Leaderboard

It was copied code form some github project. It can happen even when you copy things from internet.

@ARPFre you can use MemoryScan.See Below Note:remmber that wchar: read unicode string but char read non unicode Array's of TaskManger Text's Unicode on Win 7: Cpu Usage:43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 Physical Memory:50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 20 00 4D 00 65 00 6D 00 6F 00 72 00 79 Array's of TaskManger Text's Non Unicode on Win 7: Cpu Usage:43 50 55 20 55 73 61 67 65 Physical Memory:50 68 79 73 00 69 63 61 6C 20 4D 65 6D 6F 72 79 Array's of TaskManger Text's Unicode on Win 10: Cpu:43 00 50 00 55 00 20 00 or 43 00 50 00 55 00 20 or 43 00 50 00 55 00 Disco:44 00 69 00 73 00 63 00 6f Array's of TaskManger Text's Non Unicode on Win 10: Cpu:43 50 55 20 or 43 50 55 20 or 43 50 55 Disco:44 69 73 63 6f you can get those array's non unicode:below script: (if it's Unicode you need to inc 00 after every 2 byte MsgBox(0, "", _StringToHex("CPU Usage:")) just change array of :_MemoryScan(...,"43 00 50 00 55",....) to above array: Note:you might want to change type of data to read if it was unicode use:"wchar[255]" else if it's non unicode then "char[255]" from below script: Global $iPID = ProcessList("taskmgr.exe");;process name for task manger #include <ProcessConstants.au3> #include <WinAPIProc.au3> #include <String.au3> #RequireAdmin SetPrivilege("SeDebugPrivilege", 1) ;MsgBox(0, "", _StringToHex("CPU Usage:"));;get hex just increse 00 after every 2 bit to order to work for Unicode if string is Unicode else..don't ;;;for CPU Usage array is:43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 00 3A 00 20 string as Unicode(hex unicode) Global $hMem = _MemoryOpen($iPID[1][1]) $Result = _MemoryScan($hMem, "43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 00 3A 00 20", False, 0x00000000, _WinAPI_EnumProcessModules($iPID[1][1])[1][0]) $TResutl = _MemoryRead($Result, $hMem, "wchar[100]") ;;;read text from address MsgBox(64, "", $TResutl) ;;;show CPU Usage:%d%% Message Func _MemoryScan($ah_Handle, $pattern, $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0X0FFFFFFF, $step = 51200) If Not IsArray($ah_Handle) Then SetError(1) Return -1 EndIf $pattern = StringRegExpReplace($pattern, "[^0123456789ABCDEFabcdef.]", "") If StringLen($pattern) = 0 Then SetError(2) Return -2 EndIf For $addr = $iv_addrStart To $iv_addrEnd Step $step - (StringLen($pattern) / 2) StringRegExp(_MemoryRead($addr, $ah_Handle, "byte[" & $step & "]"), $pattern, 1, 2) If Not @error Then If $after Then Return StringFormat("0x%.8X", $addr + ((@extended - 2) / 2)) Else Return StringFormat("0x%.8X", $addr + ((@extended - StringLen($pattern) - 2) / 2)) EndIf EndIf Next Return -3 EndFunc ;==>_MemoryScan ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion ################################################################### or you can use below tool to give address: #include <ProcessConstants.au3> #include <WinAPIProc.au3> #include <String.au3> #include <ComboConstants.au3> #include <EditConstants.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <String.au3> #include <GuiEdit.au3> #include <WinAPI.au3> Global $Open, $Process_Text OnAutoItExitRegister("_Detach") Opt("GUIOnEventMode", 1) Global $processname = "taskmgr.exe" $hGUI = GUICreate("", 509, 316, -1, -1) GUISetOnEvent(-3, "_Exit") $Adress_Array = GUICtrlCreateEdit("", 4, 4, 209, 305, BitOR($GUI_SS_DEFAULT_EDIT, $ES_READONLY)) GUICtrlSetData(-1, "") $Scan_Button = GUICtrlCreateButton("Scan", 220, 4, 75, 25) $Text_Label = GUICtrlCreateLabel("Text:", 260, 40, 28, 17) $Text_Input = GUICtrlCreateInput("", 292, 36, 209, 21) $Value_Type_Label = GUICtrlCreateLabel("Value Type:", 228, 68, 58, 17) $Memory_Group = GUICtrlCreateGroup("Memory Scan Options", 220, 92, 281, 81) $Start_Label = GUICtrlCreateLabel("Start:", 228, 116, 29, 17) $Start_Adress_Input = GUICtrlCreateInput("0x00000000", 268, 116, 225, 21) $Stop_Label = GUICtrlCreateLabel("Stop:", 228, 148, 29, 17) $Stop_Adress_Input = GUICtrlCreateInput("0x0FFFFFFF", 268, 140, 225, 21) GUICtrlCreateGroup("", -99, -99, 1, 1) $Type_Combo = GUICtrlCreateCombo("String", 292, 64, 209, 25) GUICtrlSetData(-1, "Array of Byte") GUISetState(@SW_SHOW, $hGUI) GUICtrlSetOnEvent($Scan_Button, "_Scan") AdlibRegister("_Process") While 1 Sleep(100) WEnd Func _Detach() _MemoryClose($Open) EndFunc ;==>_Detach Func _Scan() If GUICtrlRead($Type_Combo) = "String" = 1 Then $String_Text = GUICtrlRead($Text_Input) $Text_AoB = _StringToArrayOfByte($String_Text) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $Text_AoB, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 ElseIf GUICtrlRead($Type_Combo) = "Array of Byte" = 1 Then _GUICtrlEdit_SetText($Adress_Array, "") $String_Text = GUICtrlRead($Text_Input) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $String_Text, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 EndIf EndFunc ;==>_Scan Func _Process() If ProcessExists($processname) > 0 Then $Open = _MemoryOpen(ProcessExists($processname)) ToolTip("ATTACHED") AdlibRegister("_Wait_for_close", 750) AdlibUnRegister("_Process") EndIf EndFunc ;==>_Process Func _Wait_for_close() If Not ProcessExists($processname) = 1 Then AdlibRegister("_Process") AdlibUnRegister("_Wait_for_close") EndIf EndFunc ;==>_Wait_for_close Func _Exit() Exit EndFunc ;==>_Exit Func _MemoryScan($ah_Handle, $pattern, $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0X0FFFFFFF, $step = 51200) If Not IsArray($ah_Handle) Then SetError(1) Return -1 EndIf $pattern = StringRegExpReplace($pattern, "[^0123456789ABCDEFabcdef.]", "") If StringLen($pattern) = 0 Then SetError(2) Return -2 EndIf For $addr = $iv_addrStart To $iv_addrEnd Step $step - (StringLen($pattern) / 2) StringRegExp(_MemoryRead($addr, $ah_Handle, "byte[" & $step & "]"), $pattern, 1, 2) If Not @error Then If $after Then Return StringFormat("0x%.8X", $addr + ((@extended - 2) / 2)) Else Return StringFormat("0x%.8X", $addr + ((@extended - StringLen($pattern) - 2) / 2)) EndIf EndIf Next Return -3 EndFunc ;==>_MemoryScan Func _StringToArrayOfByte($String) Local $AoB = StringToBinary($String) Local $AntiHex = _StringBetween($AoB, "0x", "") Return $AntiHex[0] EndFunc ;==>_StringToArrayOfByte ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion after it give address you may need to Read Address using: remmber that wchar: read unicode string but char read non unicode #include <WinAPIMem.au3> #include <ProcessConstants.au3> #include <WinAPIHObj.au3> #include <WinAPIProc.au3> #include <Array.au3> #include <MsgBoxConstants.au3> #include <WinAPIProc.au3> #include <WinAPISys.au3> #include <WinAPISys.au3> #include <String.au3> #RequireAdmin Global $iPID = ProcessList("taskmgr.exe") SetPrivilege("SeDebugPrivilege", 1) ;;;read address as wchar[255] = unicode or char[255] = non unicode Global $hMem = _MemoryOpen($iPID[1][1]) Local $address = 0x000000 $TResutl = _MemoryRead($address, $hMem, "wchar[255]") MsgBox(64, "", $TResutl) ;;;show CPU Usage ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion