ARPFre Posted February 26, 2022 Share Posted February 26, 2022 (edited) Good afternoon everyone, I need some information, or just some guidance on how to do it. I searched a lot in the forums, including third-party programs, the "_PDH_" codes here on the AutoIt forum, and even in other compatible developments but I couldn't find the answer even close to what I need. Even using "WMI" and "ObjGet". Some codes even show different Task Manager numbers on Windows. The question is: Is it possible to get USAGE information (in percentage) from the Windows Task Manager (CPU, Memory and Disk) and display (for example) in a Msgbox? Where or how can I get this information to work in AutoIt? Note: CPU and Memory, I found alternatives, but my BIG problem is being DISK USAGE. And these alternatives do not match this number (example image) The farthest I got was through WMI PercentDiskReadTime, but I don't know how to convert the total usage equal to TaskManage to %. Quote $WMIDisk = $objWMIService.ExecQuery("SELECT * FROM Win32_PerfRawData_PerfDisk_LogicalDisk", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) For $objItem99 In $WMIDisk $Idle1 = $objItem99.PercentIdleTime $DiskTime1 = $objItem99.PercentDiskTime $T1 = $objItem99.TimeStamp_Sys100NS $Idle2 = $objItem99.PercentIdleTime $DiskTime2 = $objItem99.PercentDiskTime $T2 = $objItem99.TimeStamp_Sys100NS $PercentIdleTime = Round((($Idle2 - $Idle1) / ($T2 - $T1)) * 10000000) $PercentDiskTime = Round((($DiskTime2 - $DiskTime1) / ($T2 - $T1)) * 10000000) MsgBox(0,0,$PercentIdleTime,0) msgbox(0,0,$PercentDiskTime,0) Next Edited February 26, 2022 by ARPFre Link to comment Share on other sites More sharing options...
ad777 Posted March 7, 2022 Share Posted March 7, 2022 (edited) @ARPFre you can use MemoryScan.See Below Note:remmber that wchar: read unicode string but char read non unicode Array's of TaskManger Text's Unicode on Win 7: Cpu Usage:43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 Physical Memory:50 00 68 00 79 00 73 00 69 00 63 00 61 00 6C 00 20 00 4D 00 65 00 6D 00 6F 00 72 00 79 Array's of TaskManger Text's Non Unicode on Win 7: Cpu Usage:43 50 55 20 55 73 61 67 65 Physical Memory:50 68 79 73 00 69 63 61 6C 20 4D 65 6D 6F 72 79 Array's of TaskManger Text's Unicode on Win 10: Cpu:43 00 50 00 55 00 20 00 or 43 00 50 00 55 00 20 or 43 00 50 00 55 00 Disco:44 00 69 00 73 00 63 00 6f Array's of TaskManger Text's Non Unicode on Win 10: Cpu:43 50 55 20 or 43 50 55 20 or 43 50 55 Disco:44 69 73 63 6f you can get those array's non unicode:below script: (if it's Unicode you need to inc 00 after every 2 byte MsgBox(0, "", _StringToHex("CPU Usage:")) just change array of :_MemoryScan(...,"43 00 50 00 55",....) to above array: Note:you might want to change type of data to read if it was unicode use:"wchar[255]" else if it's non unicode then "char[255]" from below script: expandcollapse popupGlobal $iPID = ProcessList("taskmgr.exe");;process name for task manger #include <ProcessConstants.au3> #include <WinAPIProc.au3> #include <String.au3> #RequireAdmin SetPrivilege("SeDebugPrivilege", 1) ;MsgBox(0, "", _StringToHex("CPU Usage:"));;get hex just increse 00 after every 2 bit to order to work for Unicode if string is Unicode else..don't ;;;for CPU Usage array is:43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 00 3A 00 20 string as Unicode(hex unicode) Global $hMem = _MemoryOpen($iPID[1][1]) $Result = _MemoryScan($hMem, "43 00 50 00 55 00 20 00 55 00 73 00 61 00 67 00 65 00 3A 00 20", False, 0x00000000, _WinAPI_EnumProcessModules($iPID[1][1])[1][0]) $TResutl = _MemoryRead($Result, $hMem, "wchar[100]") ;;;read text from address MsgBox(64, "", $TResutl) ;;;show CPU Usage:%d%% Message Func _MemoryScan($ah_Handle, $pattern, $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0X0FFFFFFF, $step = 51200) If Not IsArray($ah_Handle) Then SetError(1) Return -1 EndIf $pattern = StringRegExpReplace($pattern, "[^0123456789ABCDEFabcdef.]", "") If StringLen($pattern) = 0 Then SetError(2) Return -2 EndIf For $addr = $iv_addrStart To $iv_addrEnd Step $step - (StringLen($pattern) / 2) StringRegExp(_MemoryRead($addr, $ah_Handle, "byte[" & $step & "]"), $pattern, 1, 2) If Not @error Then If $after Then Return StringFormat("0x%.8X", $addr + ((@extended - 2) / 2)) Else Return StringFormat("0x%.8X", $addr + ((@extended - StringLen($pattern) - 2) / 2)) EndIf EndIf Next Return -3 EndFunc ;==>_MemoryScan ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion ################################################################### or you can use below tool to give address: expandcollapse popup#include <ProcessConstants.au3> #include <WinAPIProc.au3> #include <String.au3> #include <ComboConstants.au3> #include <EditConstants.au3> #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <String.au3> #include <GuiEdit.au3> #include <WinAPI.au3> Global $Open, $Process_Text OnAutoItExitRegister("_Detach") Opt("GUIOnEventMode", 1) Global $processname = "taskmgr.exe" $hGUI = GUICreate("", 509, 316, -1, -1) GUISetOnEvent(-3, "_Exit") $Adress_Array = GUICtrlCreateEdit("", 4, 4, 209, 305, BitOR($GUI_SS_DEFAULT_EDIT, $ES_READONLY)) GUICtrlSetData(-1, "") $Scan_Button = GUICtrlCreateButton("Scan", 220, 4, 75, 25) $Text_Label = GUICtrlCreateLabel("Text:", 260, 40, 28, 17) $Text_Input = GUICtrlCreateInput("", 292, 36, 209, 21) $Value_Type_Label = GUICtrlCreateLabel("Value Type:", 228, 68, 58, 17) $Memory_Group = GUICtrlCreateGroup("Memory Scan Options", 220, 92, 281, 81) $Start_Label = GUICtrlCreateLabel("Start:", 228, 116, 29, 17) $Start_Adress_Input = GUICtrlCreateInput("0x00000000", 268, 116, 225, 21) $Stop_Label = GUICtrlCreateLabel("Stop:", 228, 148, 29, 17) $Stop_Adress_Input = GUICtrlCreateInput("0x0FFFFFFF", 268, 140, 225, 21) GUICtrlCreateGroup("", -99, -99, 1, 1) $Type_Combo = GUICtrlCreateCombo("String", 292, 64, 209, 25) GUICtrlSetData(-1, "Array of Byte") GUISetState(@SW_SHOW, $hGUI) GUICtrlSetOnEvent($Scan_Button, "_Scan") AdlibRegister("_Process") While 1 Sleep(100) WEnd Func _Detach() _MemoryClose($Open) EndFunc ;==>_Detach Func _Scan() If GUICtrlRead($Type_Combo) = "String" = 1 Then $String_Text = GUICtrlRead($Text_Input) $Text_AoB = _StringToArrayOfByte($String_Text) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $Text_AoB, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 ElseIf GUICtrlRead($Type_Combo) = "Array of Byte" = 1 Then _GUICtrlEdit_SetText($Adress_Array, "") $String_Text = GUICtrlRead($Text_Input) $Adress_Start = GUICtrlRead($Start_Adress_Input) $Adress_End = GUICtrlRead($Stop_Adress_Input) Do $Result = _MemoryScan($Open, $String_Text, False, $Adress_Start, $Adress_End) If $Result = -3 Then ExitLoop Else _GUICtrlEdit_InsertText($Adress_Array, $Result & @CRLF, -1) EndIf $Adress_Start = $Result + 1 Until $Result = -3 EndIf EndFunc ;==>_Scan Func _Process() If ProcessExists($processname) > 0 Then $Open = _MemoryOpen(ProcessExists($processname)) ToolTip("ATTACHED") AdlibRegister("_Wait_for_close", 750) AdlibUnRegister("_Process") EndIf EndFunc ;==>_Process Func _Wait_for_close() If Not ProcessExists($processname) = 1 Then AdlibRegister("_Process") AdlibUnRegister("_Wait_for_close") EndIf EndFunc ;==>_Wait_for_close Func _Exit() Exit EndFunc ;==>_Exit Func _MemoryScan($ah_Handle, $pattern, $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0X0FFFFFFF, $step = 51200) If Not IsArray($ah_Handle) Then SetError(1) Return -1 EndIf $pattern = StringRegExpReplace($pattern, "[^0123456789ABCDEFabcdef.]", "") If StringLen($pattern) = 0 Then SetError(2) Return -2 EndIf For $addr = $iv_addrStart To $iv_addrEnd Step $step - (StringLen($pattern) / 2) StringRegExp(_MemoryRead($addr, $ah_Handle, "byte[" & $step & "]"), $pattern, 1, 2) If Not @error Then If $after Then Return StringFormat("0x%.8X", $addr + ((@extended - 2) / 2)) Else Return StringFormat("0x%.8X", $addr + ((@extended - StringLen($pattern) - 2) / 2)) EndIf EndIf Next Return -3 EndFunc ;==>_MemoryScan Func _StringToArrayOfByte($String) Local $AoB = StringToBinary($String) Local $AntiHex = _StringBetween($AoB, "0x", "") Return $AntiHex[0] EndFunc ;==>_StringToArrayOfByte ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion after it give address you may need to Read Address using: remmber that wchar: read unicode string but char read non unicode expandcollapse popup#include <WinAPIMem.au3> #include <ProcessConstants.au3> #include <WinAPIHObj.au3> #include <WinAPIProc.au3> #include <Array.au3> #include <MsgBoxConstants.au3> #include <WinAPIProc.au3> #include <WinAPISys.au3> #include <WinAPISys.au3> #include <String.au3> #RequireAdmin Global $iPID = ProcessList("taskmgr.exe") SetPrivilege("SeDebugPrivilege", 1) ;;;read address as wchar[255] = unicode or char[255] = non unicode Global $hMem = _MemoryOpen($iPID[1][1]) Local $address = 0x000000 $TResutl = _MemoryRead($address, $hMem, "wchar[255]") MsgBox(64, "", $TResutl) ;;;show CPU Usage ;================================================================================== ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================== ; Credits: wOuter - These functions are based on his original _Mem() functions. ; But they are easier to comprehend and more reliable. These ; functions are in no way a direct copy of his functions. His ; functions only provided a foundation from which these evolved. ;================================================================================== ; ; Functions: ; ;================================================================================== ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the ; process. The Process ID of the process is used to specify which ; process to open. You must call this function before calling ; _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which ; enables all possible access rights to the ; process specified by the Process ID. ; $iv_InheritHandle - (optional) If this value is TRUE, all processes ; created by this process will inherit the access ; handle. Set to 1 (TRUE) by default. Set to 0 ; if you want it FALSE. ; Requirement(s): None. ; Return Value(s): On Success - Returns an array containing the Dll handle and an ; open handle to the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid) If @error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;==>_MemoryOpen ;================================================================================== ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must ; be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to read a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a ; 'char' type, then they are returned in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;==>_MemoryRead ;================================================================================== ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address which you want to write to. ; It must be in hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. ; This is set to 'dword'(32bit(4byte) signed integer) ; by default. See the help file for DllStructCreate ; for all types. An example: If you want to write a ; word that is 15 characters in length, you would use ; 'char[16]' since a 'char' is 8 bits (1 byte) in size. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a ; 'char' type, then they must be in ASCII format. Also note ; that size ('char[size]') for all 'char' types should be 1 ; greater than the actual size. ;================================================================================== Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;==>_MemoryWrite ;================================================================================== ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle ; of the open process as returned by _MemoryOpen(). ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================== Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;==>_MemoryClose ;================================================================================== ; Function: SetPrivilege( $privilege, $bEnable ) ; Description: Enables (or disables) the $privilege on the current process ; (Probably) requires administrator privileges to run ; ; Author(s): Larry (from autoitscript.com's Forum) ; Notes(s): ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999 ;================================================================================== Func SetPrivilege($privilege, $bEnable) Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $MY_TOKEN_QUERY = 0x0008 Const $MY_SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], _ "int", BitOR($MY_TOKEN_ADJUST_PRIVILEGES, $MY_TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $MY_SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege #EndRegion Edited March 8, 2022 by ad777 Rurorita 1 iam ِAutoit programmer. best thing in life is to use your Brain to Achieve everything you want. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now