Nomad Posted June 29, 2006 Share Posted June 29, 2006 (edited) These are some _Memory UDF's I've been using personally. They are based on wOuter's original concept, but are not a direct copy of his functions. I had to modify his functions to get them to work for a project I was working on, and since I had to do so much research to modify them, I decided to take it an extra step and turn them into these improved UDF's. In my opinion, these are much more user friendly.I'll let the functions speak for themself:expandcollapse popup#include-once #region _Memory ;================================================================================================= ; AutoIt Version: 3.1.127 (beta) ; Language: English ; Platform: All Windows ; Author: Nomad ; Requirements: These functions will only work with beta. ;================================================================================================= ; Credits: wOuter - These functions are based on his original _Mem() functions. But they are ; easier to comprehend and more reliable. These functions are in no way a direct copy ; of his functions. His functions only provided a foundation from which these evolved. ;================================================================================================= ; ; Functions: ; ;================================================================================================= ; Function: _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]]) ; Description: Opens a process and enables all possible access rights to the process. The ; Process ID of the process is used to specify which process to open. You must ; call this function before calling _MemoryClose(), _MemoryRead(), or _MemoryWrite(). ; Parameter(s): $iv_Pid - The Process ID of the program you want to open. ; $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which enables all ; possible access rights to the process specified by the ; Process ID. ; $if_InheritHandle - (optional) If this value is TRUE, all processes created by ; this process will inherit the access handle. Set to TRUE ; (1) by default. Set to 0 if you want it to be FALSE. ; Requirement(s): A valid process ID. ; Return Value(s): On Success - Returns an array containing the Dll handle and an open handle to ; the specified process. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $iv_Pid. ; 2 = Failed to open Kernel32.dll. ; 3 = Failed to open the specified process. ; Author(s): Nomad ; Note(s): ;================================================================================================= Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1) If Not ProcessExists($iv_Pid) Then SetError(1) Return 0 EndIf Local $ah_Handle[2] = [DllOpen('kernel32.dll')] If @Error Then SetError(2) Return 0 EndIf Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid) If @Error Then DllClose($ah_Handle[0]) SetError(3) Return 0 EndIf $ah_Handle[1] = $av_OpenProcess[0] Return $ah_Handle EndFunc ;================================================================================================= ; Function: _MemoryRead($iv_Address, $ah_Handle[, $sv_Type]) ; Description: Reads the value located in the memory address specified. ; Parameter(s): $iv_Address - The memory address you want to read from. It must be in hex ; format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $sv_Type - (optional) The "Type" of value you intend to read. This is set to ; 'dword'(32bit(4byte) signed integer) by default. See the help file ; for DllStructCreate for all types. ; An example: If you want to read a word that is 15 characters in ; length, you would use 'char[16]'. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns the value located at the specified address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless specified as a 'char' type, then ; they are returned in ASCII format. Also note that size ('char[size]') for all ; 'char' types should be 1 greater than the actual size. ;================================================================================================= Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @Error Then Local $v_Value = DllStructGetData($v_Buffer, 1) Return $v_Value Else SetError(6) Return 0 EndIf EndFunc ;================================================================================================= ; Function: _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type]) ; Description: Writes data to the specified memory address. ; Parameter(s): $iv_Address - The memory address you want to write to. It must be in hex ; format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of value you intend to write. This is set to ; 'dword'(32bit(4byte) signed integer) by default. See the help file ; for DllStructCreate for all types. ; An example: If you want to write a word that is 15 characters in ; length, you would use 'char[16]'. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = $sv_Type was not a string. ; 3 = $sv_Type is an unknown data type. ; 4 = Failed to allocate the memory needed for the DllStructure. ; 5 = Error allocating memory for $sv_Type. ; 6 = $v_Data is not in the proper format to be used with the "Type" ; selected for $sv_Type, or it is out of range. ; 7 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Values sent must be in Decimal format, unless specified as a 'char' type, then ; they must be in ASCII format. Also note that size ('char[size]') for all ; 'char' types should be 1 greater than the actual size. ;================================================================================================= Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword') If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf Local $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 1) Return 0 Else DllStructSetData($v_Buffer, 1, $v_Data) If @Error Then SetError(6) Return 0 EndIf EndIf DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If Not @Error Then Return 1 Else SetError(7) Return 0 EndIf EndFunc ;================================================================================================= ; Function: _MemoryClose($ah_Handle) ; Description: Closes the process handle opened by using _MemoryOpen(). ; Parameter(s): $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns 1 ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = Invalid $ah_Handle. ; 2 = Unable to close the process handle. ; Author(s): Nomad ; Note(s): ;================================================================================================= Func _MemoryClose($ah_Handle) If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1]) If Not @Error Then DllClose($ah_Handle[0]) Return 1 Else DllClose($ah_Handle[0]) SetError(2) Return 0 EndIf EndFunc ;================================================================================================= ; Function: _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type]) ; Description: Reads a chain of pointers and returns an array containing the destination ; address and the data at the address. ; Parameter(s): $iv_Address - The static memory address you want to start at. It must be in ; hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $av_Offset - An array of offsets for the pointers. Each pointer must have an ; offset. If there is no offset for a pointer, enter 0 for that ; array dimension. ; $sv_Type - (optional) The "Type" of data you intend to read at the destination ; address. This is set to 'dword'(32bit(4byte) signed integer) by ; default. See the help file for DllStructCreate for all types. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns an array containing the destination address and the value ; located at the address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = $av_Offset is not an array. ; 2 = Invalid $ah_Handle. ; 3 = $sv_Type is not a string. ; 4 = $sv_Type is an unknown data type. ; 5 = Failed to allocate the memory needed for the DllStructure. ; 6 = Error allocating memory for $sv_Type. ; 7 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless a 'char' type is selected. ; Set $av_Offset like this: ; $av_Offset[0] = NULL (not used) ; $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal) ; $av_Offset[2] = Offset for pointer 2 ; etc... ; (The number of array dimensions determines the number of pointers) ;================================================================================================= Func _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword') If IsArray($av_Offset) Then If IsArray($ah_Handle) Then Local $iv_PointerCount = UBound($av_Offset) - 1 Else SetError(2) Return 0 EndIf Else SetError(1) Return 0 EndIf Local $iv_Data[2], $i Local $v_Buffer = DllStructCreate('dword') For $i = 0 to $iv_PointerCount If $i = $iv_PointerCount Then $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 2) Return 0 EndIf $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) ElseIf $i = 0 Then DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) Else $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) EndIf Next $iv_Data[0] = $iv_Address Return $iv_Data EndFunc ;================================================================================================= ; Function: _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data[, $sv_Type]) ; Description: Reads a chain of pointers and writes the data to the destination address. ; Parameter(s): $iv_Address - The static memory address you want to start at. It must be in ; hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $av_Offset - An array of offsets for the pointers. Each pointer must have an ; offset. If there is no offset for a pointer, enter 0 for that ; array dimension. ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of data you intend to write at the destination ; address. This is set to 'dword'(32bit(4byte) signed integer) by ; default. See the help file for DllStructCreate for all types. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns the destination address. ; On Failure - Returns 0. ; @Error - 0 = No error. ; 1 = $av_Offset is not an array. ; 2 = Invalid $ah_Handle. ; 3 = Failed to read from the specified process. ; 4 = $sv_Type is not a string. ; 5 = $sv_Type is an unknown data type. ; 6 = Failed to allocate the memory needed for the DllStructure. ; 7 = Error allocating memory for $sv_Type. ; 8 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 9 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Data written is in Decimal format, unless a 'char' type is selected. ; Set $av_Offset like this: ; $av_Offset[0] = NULL (not used, doesn't matter what's entered) ; $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal) ; $av_Offset[2] = Offset for pointer 2 ; etc... ; (The number of array dimensions determines the number of pointers) ;================================================================================================= Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword') If IsArray($av_Offset) Then If IsArray($ah_Handle) Then Local $iv_PointerCount = UBound($av_Offset) - 1 Else SetError(2) Return 0 EndIf Else SetError(1) Return 0 EndIf Local $iv_StructData, $i Local $v_Buffer = DllStructCreate('dword') For $i = 0 to $iv_PointerCount If $i = $iv_PointerCount Then $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 3) Return 0 EndIf DllStructSetData($v_Buffer, 1, $v_Data) If @Error Then SetError(8) Return 0 EndIf $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(9) Return 0 Else Return $iv_Address EndIf ElseIf $i = 0 Then DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(3) Return 0 EndIf $iv_StructData = DllStructGetData($v_Buffer, 1) Else $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(3) Return 0 EndIf $iv_StructData = DllStructGetData($v_Buffer, 1) EndIf Next EndFunc #endregionoÝ÷ Ù°'{îËb¢ÛV*í¹©P¹êòèºÇ+ºw-ò¢é®²×â®Ën±ãò:§¶§Ê¦k'[aÇîËb¢t^iÛayû§rبuêí¢Ç¶«zÛ«)ߢ¹¶*'ë.ëhºÇzj+È)h±ì!z|¨¹ªÞvÞiDzȧØ^騯*j| ÷§¦ºz˺Ú"µÍÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOBÈ[Ý[ÛBBWÕX[]YQ^ ÌÍÚ]ÐYÜË ÌÍØZÒ[JBÈØÜ[ÛBSÜ[ÈHØÙÜÈ[XYÈ[]È[ÜX][ÛÜHY[[ÜHYÙHÚXÚÂBBBBXÛÛZ[ÈHY[[ÜHYÜÈÜXÚYYYÈ[Y]ÊNBIÌÍÚ]ÐYÜÈHHY[[ÜHYÜÈ[ÝHØ[ÈXYÛK]]ÝH[^ÂBBBBBBBHÜX] KÂBBBBIÌÍØZÒ[HH[^HÛÛZ[[ÈH[H[H[HÙHÜ[ÂBBBBBBBHØÙÜÈÈ]YHÓY[[ÜSÜ[ KÈ]Z[Y[ ÊNPH[YØÙÜÈQÈ][YJÊNSÛÝXØÙÜÈH]È[^HÛÛZ[[ÈHÛÝÚ[ÎÂBBBBBBBH ÌÍÐ^VÌHHÙHYÜËÂBBBBBBBH ÌÍÐ^VÌWHH[ØØ][ÛÙKÂBBBBBBBH ÌÍÐ^VÌHH[ØØ][ÛÝXÝÂBBBBBBBH ÌÍÐ^VÌ×HHYÚ[ÛÚ^KÂBBBBBBBH ÌÍÐ^VÍHHÝ]KÂBBBBBBBH ÌÍÐ^VÍWHHÝXÝÂBBBBBBBH ÌÍÐ^VÍHHKÂBBBBSÛZ[HH]ÈÂBBBBPÜHHÈÜÂBBBBBBHHH[[Y ÌÍØZÒ[KÂBBBBBBHH ÌÍÜÝÕHØÈÝHÝ[ËÂBBBBBBHÈH ÌÍÜÝÕHÈ[[ÛÝÛ]HKÂBBBBBBH HZ[YÈ[ØØ]HHY[[ÜHYYYÜHÝXÝKÂBBBBBBH HHÜ[ØØ][ÈY[[ÜHÜ ÌÍÜÝÕKÂBBBBBBH HZ[YÈXYÛHHÜXÚYYYØÙÜËÈ]]ÜÊNBSÛXYÈÝJÊNÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB[ÈÕX[]YQ^ ÌÍÚ]ÐYÜË ÌÍØZÒ[JBBRYÝÐ^J ÌÍØZÒ[JH[BTÙ]ÜJBBT]Q[YBSØØ[ ÌÍØ]Ñ]VÍ×K ÌÍÚBSØØ[ ÌÍÝÐYHÝXÝÜX]J ÌÎNÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜ ÌÎNÊBBRYÜ[BTÙ]ÜÜ ÈJBBT]Q[YBQØ[ ÌÍØZÒ[VÌK ÌÎNÚ[ ÌÎNË ÌÎNÕX[]YQ^ ÌÎNË ÌÎNÚ[ ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[ ÌÎNË ÌÍÚ]ÐYÜË ÌÎNÜÌÎNËÝXÝÙ] ÌÍÝÐYK ÌÎNÚ[ ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBRYÝÜ[BBBQÜ ÌÍÚHHÈ BBBBBIÌÍØ]Ñ]VÉÌÍÚWHH^ ÝXÝÙ]]J ÌÍÝÐY ÌÍÚH ÈJJJBBBBBS^BBBT] ÌÍØ]Ñ]BBBQ[ÙBBTÙ]Ü BBT]Q[YB[[Source:VirtualQueryEx.au3After doing a search on this function in the forum here, I only found 2 topics on it, and one of them was mine, hehe. In the other topic, someone said it couldn't be done, or something to that effect, so I decided to make this since I'm currently using it for my memory tool I've been working on.For a working example of this function, as well as how it's used, look here. The example doesn't use this function directly, since the example scans all virtual memory for a given process, the loop time would be a little longer and I wanted to return the values as fast as possible. So if you need a structural example for this function, let me know.Any questions about any of the following should be directed to the appropriate website. I'm only providing them for your convenience.General Reversing Tutorials & Guides:Reversing BasicsA Little Guide for Wannabe ReverserCollection of Reversing Resources (has a lot)Here are some tutorials using Ollydbg:Netter's "HowToHackD2_Edition1"Netter's "HowToHackD2_Edition2"Reverse Engineering: Simple Reversing with Olly pt. 1Easy reversing: GeekCalc.exeCracking Code - Part 1OllyTutorial #1 (with crackme)OllyTutorial #2 (with crackme)OllyTutorials for newbies - Great link, thanks lololop (have to register to view)(I'm still looking for more. If you know of any, feel free to post them)I haven't used every one of these links personally, so I don't know for sure what level of experience is assumed. Netter's tutorials are definately good for inexperienced users. The GeekCalc is also a good one.Programs made specifically for practicing reverse engineering:Crackmes.deMiscellaneous linksAn Introduction to Assembly Language ProgrammingRCE Forums a reverse engineering forumThe Reverse Engineering Community another reverse engineering forumYou can also check the link at the bottom of my signature to learn some basic assembly language programming. I highly recommend knowing the basics before submerging yourself into reverse engineering. Learning to reverse engineer is not as easy as learning to program (debugging a program to get the memory addresses needed to use these functions is reverse engineering). There is probably not going to be a tutorial which accomplishes exactly what it is you want, which means you have to build knowledge by doing many tutorials and learn how to apply that knowledge to achieve your goals.If you have any questions that aren't related to the linked tutorials or guides, or any comments, feel free to post them. If you don't understand how to use these functions then I suggest doing some research, this is about as simple as functions like this can be.Nomad Edit: Updated. I will try to keep all the most current information in this post.Examples.zipFull_Include.zipMemory.au3Process_Selector.au3 Edited July 16, 2006 by Nomad Link to comment Share on other sites More sharing options...
Styler001 Posted June 30, 2006 Share Posted June 30, 2006 I'm a huge noob at this memory address stuff, so please show a little mercy if these are stupid questions. In the first line of your _MemOpen function you have $InheritHandle = 0x1F0FFF. How do you determine that address? Can an address be passed to this function and replace the 1F0FFF, or is that address supposed to be a fixed address that applies all the time? I see that you have said it is optional, so can it be omitted altogether without adverse effects? If it can be omitted, would the first line look like this: Func _MemOpen($Pid, $InheritHandle = ) or Func _MemOpen($Pid) Again, I'm sorry if these are dumb questions (and I'm sure they are), but I'm just getting into the memory reads and such and am stumbling along blindly. Link to comment Share on other sites More sharing options...
Nomad Posted June 30, 2006 Author Share Posted June 30, 2006 (edited) I'm a huge noob at this memory address stuff, so please show a little mercy if these are stupid questions. In the first line of your _MemOpen function you have $InheritHandle = 0x1F0FFF. How do you determine that address? Can an address be passed to this function and replace the 1F0FFF, or is that address supposed to be a fixed address that applies all the time? I see that you have said it is optional, so can it be omitted altogether without adverse effects? If it can be omitted, would the first line look like this: Func _MemOpen($Pid, $InheritHandle = ) or Func _MemOpen($Pid) Again, I'm sorry if these are dumb questions (and I'm sure they are), but I'm just getting into the memory reads and such and am stumbling along blindly. You most likely will not need to pass on that parameter. Most users will use _MemoryOpen() like this:_MemoryOpen($ProcessID)oÝ÷ ØêmÚ«jgz»ç±iËeÊØZ¶mÚò¢ç§µêç¢Øbaz{ay×jém½©nz+.±ç[2-ºÇ«³¥z-ç¶)yÈÊØ^±êZ©µêìý½7ê+ÃzÈ«yÐqë,ÓEÐQE=$,°DËaz±r^¥ªÚë^ú+:§>ºzË0'!zvëZh²Èæqë,®(!¶Ëh¶©®²Ë)yÈçSê'*ÞjÊ'Ê°¢é]ç¶!jx¶¬Â¥u·¢*.Á©í¶Þ²Úâr×®Ö¢§zË+m²Ú-ë)yÈçi®²ÁhìZ^Ó4×CÑ8!ISâ²Ø^ì¡×©j¶¦z׫ÂåÉéÚnW¬¶qǬ²¸ Û'yç^vÚ+y§_®êk¡Ç¬³l騯&®¶seôÖVÖ÷'÷Vâb33cµ&ö6W74BÂoÝ÷ ÛMúò'êâ´v§vW~Øb²ö¥¹è¬MÖØ^©e¦ºz˱ÊÞj×o+azèqë,Â,xúèqë, I've also found a small bug with _MemoryRead(). It only applies to using a 'char' type however. If you have a 15 letter word you want to read, and set the "Type" to 'char[15]', it will return the entire 15 letter word, but it will have some ASCII garbage at the end. If you set the type to 'char[16]' instead, it reads the entire word still, but doesn't have the garbage. The only reason I can think of that would cause this would be something to do with a setting in AutoIt, but that doesn't mean it's not for some other reason. I'm going to further explore this bug before posting my updated UDF's, and if I can't find a solution, I'll implement something in the function to make this correction automatically within the function so as not to confuse anyone using the function. I hope this helps, Nomad Edit: updated for conformance to the most recent functions. Edited July 6, 2006 by Nomad Link to comment Share on other sites More sharing options...
w0uter Posted June 30, 2006 Share Posted June 30, 2006 that 'char' bug isnt a bug. strings need to be terminated with a 0 (NULL) char. My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll Link to comment Share on other sites More sharing options...
Nomad Posted June 30, 2006 Author Share Posted June 30, 2006 that 'char' bug isnt a bug. strings need to be terminated with a 0 (NULL) char. Ah, interesting. I wasn't aware of that. Thanks for the tip, I'll look into it further and implement some kind of corrective action.Great work on your original functions. Without them as a guide I wouldn't have known where to begin doing this sort of thing with AutoIt. Nomad Link to comment Share on other sites More sharing options...
Styler001 Posted July 1, 2006 Share Posted July 1, 2006 Thanks, Nomad. That helps alot. I think it answered all the questions I have at this point. (I'm sure I'll have more. ) But this gives me a starting point on trying to figure some of this memory shtuff out. Not that I'm dissing w0uter's functions. They were just too hard to figure out how to use for a noob like me without any comments included. Good job to both you guys. Link to comment Share on other sites More sharing options...
JavaScript_Freek Posted July 1, 2006 Share Posted July 1, 2006 Nothing happened. [center]Cookyx.com :: Simple LAN Chat[/center] Link to comment Share on other sites More sharing options...
Styler001 Posted July 1, 2006 Share Posted July 1, 2006 Nothing was supposed to happen. They're just a bunch of functions for different purposes that are supposed to be called by your scripts. Link to comment Share on other sites More sharing options...
Nomad Posted July 1, 2006 Author Share Posted July 1, 2006 Thanks, Nomad. That helps alot. I think it answered all the questions I have at this point. (I'm sure I'll have more. ) But this gives me a starting point on trying to figure some of this memory shtuff out. Not that I'm dissing w0uter's functions. They were just too hard to figure out how to use for a noob like me without any comments included. Good job to both you guys. No problem, when I update these in another day or two they should more clearly explain how to apply them for the inexperienced users. Which I'm sure will lead to more questions, since the actual use of these functions is the easiest part... getting the memory addresses to use them is another story. Maybe I'll locate some of the tutorials I used a while back when learning memory stuff, that way I won't be faced with questions which are going to take hours of typing to answer. I have no problem answering any questions relating to the actual functions, but questions like:How do I read and/or write to the memory address for health in w/e game?will remain unanswered. Questions such as those require more knowledge to answer than just some AutoIt programming experience. I'm not trying to be an arse, I'm just trying to head off questions before they arise. I will attempt to locate some tutorials to aid inexperienced users. For those who might like to beat me to it, look into Ollydbg (a debugger), or something like T-Search or Cheat Engine (not as good as a debugger, but easier to learn).Basically the majority of people who will find these functions useful will be the cough* hackers cough* who like to script game bots and cheats. There are other uses for these, but that would be the main reason for using them. I prefer to read from memory as opposed to doing pixel scans (when possible) for games because it's faster, 100% accurate, uses less script space, and very little cpu load (providing you located the correct memory addresses for what you're trying to achieve ).Nomad Link to comment Share on other sites More sharing options...
Styler001 Posted July 1, 2006 Share Posted July 1, 2006 Basically the majority of people who will find these functions useful will be the cough* hackers cough* who like to script game bots and cheats. There are other uses for these, but that would be the main reason for using them. I prefer to read from memory as opposed to doing pixel scans (when possible) for games because it's faster, 100% accurate, uses less script space, and very little cpu load (providing you located the correct memory addresses for what you're trying to achieve ).I stand accused. :"> I can see how this would be much more reliable than a point you choose that you hope is the "right" spot for what you are trying to achieve. Right now, I'm using a function that works off of an educated guess at the total pixels horizontally of an hp bar. While it has been adequate so far, I tend to lean toward being a perfectionist and this pixel count just doesn't give me that warm fuzzy feeling. I like the idea of using memory reading to get it as exact as possible, especially since I think the graphics probably update slower than the addresses, so I could get a faster reaction time.I am having some troubles reading the addresses I've found, but I'll keep slogging away and see if I can come up the results I expect. Like I said before, this memory stuff is all pretty new to me, but once I get the hang of it, there'll be no stopping me. Link to comment Share on other sites More sharing options...
Nomad Posted July 3, 2006 Author Share Posted July 3, 2006 Ok, I've updated the functions and provided some more examples. Sorry it took so long, I've had a lot going on with the holiday and haven't had the time to mess with this. There didn't seem to be an easy fix for the 'char' format, so I made it clear that users should add 1 to the size of the 'char' type that they want to read/write. Nomad Link to comment Share on other sites More sharing options...
AzKay Posted July 3, 2006 Share Posted July 3, 2006 Smexy ^^, I mean, Funkeh, Ive a question though, If youve used cheatengine, you know how there are pointers? how would I be able to do something similiar with the mem functions? I know, erm, very basic olly xD, and im about medium at CE, but not good with the ASM. # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
Nomad Posted July 4, 2006 Author Share Posted July 4, 2006 (edited) Smexy ^^, I mean, Funkeh, Ive a question though, If youve used cheatengine, you know how there are pointers? how would I be able to do something similiar with the mem functions? I know, erm, very basic olly xD, and im about medium at CE, but not good with the ASM. Here is the structure I use for pointers:expandcollapse popup;Include my _Memory() functions #include <Memory.au3> ;Get the process ID Global $ProcessID = WinGetProcess("window_name");or however you want to get it _ReadUsingPointers () Func _ReadUsingPointers () ;define local variables Local $Data, $Pointer_1, $Pointer_2, $Pointer_3 Local $StaticAddress = 0x6FBCBB60 ;input static address in hex Local $Offset1 = 56 ;enter offsets in decimal, not hex Local $Offset2 = 200 Local $Offset3 = 40 ;Open the process Local $DllHandle = _MemoryOpen($ProcessID) ;Read the process $Data = _MemoryRead($StaticAddress, $DllHandle) ;data returned is in decimal and must be combined ;with the offset for the next _MemoryRead(). $Pointer_1 = '0x' & hex($Data + $Offset1) $Data = _MemoryRead($Pointer_1, $DllHandle) ;repeat $Pointer_2 = '0x' & hex($Data + $Offset2) $Data = _MemoryRead($Pointer_2, $DllHandle) ;repeat... $Pointer_3 = '0x' & hex($Data + $Offset3) $Data = _MemoryRead($Pointer_3, $DllHandle) ;continue repeating until you get to the desired data ;can use either way ;MsgBox(4096, "Data Read", $Data) MsgBox(4096, "Data Read", _MemoryRead($Pointer_3, $DllHandle)) ;Close the process _MemoryClose($DllHandle) EndFunc I hope this helps, Nomad Edited July 4, 2006 by Nomad Link to comment Share on other sites More sharing options...
Nomad Posted July 4, 2006 Author Share Posted July 4, 2006 (edited) Also, here is a potential new function. This would probably return the value faster since you wouldn't have to keep calling the _MemoryRead() function. If you get the above example working, try this:_MemoryPointerRead() removed, see the first post I got to thinking and decided this might be a good function to include with the rest, since a lot of game related scripts will need to read a series of pointers to get to the desired data. I haven't tested it, but it should work. Nomad Edited July 5, 2006 by Nomad Link to comment Share on other sites More sharing options...
AzKay Posted July 4, 2006 Share Posted July 4, 2006 (edited) Thanks, One question, call me stupid but, how would you use the _MemoryWrite with the pointers? Would it be something liek: _MemoryWrite(_MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset), $ah_Handle, $v_Data) Something liek that would work? Or am I just crazy xD And Another edit:: Since Im here, I may aswell ask.. In cheatengine, Ive got my address's, but they cant find a pointer, how would I get around this? Is it possible to, Liek, "make" a pointer? I think I asked this in the CE forum, but no success, due to lack of help. Edited July 4, 2006 by AzKay # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
Nomad Posted July 4, 2006 Author Share Posted July 4, 2006 Thanks, One question, call me stupid but, how would you use the _MemoryWrite with the pointers? Would it be something liek: _MemoryWrite(_MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset), $ah_Handle, $v_Data) Something liek that would work? Or am I just crazy xDYou cannot call a function as a parameter, so writing memory isn't going to work like that. _MemoryPointerRead does exactly that, reads. In order to write you would need to create a _MemoryPointerWrite function. I'll probably make one like that too, but i'm off for a while. Since Im here, I may aswell ask.. In cheatengine, Ive got my address's, but they cant find a pointer, how would I get around this? Is it possible to, Liek, "make" a pointer? I think I asked this in the CE forum, but no success, due to lack of help.I suggest thoroughly searching the cheat engine forums. Have a nice 4th, Nomad Link to comment Share on other sites More sharing options...
AzKay Posted July 4, 2006 Share Posted July 4, 2006 Thanks, Ill do just that ^^, And once again, keep up the good work ^^ # MY LOVE FOR YOU... IS LIKE A TRUCK- # Link to comment Share on other sites More sharing options...
Busti Posted July 4, 2006 Share Posted July 4, 2006 smaal question to your "OpenProcess" : in my programm its shown as this: [DllImport("kernel32.dll")] static extern int OpenProcess ( int dwDesiredAccess, int bInheritHandle, int dwProcessId); but whereare you using the desired access = My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity Link to comment Share on other sites More sharing options...
erifash Posted July 4, 2006 Share Posted July 4, 2006 I have adapted these new memory functions in order to create a memory editor in AutoIt. Can anyone test this out with the Diablo II cheats to see if this works? CODE#include <GUIConstants.au3> $gui = GUICreate("AutoIt Memory Editor", 360, 280) Global $combo = GUICtrlCreateCombo("", 10, 10, 230, 20) _RefreshList() $open = GUICtrlCreateButton("Open", 250, 10, 45, 20) $refresh = GUICtrlCreateButton("Refresh", 305, 10, 45, 20) GUICtrlCreateGroup("Read", 5, 40, 350, 118) GUICtrlCreateLabel("Data Type", 10, 58, 60, 15) $rtype = GUICtrlCreateCombo("byte", 70, 55, 100, 20) GUICtrlSetData(-1, "ubyte|char|short|ushort|int|uint|dword|udword|ptr|float|double|int64|uint64") GUICtrlCreateLabel("Address", 10, 88, 60, 15) $raddress = GUICtrlCreateInput("0x00000000", 70, 85, 100, 20) $read = GUICtrlCreateButton("Read", 15, 120, 70, 20) $rclose = GUICtrlCreateButton("Close", 95, 120, 70, 20) $rdata = GUICtrlCreateEdit("", 180, 55, 170, 95) GUICtrlCreateGroup("Write", 5, 158, 350, 117) GUICtrlCreateLabel("Data Type", 10, 176, 60, 15) $wtype = GUICtrlCreateCombo("byte", 70, 173, 100, 20) GUICtrlSetData(-1, "ubyte|char|short|ushort|int|uint|dword|udword|ptr|float|double|int64|uint64") GUICtrlCreateLabel("Address", 10, 206, 60, 15) $waddress = GUICtrlCreateInput("0x00000000", 70, 203, 100, 20) $write = GUICtrlCreateButton("Write", 15, 238, 70, 20) $wclose = GUICtrlCreateButton("Close", 95, 238, 70, 20) $wdata = GUICtrlCreateEdit("", 180, 173, 170, 95) GUICtrlSetState($combo, $GUI_FOCUS) _Disable() GUISetState() $proc = 0 $mem = 0 While 1 $msg = GUIGetMsg() Switch $msg Case $GUI_EVENT_CLOSE Exit Case $combo $proc = ProcessExists(GUICtrlRead($combo)) Case $refresh _RefreshList() Case $open $mem = _MemOpen($proc) If @error or $mem = 0 or $proc = 0 Then mError("Can't open process memory!") Else _Enable() EndIf Case $read _SizeOf(GUICtrlRead($rtype)) If @error Then mError("Wrong data type!") Else GUICtrlSetData($rdata, _MemRead($mem, GUICtrlRead($raddress), GUICtrlRead($rtype))) EndIf Case $rclose, $wclose _MemClose($mem) _Disable() Case $write _SizeOf(GUICtrlRead($wtype)) If @error Then mError("Wrong data type!") Else _MemWrite($mem, GUICtrlRead($waddress), GUICtrlRead($wdata), GUICtrlRead($wtype)) EndIf EndSwitch Sleep(0) WEnd Func mError($sText, $iFatal = 0, $sTitle = "Error", $iOpt = 0) Local $ret = MsgBox(48 + 4096 + 262144 + $iOpt, $sTitle, $sText) If $iFatal Then Exit Return $ret EndFunc Func _RefreshList() Local $ps = ProcessList(), $list = "" For $i = 1 to $ps[0][0] $list &= "|" & $ps[$i][0] Next GUICtrlSetData($combo, $list) GUISetState() EndFunc Func _Disable() GUICtrlSetState($rtype, $GUI_DISABLE) GUICtrlSetState($raddress, $GUI_DISABLE) GUICtrlSetState($read, $GUI_DISABLE) GUICtrlSetState($rclose, $GUI_DISABLE) GUICtrlSetState($rdata, $GUI_DISABLE) GUICtrlSetState($wtype, $GUI_DISABLE) GUICtrlSetState($waddress, $GUI_DISABLE) GUICtrlSetState($write, $GUI_DISABLE) GUICtrlSetState($wclose, $GUI_DISABLE) GUICtrlSetState($wdata, $GUI_DISABLE) GUISetState() EndFunc Func _Enable() GUICtrlSetState($rtype, $GUI_ENABLE) GUICtrlSetState($raddress, $GUI_ENABLE) GUICtrlSetState($read, $GUI_ENABLE) GUICtrlSetState($rclose, $GUI_ENABLE) GUICtrlSetState($rdata, $GUI_ENABLE) GUICtrlSetState($wtype, $GUI_ENABLE) GUICtrlSetState($waddress, $GUI_ENABLE) GUICtrlSetState($write, $GUI_ENABLE) GUICtrlSetState($wclose, $GUI_ENABLE) GUICtrlSetState($wdata, $GUI_ENABLE) GUISetState() EndFunc Func _MemOpen( $i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0 ) Local $av_Return[2] = [DllOpen('kernel32.dll')] Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0]) SetError(1) Return 0 EndIf $av_Return[1] = $ai_Handle[0] Return $av_Return EndFunc Func _MemRead( $ah_Mem, $i_Address, $s_Type = 'dword' ) If not IsArray($ah_Mem) Then SetError(1) Return '' EndIf Local $v_Struct = DllStructCreate($s_Type) DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', DllStructGetSize($v_Struct), 'int', '') If @error Then SetError(1) Return '' EndIf Return DllStructGetData($v_Struct, 1, 1) EndFunc Func _MemWrite( $ah_Mem, $i_Address, $v_Data, $s_Type = 'dword' ) If not IsArray($ah_Mem) Then SetError(1) Return 0 EndIf Local $v_Struct = DllStructCreate($s_Type) DllStructSetData($v_Struct, 1, $v_Data, 1) DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', DllStructGetSize($v_Struct), 'int', '') If not @error Then Return 1 Else SetError(1) Return 0 EndIf EndFunc Func _MemClose( $ah_Mem ) If not IsArray($ah_Mem) Then SetError(1) Return 0 EndIf DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) If not @error Then DllClose($ah_Mem[0]) Return 1 Else DllClose($ah_Mem[0]) SetError(1) Return 0 EndIf EndFunc Func _SizeOf( $s_Type ) Local $v_Struct = DllStructCreate($s_Type), $i_Size = DllStructGetSize($v_Struct) $v_Struct = 0 Return $i_Size EndFunc My UDFs:_FilePrint() | _ProcessGetName() | _Degree() and _Radian()My Scripts:Drive Lock - Computer Lock Using a Flash DriveAU3Chat - Simple Multiuser TCP ChatroomStringChunk - Split a String Into Equal PartsAutoProxy - Custom Webserver Link to comment Share on other sites More sharing options...
Nomad Posted July 5, 2006 Author Share Posted July 5, 2006 (edited) @erifash: Attach the source. smaal question to your "OpenProcess" : in my programm its shown as this: [DllImport("kernel32.dll")] static extern int OpenProcess ( int dwDesiredAccess, int bInheritHandle, int dwProcessId); but whereare you using the desired access = Thanks for directing my attention to that. I was using InheritHandle as the DesiredAccess, and had InheritHandle set to 0 (FALSE). I didn't pay much attention to the OpenProcess function while modifying the old functions since it always worked. But now I see there was an error waiting to happen there. This is one reason I posted these. So that everyone can try them out in their own way and report any errors. I have corrected the function in the first post, so now everything should be perfect. Nomad Edited July 5, 2006 by Nomad Link to comment Share on other sites More sharing options...
Recommended Posts