Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

new _Mem functions


  • Please log in to reply
196 replies to this topic

#1 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 21 December 2005 - 12:39 AM

i rewrote open/read/write/close to fix all bugs known

if you dont know how to use it it is not for you :P

Plain Text         
#region _Mem() Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)     Local $av_Return[2] = [DllOpen('kernel32.dll') ]     Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)     If @error Then         DllClose($av_Return[0])         SetError(1)         Return 0     EndIf     $av_Return[1] = $ai_Handle[0]     Return $av_Return EndFunc  ;==>_MemOpen Func _MemRead($ah_Mem, $i_Address, $i_Size = 0)     If $i_Size = 0 Then         Local $v_Return = ''         Local $v_Struct = DllStructCreate('byte[1]')         Local $v_Ret                 While 1             $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')             $v_Ret = DllStructGetData($v_Struct, 1)             If $v_Ret = 0 Then ExitLoop             $v_Return &= Chr($v_Ret)             $i_Address += 1         WEnd             Else         Local $v_Struct = DllStructCreate('byte[' & $i_Size & ']')         Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '')         Local $v_Return[$v_Ret[4]]         For $i = 0 To $v_Ret[4] - 1             $v_Return[$i] = DllStructGetData($v_Struct, 1, $i + 1)         Next     EndIf     Return $v_Return EndFunc  ;==>_MemRead Func _MemWrite($ah_Mem, $i_Address, $v_Inject)     Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')     Return $av_Call[0] EndFunc  ;==>_MemWrite Func _MemClose($ah_Mem)     Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])     DllClose($ah_Mem[0])     Return $av_Ret[0] EndFunc  ;==>_MemClose Func _MemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _         $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _         $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _         $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _         $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _         $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _         $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)     If IsString($1) Then         $1 = StringSplit($1, '')         Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')         For $i = 1 To UBound($1) - 1             DllStructSetData($v_Helper, 1, Asc($1[$i]), $i)         Next     Else         Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']')         For $i = 1 To @NumParams             DllStructSetData($v_Helper, 1, Eval($i), $i)         Next     EndIf     Return $v_Helper EndFunc  ;==>_MemCreate Func _MemRev($v_DWORD)     If UBound($v_DWORD) = 4 Then Return '0x' & Hex($v_DWORD[3], 2) & Hex($v_DWORD[2], 2) & Hex($v_DWORD[1], 2) & Hex($v_DWORD[0], 2)     Local $v_Ret[4] = ['0x' & StringMid(Hex($v_DWORD, 8), 7, 2), '0x' & StringMid(Hex($v_DWORD, 8), 5, 2), '0x' & StringMid(Hex($v_DWORD, 8), 3, 2), '0x' & StringMid(Hex($v_DWORD, 8), 1, 2) ]     Return $v_Ret EndFunc  ;==>_MemRev Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', BitOR($i_AT, 0x8000000), 'int', $i_Protect)         Case Else             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)     EndSwitch     Return $av_Alloc[0] EndFunc  ;==>_MemAlloc Func _MemFree($ah_Mem, $i_Address)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', 0, 'int', 0x8000)         Case Else             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)     EndSwitch     Return $av_Free[0] EndFunc  ;==>_MemFree Func _MemText($ah_Mem, $s_Text)     Local $i_Size = StringLen($s_Text) + 1     Local $i_Addr = _MemAlloc($ah_Mem, $i_Size)     _MemWrite($ah_Mem, $i_Addr, _MemCreate($s_Text))     Return $i_Addr EndFunc  ;==>_MemText #endregion

Edited by w0uter, 04 February 2006 - 02:40 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll







#2 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 21 December 2005 - 03:45 PM

60 view and no replies, that makes me sad :P
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#3 RagnaroktA

RagnaroktA

    Prodigy

  • Active Members
  • PipPipPip
  • 198 posts

Posted 21 December 2005 - 03:55 PM

60 view and no replies, that makes me sad :lmao:


:P w0uter
Current Projects:Remote Administration Suite Updated! 12-20-07Remote User State Migration Tool (Plugin) Updated! 12-20-07Batch Print Wizard Updated! 12-20-07Links:AutoIt Beta | AutoIt WikiPosted Image

#4 Snipz

Snipz

    Wayfarer

  • Active Members
  • Pip
  • 63 posts

Posted 21 December 2005 - 07:41 PM

w0uter can you explain what this does please.
Once my friend told me that he had found Jesus. I thought to myself, "Woohoo, we're rich!" It turns out he meant something different.Sometimes I just like to lay in my bed and look up at the stars and wonder..where the hell did my roof go?Posted Image

#5 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 21 December 2005 - 08:13 PM

the bottom is commented ...

simply what this does is read the title and text of a messagebox created with autoit.

[edit] i wonder why the forum made a new post while i hitted edit ... [ /edit ]

Edited by w0uter, 21 December 2005 - 09:19 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#6 ilovecui

ilovecui

    Seeker

  • Active Members
  • 30 posts

Posted 22 December 2005 - 01:15 PM

could you give me a example ??

i don't know how to use it.


could you?


if you're free,i hope you could explain the purpose of script.

thanks

Edited by ilovecui, 22 December 2005 - 01:17 PM.


#7 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 22 December 2005 - 03:34 PM

could you give me a example ??

at the bottom of the code there is an example.

if you're free,i hope you could explain the purpose of script.


it can read memory from processes.

this means you can now get data in other ways then external resources (like an GUI)
(and also that you can create hacks in autoit well not yet much since writing is still broken)
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#8 ilovecui

ilovecui

    Seeker

  • Active Members
  • 30 posts

Posted 23 December 2005 - 01:41 PM

thanks ,this is a very good script! well done!


but,how could i know the mem address in the programme when runing

_MemRead($v_Open, 0x0012FBC0, 4)


like :0x0012FBC0


could you tell me how do you know the 0x0012FBC0?

do you know by using another mem editer??

#9 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 23 December 2005 - 04:34 PM

you can find it by using a debugger (i used OllyDbg)

(i think there is just a really small amout of people that actually have knowledge enough to use these functions :P)
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#10 ilovecui

ilovecui

    Seeker

  • Active Members
  • 30 posts

Posted 26 December 2005 - 01:01 PM

you're right!

i know something about this,but just a little!So I don;t know how to use this script to hack the autoit,can you tell me how to do it?

even if i know a little,but i don't konw how to use it the hack programme,like reading the data when checking the password in the mem.

if you're free,could you tell me how to clean the Password in mem after i press the ok button!because i don't want sb know this useing by mem editer ,could you do this by ur script???

#11 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 31 December 2005 - 02:43 AM

lots of new code, see first post :P
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#12 The Kandie Man

The Kandie Man

    All Your Base Are Belong To Us

  • Active Members
  • PipPipPipPipPipPip
  • 950 posts

Posted 01 January 2006 - 10:22 AM

At first glance i didn't understand what this script did, but after looking at it closely i realized that he wrote a script that simply modified memory addresses(actually it isn't so simple, i know that it is very complicated). Very clever. I guess this means you could write a trainer for a video game with auto it. :P
"So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire

#13 Bof

Bof

    Seeker

  • New Members
  • 6 posts

Posted 01 January 2006 - 12:10 PM

hey, thanks for the script, i think its really useful.

i noticed it doesnt support pointers so i made my own function for pointers.

Func _MemReadPointer($ah_Mem, $i_Address, $i_Offset, $i_Size = 4, $negative = 0)
if $negative Then
Local $v_pointer = _MemRead($ah_Mem, '0x' & Hex(_MemHelper(_MemRead($ah_Mem, $i_Address, 4)) - $i_Offset), $i_Size)
Else
Local $v_pointer = _MemRead($ah_Mem, '0x' & Hex(_MemHelper(_MemRead($ah_Mem, $i_Address, 4)) + $i_Offset), $i_Size)
EndIf
Return $v_pointer
EndFunc ;==>_MemReadPointer



#14 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 18 January 2006 - 02:08 PM

2 new functions. :lmao:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)     $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)     Return $av_Alloc[0] EndFunc  ;==>_MemAlloc Func _MemFree($ah_Mem, $i_Address)     $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)     Return $av_Free[0] EndFunc  ;==>_MemFree $i_Open = _MemOpen(@AutoItPID) $i_Alloc = _MemAlloc($i_Open, 7) _MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0)) MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc)) _MemFree($i_Open, $i_Alloc) _MemClose($i_Open)

Edited by w0uter, 18 January 2006 - 02:09 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#15 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 18 January 2006 - 03:00 PM

could someone with 9x/ME give this a try ?

Plain Text         
Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirutalAlloc', 'int', $i_Adress, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)         Case Else             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)     EndSwitch     Return $av_Alloc[0] EndFunc  ;==>_MemAlloc Func _MemFree($ah_Mem, $i_Address)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $av_Free = DllCall($ah_Mem[0], 'int', 'VirutalFree', 'int', $i_Adress, 'int', $i_Size)         Case Else             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)     EndSwitch     Return $av_Free[0] EndFunc  ;==>_MemFree $i_Open = _MemOpen(@AutoItPID) $i_Alloc = _MemAlloc($i_Open, 7) _MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0)) MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc)) _MemFree($i_Open, $i_Alloc) _MemClose($i_Open)

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#16 Mike Wilson

Mike Wilson

    Seeker

  • New Members
  • 7 posts

Posted 18 January 2006 - 04:14 PM

I am using 98. Here are some things:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirutalAlloc', 'int', $i_Adress, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)         Case Else             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)     EndSwitch     Return $av_Alloc[0] EndFunc ;==>_MemAlloc


$i_Adress ---> $i_Address (also in _MemFree)

Return $av_Alloc[0]: This is generating error: subscript used on a non-array variable


If you can figure out these issues, I'll try it again.

Mike
"This is the day of all days. Behold, the King reigns! You are his publicity agents. Therefore advertise, advertise, advertise, the King and his kingdom."

#17 Mike Wilson

Mike Wilson

    Seeker

  • New Members
  • 7 posts

Posted 18 January 2006 - 04:19 PM

could someone with 9x/ME give this a try ?


Change
Virutal
to
Virtual
- several occurances, also in the first post code.


Mike :lmao:
"This is the day of all days. Behold, the King reigns! You are his publicity agents. Therefore advertise, advertise, advertise, the King and his kingdom."

#18 Mike Wilson

Mike Wilson

    Seeker

  • New Members
  • 7 posts

Posted 18 January 2006 - 04:24 PM

could someone with 9x/ME give this a try ?

after I changed the items I show above, this shows up:

Func _MemFree($ah_Mem, $i_Address)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', $i_Size)


$i_Size:
Variable used without being declared

hmmm, I don't have enough time to figure this out right now...

Mike :lmao:
"This is the day of all days. Behold, the King reigns! You are his publicity agents. Therefore advertise, advertise, advertise, the King and his kingdom."

#19 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 18 January 2006 - 04:32 PM

thanx mike

btw welcome to the board :lmao:


new code:
Plain Text         
Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)         Case Else             $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)     EndSwitch     Return $av_Alloc[0] EndFunc;==>_MemAlloc Func _MemFree($ah_Mem, $i_Address)     Switch @OSVersion         Case "WIN_ME", "WIN_98", "WIN_95"             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', 0, 'int', 0x8000)         Case Else             $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)     EndSwitch     Return $av_Free[0] EndFunc;==>_MemFree $i_Open = _MemOpen(@AutoItPID) $i_Alloc = _MemAlloc($i_Open, 7) _MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0)) MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc)) _MemFree($i_Open, $i_Alloc) _MemClose($i_Open)

Edited by w0uter, 18 January 2006 - 04:35 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#20 Mike Wilson

Mike Wilson

    Seeker

  • New Members
  • 7 posts

Posted 18 January 2006 - 08:20 PM

thanx mike

Welcome :lmao:

btw welcome to the board ;)

Glad to be here. - been signed up, lots of scripts written, employer does not want me to share them though. Finally posted.

I think this worked fine, small dialog popped up, Title = OmFg RoXOr, text = wouter.
"This is the day of all days. Behold, the King reigns! You are his publicity agents. Therefore advertise, advertise, advertise, the King and his kingdom."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users