Jump to content

Recommended Posts

Posted

Well for the fun of it I was trying to create a memory scanner. And I got it to work, but heres the deal. It's to slow ;)

I have it searching chunks of memory.

0x006E0000 <- Starting location (Cheat engine confirmed. No value needs to be below this point)

If that block fails to meet the Read+Write requirements (Alot of blocks do). It add's 0x00001000

Searches 0x006E1000

Ect ect.

I get the inital values very fast but as soon as I get to the 0x01000000+ range alot of chunks start turning up searchable. I can't seems to loop through any faster to check the values.

1) Is there any way to speed up my loop?

2) Does anyone know of a call I can use to speed up the block searching process? Like another variable that says "This block isn't searchable"?

I don't really expect to get many replies. So if this goes away I'll just have to wait till I can find some way of speeding this up myself :D

Thanks all!

Szh

#include <GUIConstants.au3>
#include <GuiListBox.au3>
#include <ListboxConstants.au3>
#include <WindowsConstants.au3>
#include <NomadMemory.au3>
;
SetPrivilege("SeDebugPrivilege", 1)

Global $MemoryOpen, $ProcessOpened = False
Global $AddressList

$Form1 = GUICreate("Form1", 539, 277, 193, 125)
$AddressList = GUICtrlCreateListView("Address   | Value               ", 2, 27, 185, 240)
$Label1 = GUICtrlCreateLabel("Addresses", 51, 7, 53, 17)
$ProcessLabel = GUICtrlCreateLabel("Memory: None opened", 230, 22, 200, 24)
$SearchInput = GUICtrlCreateInput("Search", 232, 57, 270, 21)
$Combo1 = GUICtrlCreateCombo("4 Byte", 232, 88, 105, 25)
GUICtrlSetData(-1, "4 byte")
$SearchButton = GUICtrlCreateButton("Search", 362, 85, 115, 28, 0)
$Button2 = GUICtrlCreateButton("OpenMemory", 416, 12, 85, 35, 0)
GUISetState(@SW_SHOW)





While 1
    
    Sleep(20)
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
            
        Case $Button2
            $OpenProcess = OpenDialog()
            $MemoryOpen = _MemoryOpen($OpenProcess)
            
        Case $SearchButton
            If $ProcessOpened = True Then
                $sSearchText = GUICtrlRead($SearchInput)
                $SearchStart = 0x006E0000
                $SearchCurrent = 0x006E0000
                GUICtrlSetData($SearchInput, "Searching...")
                While 1
                    While 1
                        If Query($MemoryOpen, $SearchStart) = "00000004" Then ExitLoop
                        $SearchStart += 4096 
                        $SearchCurrent = $SearchStart
                    WEnd
                    
                    Do
                        $Read = _MemoryRead($SearchCurrent, $MemoryOpen)
                        If $Read <> "0" And $Read = $sSearchText Then 
                            GUICtrlCreateListViewItem(Hex($SearchCurrent) & "|" & String($Read), $AddressList)
                        EndIf
                        $SearchCurrent += 1
                    Until $SearchCurrent = ($SearchStart + 4096)
                    $SearchStart += 4096 ; 4096 65536
                    
                    
                    If Hex($SearchStart) = "08000000" Then ExitLoop
                WEnd
                GUICtrlSetData($SearchInput, "Done")
                
            EndIf


    EndSwitch
WEnd

Func OpenDialog()

Local $aRet[2]

$OpenForm = GUICreate("Processes", 222, 343, 193, 125)
$ProcessListBox = GUICtrlCreateList("", 25, 9, 172, 266, $WS_BORDER + $WS_VSCROLL + $WS_TABSTOP + $LBS_NOTIFY)
$OpenButton = GUICtrlCreateButton("Open", 39, 288, 147, 34, 0)
GUISetState(@SW_SHOW)
$ProcessList = ProcessList()

For $I = 1 To $ProcessList[0][0]
    _GUICtrlListBox_AddString($ProcessListBox, "0x" & Hex($ProcessList[$I][1]) & "-" &  $ProcessList[$I][0])
Next

While 1
    $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            GUIDelete($OpenForm)
            $aRet[0] = ""
            ExitLoop
            
        Case $OpenButton
            $iCurSel = _GUICtrlListBox_GetCurSel($ProcessListBox)
            $aRet = StringRegExp(_GUICtrlListBox_GetText($ProcessListBox, $iCurSel), "..(.*)-", 1)
            GUICtrlSetData($ProcessLabel, "Opened: " & _GUICtrlListBox_GetText($ProcessListBox, $iCurSel))
            $ProcessOpened = True
            GUIDelete($OpenForm)
            ExitLoop

    EndSwitch
WEnd


Return Dec($aRet[0])

EndFunc


Func Query($Handle, $Address)

Local $Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
Local $aRet[7]

DllCall($Handle[0], 'int', 'VirtualQueryEx', 'int', $Handle[1], 'int', $Address, 'ptr', DllStructGetPtr($Buffer), 'int', DllStructGetSize($Buffer))
        
$aRet[0] = '0x' & Hex(DllStructGetData($Buffer, 1)); + 0)
$aRet[1] = '0x' & Hex(DllStructGetData($Buffer, 2))
$aRet[2] = Hex(DllStructGetData($Buffer, 3))
$aRet[3] = Hex(DllStructGetData($Buffer, 4))
$aRet[4] = '0x' & Hex(DllStructGetData($Buffer, 5))
$aRet[5] = Hex(DllStructGetData($Buffer, 6))
$aRet[6] = '0x' & Hex(DllStructGetData($Buffer, 7))

Return $aRet[5]

EndFunc

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...