the process at a point in time because taking the measurement takes time.
  • The time it takes to take a measurement or to write it to a file depends on the amount of memory allocated by the process. In some applications, memory usage will increase over time. In such cases the process can be sped up by restarting the application. In many games, reducing graphic quality settings (e.g., texture resolution) can also help to reduce the amount of allocated memory.

You can download the tool from https://botengine.blob.core.windows.net/blob-library/by-name/2019-02-02.WindowsProcessMeasurement.zip

The gif below shows how the whole procedure works:

2 Likes

I added a visual feedback after taking a measurement:

Je bloque a l’étape : write the measurement to a file: drop the destination file or directory on the button “write to file” in the tab “Measurement”. Compression of measurement happens in this stage, thus it will take some processing time and the resulting file is often smaller than the process size.

La souri quand je passe près du bouton “drop file here to write to file” avec un dossier ou un fichier affiche un rond avec une barre en diagonale pour signaler que je ne peux pas.

-Win 10

-Executé en tant qu’Admin

J’ai suivi les étapes à la lettre!

Je bloque a l’étape : write the measurement to a file: drop the destination file or directory on the button “write to file” in the tab “Measurement”. Compression of measurement happens in this stage, thus it will take some processing time and the resulting file is often smaller than the process size.

La souri quand je passe près du bouton “drop file here to write to file” avec un dossier ou un fichier affiche un rond avec une barre en diagonale pour signaler que je ne peux pas.

-Win 10

-Executé en tant qu’Admin

I am not sure about the meaning of "passe près du bouton". being just near the button is not enough, it has to be over the button.

With this constraint, I cannot reproduce the problem you describe. I have no idea what could be the significant difference between our setups.

Pour une raison que j’ignore je l’ai executé sans cliquer sur “executer en mode administrateur” et cela a fonctionner!

2 Likes

I am not sure if you are aware that the ProcessMeasure program you have authored will not let you drop files.

I have tried several times to drop a file, and/or a directory on your button.  As in your gif video you will notice that you get the universal sign for no (the circle with a slash) if you are not on the target of your button.

For my actions I never get the icon to change so therefore I am unable to get your program to log to a file.

Thank you

1 Like

Hello Maniac,

for security reasons, windows isolates user accounts. This includes drag&drop operations. Therefore the drag and drop might be blocked when the participating processes do not belong to the same windows user account. Similar restrictions might apply if you use the “Run as Administrator” option to start one of the participating processes.

I expanded the walktrough guide in the first post to reflect this.