new _Mem functions

[NegativeNrG]

hmm, so if you want to write double, it would be

$double = DllStructCreate('double') 
DllStructSetData($double,1,0xVALUE)
_MemWrite($pid,0xADDRESS,$double)

?

Edited May 27, 2006 by NegativeNrG

[Nomad]

ASCII To Decimal Conversion And Back Again

(As seen in SciTE with default colours PS some one should make a script for this would be handy for posting code on forums )

#include <string.au3>

$Process = "egprocess.exe"

$Pid = ProcessExists($Process)

$h_open = _MemOpen($pid)

$ASCII = _MemRead($h_open, 0x77D67807,0)

;~ ASCII To Decimal

$ASCII = "*/"

$Temp = _StringReverse($ASCII)

$Temp = _StringToHex($Temp)

$dec = Dec($Temp)

MsgBox(0, "ASCII To Decimal", "ASCII: " & $ASCII & @LF & "Hex: " & $Temp & @LF & "Decimal: " & $dec)

;~ Decimal To ASCII

$dec = 12074

$Hex = Hex($dec,8)

$Temp = _HexToString($Hex)

$ASCII = _StringReverse($Temp)

MsgBox(0, "Decimal To ASCII", "Decimal: " & $dec & @LF & "Hex: " & $Hex & @LF & "ASCII: " & $ASCII)

_________________________________________________________________________________________________

@Analritter

No problems and Cheers NOTE: Your code is too far advanced compared to my level of AutoIt at the moment. But i am in to memory editing with other programs and botting with AutoIt so i would love to have them both rolled into the one program (i sorta understand memory editing and Cheat Engine 5.2 makes it easy)

@w0uter

Would you be able to look into getting the "_MemWrite" Working as this would be a very useful feature. The only feature that i can really use these for at the moment is just like a stats program on the application but no real editing of these values

Thanks!! I didn't realize the output was in ASCII and needed converted.

[erifash]

well i think u need also float values to write a teleport-hack...

i would like to see more types of values and not only byte if that would be possible

hmm, so if you want to write double, it would be

$double = DllStructCreate('double') 
DllStructSetData($double,1,0xVALUE)
_MemWrite($pid,0xADDRESS,$double)

?

After looking further into this I modified some of w0uter's functions and now you can use different data types with it. The types were gotten from the AutoIt help file for DllStructCreate(). Append this to w0uter's code to run the example:

expandcollapse popup

Global Const $MEM_STRING = ''
Global Const $MEM_BYTE = 'byte'     ; 1
Global Const $MEM_UBYTE = 'ubyte'   ; 1
Global Const $MEM_CHAR = 'char'     ; 1
Global Const $MEM_SHORT = 'short'   ; 2
Global Const $MEM_USHORT = 'ushort' ; 2
Global Const $MEM_INT = 'int'       ; 4
Global Const $MEM_UINT = 'uint'     ; 4
Global Const $MEM_DWORD = 'dword'   ; 4
Global Const $MEM_UDWORD = 'udword' ; 4
Global Const $MEM_PTR = 'ptr'       ; 4
Global Const $MEM_FLOAT = 'float'   ; 4
Global Const $MEM_DOUBLE = 'double' ; 8
Global Const $MEM_INT64 = 'int64'   ; 8
Global Const $MEM_UINT64 = 'uint64' ; 8



Func _MemReadType( $ah_Mem, $i_Address, $s_Type = '' )
    If $s_Type = $MEM_STRING Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret
        While 1
            DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            If $v_Ret = 0 Then ExitLoop
            $v_Return &= Chr($v_Ret)
            $i_Address += 1
        WEnd
    Else
        Local $v_Struct = DllStructCreate($s_Type)
        DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', _SizeOf($s_Type), 'int', '')
        Local $v_Return = DllStructGetData($v_Struct, 1, 1)
    EndIf
    Return $v_Return
EndFunc  ;==>_MemReadType

Func _MemCreateType( $v_Data, $s_Type = '' )
    If $s_Type = $MEM_STRING Then
        $v_Data = StringSplit($v_Data, '')
        Local $v_Struct = DllStructCreate('byte[' & $v_Data[0] + 1 & ']')
        For $i = 1 To $v_Data[0]
            DllStructSetData($v_Struct, 1, Asc($v_Data[$i]), $i)
        Next
    Else
        Local $v_Struct = DllStructCreate($s_Type)
        DllStructSetData($v_Struct, 1, $v_Data, 1)
    EndIf
    Return $v_Struct
EndFunc  ;==>_MemCreateType

Func _SizeOf( $s_Type )
    Local $v_Struct = DllStructCreate($s_Type), $i_Size = DllStructGetSize($v_Struct)
    $v_Struct = 0
    Return $i_Size
EndFunc  ;==>_SizeOf



$i_Open = _MemOpen(@AutoItPID)
$i_Addr = _MemAlloc($i_Open, _SizeOf($MEM_FLOAT))
_MemWrite($i_Open, $i_Addr, _MemCreateType(-0.12345678912345, $MEM_FLOAT))
MsgBox(0, 'Address: 0x' & $i_Addr, _MemReadType($i_Open, $i_Addr, $MEM_FLOAT))
_MemFree($i_Open, $i_Addr)
_MemClose($i_Open)

The only problem with this is that in the example there are junk numbers on the end of the float. W0uter, do you have any insight on this?

Edited June 3, 2006 by erifash

[erifash]

I have updated the code above, as parts of it were confusing and unnecessary. I have no clue what the problem might be. Any ideas?

Edited June 3, 2006 by erifash

[julmae]

mmh anyone know why this happens to me ?

[w0uter]

you have it in 'string' mode

add a number of bytes that it should read.

[zeroZshadow]

i'm kinda new to this udf, so i'm gonna give it a try, but it seems it aint working for me

i know the adress is correct, since Tsearch and cheat engine both give the needed float.

but when i try it with autoit, it returns nothing.

$PID = ProcessExists ( "rbo_ex2.exe" )
$rboMEM = _MemOpen($PID)
ConsoleWrite("memopen"&@CR)
$test = _MemRead($rboMEM,0x00BD3B6F)
ConsoleWrite($test&@CR)

[w0uter]

You also read in 'string' mode.

add a number of bytes that it should read.

[zeroZshadow]

so it should be

_MemRead($rboMEM,0x00BD3B6F,????)

but howmuch bytes is a float ?

i just tryed 4 bytes, and the msg box is just empty

Edited June 13, 2006 by zeroZshadow

[w0uter]

that depends.

float32 = 4 bytes

float64 = 8 bytes

[zeroZshadow]

tryed both now, still NO value returned -.-

i did check if the pid was correct

and if it passed every step

i used:

$PID = ProcessExists ( "rbo_ex2.exe" )
if $PID = 0 Then
    MsgBox(0,"error","could not open file")
    Exit
EndIf
$rboMEM = _MemOpen($PID)
ConsoleWrite("memopen"&@CR)
$test = _MemRead($rboMEM,0x00BD3B6F,8)
MsgBox(0,"debug",$test)

[w0uter]

$test is an array.

i should really document my functions more

Edited June 13, 2006 by w0uter

[zeroZshadow]

ya u should -.- make a nice description per function xD

oke i just tested it

$test[0] gives 0

$test[1] gives (if 8 bytes) -73 (if 4 bytes) 44

but it SHOULD be 6.38543684223533E-41

strange he -.-

Edited June 13, 2006 by zeroZshadow

[zeroZshadow]

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly

[erifash]

I have been fooling around with the idea of a simple memory editor in AutoIt. It uses some of my modified memory functions but it doesn't exactly work. I know that I might not be using these in the correct way and I'm really not all that experienced with the memory functions. Could someone throw any ideas or suggestions my way as to what might the problem be? The code is attached.

Memory_GUI.au3

[xXx]

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly

i dont think this functions can read/write floats..

[zeroZshadow]

really ?? that would suck big time

[xXx]

really ?? that would suck big time

it would but dont be sure that its not possible with this functions ask the coder who did that he might know what it is possible and what not

[w0uter]

it can only read bytes 'out of the box'.

life takes up too much time to make a better version.

you can however just modify the call to make it read floats.

Edited June 20, 2006 by w0uter

[zeroZshadow]

wadda ya mean with, modify the call ?