Understanding memory reading

So basically im trying to understand how memory reading works.

Before joining the forum i was already learning c++ and reading some books/forums(unknowncheats) and i have basic knowledge of how it works.

But everything i read till now uses a memory scanner to get pointers/ base address etc.

In those guides you are finding UI elements by ctypes of python not by reading Memory Offsets

For example in other games i see, they usually search offsets with cheat engine and after that in the code they read those offsets, getting values in memory that they can read or edit.
class offsets
__int32 LocalPlayer;
__int32 BaseAddress = 0x400000;
__int32 OffsetLocalPlayer = 0x10F4F4;
WORD m_Ammo = 0x0150;

But here you are not doing this, i tried to understand whats going on in the code(i know java, python and c++ , this last just a little started some weeks ago)

And Its unfamiliar to me cause i dont see any static offsets etc.

So if someone can explain to me or point me how to for example read memory or get UI element position, i would aprecciate.

I have done this quickly, basically for get base eve addres with just the pid. But i still dont see how you read memory from specific UI element or how you tell the code to read this element or that. Also i used ELM Debugger, i think i would find eve static offsets there, but i dont, and i dont get what information for there can help my code to read memory.

import win32process
import win32api

# first get pid, see the 32-bit solution

my_pid = 17024 
processHandle = win32api.OpenProcess(PROCESS_ALL_ACCESS, False, my_pid)
modules = win32process.EnumProcessModules(processHandle)
base_addr = modules[0]

With this i have pid and base addres, with those 2 i can start reading from procces memory.


Sorry for big post but i want to read memory myself and i need help in:

1-How to actuall get UI tree and navigate under elements.
2-How elm debugger can help in that.

Not surprised to see no answers here so far. Most people skip all this work (and learning) and use the framework which directly gives you the structures of the game client’s user interface.

The approach used in that framework is based on the CPython memory layouts. That is convenient because you can take the offsets as defined in the CPython source code.

For the parts specific for EVE Online, I see a description of the UI tree at Advanced Do It Yourself Memory Reading In EVE Online - #3 by Arcitectus

That post is from the pre-64-bit era, so some of the offsets might have changed in the meantime. Since the low-level reading implementation is open-source, reading that source code seems a reliable way to learn how it works: Sanderling/implement/read-memory-64-bit at 13891fe2031f4bf1d5b022818b9c0103e5e6668c · Arcitectus/Sanderling · GitHub

The Elm debugger is more for the application side of things. For the part up to getting the UI tree, I don’t see a use for the Elm debugger, because that part happens before the values arrive in Elm. I see two flavors of Elm inspection tools: One is the ‘Elm debugger’ coming with the compilation of the frontend in the alternate UI for EVE Online: This is the one we use to inspect changes to the parsing code. Parsing is what apps do after getting the UI tree, to provide a more convenient API to developers: https://to.botengine.org/guide/parsed-user-interface-of-the-eve-online-game-client

The other kind is the general Elm inspection tool, not limited to frontend apps but used to inspect bots and other apps. This one is mostly work in progress for now.

1 Like

is this updated and working?

I compiled and runned and seems that isnt working.

Yeah, i readed that, my problem is not to understand how to get each object or navigate throug the UI tree i think, is how do you actually get it, how do you get all objects that are in the UI tree?

Why? What are you seeing? Does the one you built yourself behave different than the pre-built downloadable executable file?

Yes that post described more the background to understand how it works. For an executable implementation, better use the reference implementation from Sanderling/implement/read-memory-64-bit at 13891fe2031f4bf1d5b022818b9c0103e5e6668c · Arcitectus/Sanderling · GitHub