# new _Mem functions

196 replies to this topic

### #21 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 18 January 2006 - 08:23 PM

okey thanks
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #22 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 18 January 2006 - 11:13 PM

code taken down due to incompatibilty.

Edited by w0uter, 21 January 2006 - 12:02 AM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #23 Knight

Knight

Prodigy

• Active Members
• 155 posts

Posted 20 January 2006 - 02:33 AM

Once again, Great Work Wouter!

Thanks,
JKnight

### #24 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 20 January 2006 - 03:45 PM

i dont know what 'floats' are.
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #25 Knight

Knight

Prodigy

• Active Members
• 155 posts

Posted 20 January 2006 - 09:09 PM

what I mean is identifying the type to read. Exactly how you changed your old memread function here.. http://www.autoitscript.com/forum/index.ph...ndpost&p=122299

You added $s_type. ### #26 strate strate Universalist • Active Members • 539 posts Posted 20 January 2006 - 11:45 PM you can find it by using a debugger (i used OllyDbg) (i think there is just a really small amout of people that actually have knowledge enough to use these functions ) Would I be able to use this program to get information from a status bar? Then would I be able to turn it back into what the status bar said? INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station... ### #27 Gene Gene Universalist • Active Members • 494 posts Posted 21 January 2006 - 06:49 PM 60 view and no replies, that makes me sad Hi w0uter, Given what you've done, could you also change the display time to something less than a second? Not to something subliminal, but only a little above. I frequently use MsgBoxes to show me variable content when I'm tracking a problem. I currently set them for one second but this is a lot slower than I could deal with and the boredom factor is high. Gene Thanks for the response.GeneYes, I know the punctuation is not right... ### #28 CoderDunn CoderDunn Universalist • Active Members • 345 posts Posted 21 January 2006 - 07:12 PM Why doesn't this work? I found the mem adress with T-search. It's the adress for my characters health. I have Win XP in case that matters Opt("WinTitleMatchMode", 3)$pid = WinGetProcess("Tibia")

$open = _MemOpen($pid)

$read = _MemRead($open,0x4A1240,4)

MsgBox(0,"",$read) _MemWrite($open,0x4A1240,100)

Hallman

### #29 Valik

Valik

Former developer.

• Active Members
• 18,879 posts

Posted 21 January 2006 - 07:43 PM

Hi w0uter,

Given what you've done, could you also change the display time to something less than a second? Not to something subliminal, but only a little above. I frequently use MsgBoxes to show me variable content when I'm tracking a problem. I currently set them for one second but this is a lot slower than I could deal with and the boredom factor is high.

Gene

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.

### #30 Gene

Gene

Universalist

• Active Members
• 494 posts

Posted 21 January 2006 - 08:02 PM

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.

Hi Valik,

Yes, that's what I was after, sigh.

I've done the same thing with vars writing them to a file, but that's hard to corelate with what was happening on screen. I'e even tried capturing screen bitmaps but they often don't coincide and suck up lots of time and drive space.

Gene
Thanks for the response.GeneYes, I know the punctuation is not right...

### #31 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 22 January 2006 - 02:08 AM

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.

i think you are mistaken. i hacked autoits internal handeling of the MsgBox Command.

After looking at the source for like ~60 seconds my guess would be to hack "vParams[3].nValue() * 1000" out of the source code.
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #32 Valik

Valik

Former developer.

• Active Members
• 18,879 posts

Posted 22 January 2006 - 02:58 AM

I know how AutoIt is achieving the effect, but why does the source code matter at all? I thought the point of this thread was hacking things in memory, not removing lines of code from the source file and re-compiling. How does knowing the source code help Gene at all? Why do you even mention it?

And where are you modifying the internals of AutoIt's MessageBox handling? I see you writing to memory a couple times but I can't see any difference in behavior that suggests you've modified how AutoIt is handling the MessageBox.

### #33 Gene

Gene

Universalist

• Active Members
• 494 posts

Posted 22 January 2006 - 03:55 AM

@w0uter

I realize that you're referencing the 4th MsgBox parameter and the number is multiplied times 1000 clicks per second. If I had the src code I could find that snippet, but would have no idea what to do with it. No "C/C++" skills here. I was hoping you'd add that functionality in a UDF if it wasn't too much trouble.

In attempting to try out your code in the first post, I created the attached file. When running the compiled script it errored saying that it couldn't execute the external file on lines 77 and 123. I edited them as shown below, now it runs, but says it can't find "K:\AutoIt3ExecuteLine".

;$i_Pid = Run(@ScriptFullPath & " /AutoIt3ExecuteLine ""MsgBox$i_Pid = Run("K:\Local\Prog\AutoIt3\beta\AutoIt3.exe /AutoIt3ExecuteLine ""MsgBox

I'm running Win2K SP 4, 256MB RAM, several GB free space, IE 6.x SP1

Gene

Edit: H'mmmn, didn't see Valiks post.

i think you are mistaken. i hacked autoits internal handeling of the MsgBox Command.

After looking at the source for like ~60 seconds my guess would be to hack "vParams[3].nValue() * 1000" out of the source code.

Edited by Gene, 22 January 2006 - 04:01 AM.

Thanks for the response.GeneYes, I know the punctuation is not right...

### #34 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 22 January 2006 - 01:16 PM

I know how AutoIt is achieving the effect, but why does the source code matter at all? I thought the point of this thread was hacking things in memory, not removing lines of code from the source file and re-compiling. How does knowing the source code help Gene at all? Why do you even mention it?

And where are you modifying the internals of AutoIt's MessageBox handling? I see you writing to memory a couple times but I can't see any difference in behavior that suggests you've modified how AutoIt is handling the MessageBox.

Source code just makes it easyer to know what to hack out in the memory.

As you probly know windows loads the code in the memory. Meaning that that line from the sourcecode will also be there.
(even though it is now converted to byte-code) thus making you able to remove that multiply in memory.

in version 103 its located at:
004177F0 69C0 E8030000 IMUL EAX,EAX,3E8

And by modifieng autoits handleing i ment that where it normaly would push the parameters for MessageBox on the stack it would this time push my parameters on the stack.

Plain Text
#region _Mem()

Func _MemOpen($i_Pid,$i_Access = 0x1F0FFF, $i_Inherit = 0) Local$av_Return[2] = [DllOpen('kernel32.dll') ]
Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int',$i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0])
SetError(1)
Return 0
EndIf
$av_Return[1] =$ai_Handle[0]
Return $av_Return EndFunc ;==>_MemOpen Func _MemWrite($ah_Mem, $i_Address,$v_Inject)
Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int',$i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
Return $av_Call[0] EndFunc ;==>_MemWrite Func _MemClose($ah_Mem)
Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) DllClose($ah_Mem[0])
Return $av_Ret[0] EndFunc ;==>_MemClose Func _MemCreate($1, $2 = 0,$3 = 0, $4 = 0,$5 = 0, $6 = 0,$7 = 0, $8 = 0,$9 = 0, $10 = 0,$11 = 0, $12 = 0,$13 = 0, $14 = 0,$15 = 0, _
$16 = 0,$17 = 0, $18 = 0,$19 = 0, $20 = 0,$21 = 0, $22 = 0,$23 = 0, $24 = 0,$25 = 0, $26 = 0,$27 = 0, $28 = 0,$29 = 0, _
$30 = 0,$31 = 0, $32 = 0,$33 = 0, $34 = 0,$35 = 0, $36 = 0,$37 = 0, $38 = 0,$39 = 0, $40 = 0,$41 = 0, $42 = 0,$43 = 0, _
$44 = 0,$45 = 0, $46 = 0,$47 = 0, $48 = 0,$49 = 0, $50 = 0,$51 = 0, $52 = 0,$53 = 0, $54 = 0,$55 = 0, $56 = 0,$57 = 0, _
$58 = 0,$59 = 0, $60 = 0,$61 = 0, $62 = 0,$63 = 0, $64 = 0,$65 = 0, $66 = 0,$67 = 0, $68 = 0,$69 = 0, $70 = 0,$71 = 0, _
$72 = 0,$73 = 0, $74 = 0,$75 = 0, $76 = 0,$77 = 0, $78 = 0,$79 = 0, $80 = 0,$81 = 0, $82 = 0,$83 = 0, $84 = 0,$85 = 0, _
$86 = 0,$87 = 0, $88 = 0,$89 = 0, $90 = 0,$91 = 0, $92 = 0,$93 = 0, $94 = 0,$95 = 0, $96 = 0,$97 = 0, $98 = 0,$99 = 0)
If IsString($1) Then$1 = StringSplit($1, '') Local$v_Helper = DllStructCreate('byte[' & UBound($1) & ']') For$i = 1 To UBound($1) - 1 DllStructSetData($v_Helper, 1, Asc($1[$i]), $i) Next Else Local$v_Helper = DllStructCreate('byte[' & @NumParams & ']')
For $i = 1 To @NumParams DllStructSetData($v_Helper, 1, Eval($i),$i)
Next
EndIf
Return $v_Helper EndFunc ;==>_MemCreate #endregion$i_Open = _MemOpen(@autoitpid)
_MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90)) _MemClose($i_Open)

MsgBox(0, 'title', 'text', 500)

Edited by w0uter, 22 January 2006 - 01:35 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #35 Valik

Valik

Former developer.

• Active Members
• 18,879 posts

Posted 22 January 2006 - 03:14 PM

I added a ConsoleWrite() just to show what version I was using:
3.1.1.103
>Exit code: 0   Time: 17.159

That's 17 seconds, after I grew tired of waiting for it to disappear. I suspect it would of taken 500 seconds. I don't know what instructions you set to NOP but they weren't the right ones.

### #36 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 22 January 2006 - 04:01 PM

you must compile it to work, i should have been more precise

Edited by w0uter, 22 January 2006 - 04:02 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

### #37 Valik

Valik

Former developer.

• Active Members
• 18,879 posts

Posted 22 January 2006 - 05:18 PM

Ahh, I did not run it compiled. Well, that exposes a second fundamental problem. Not only must we use the right version of AutoIt, we must also use it compiled (or not, depending on how it was tested). It's a nice proof of concept, maybe, but the things that you're trying to do aren't that practical.

### #38 Gene

Gene

Universalist

• Active Members
• 494 posts

Posted 22 January 2006 - 06:37 PM

I downloaded and installed beta 103, compiled your code below. Outstanding! I can use this for problem tracing. After a little experimenting I find that something between 1/8 and 1/4 second is as fast as I can deal with. Thank you for the added feature.

Gene

Plain Text
#region _Mem()

Func _MemOpen($i_Pid,$i_Access = 0x1F0FFF, $i_Inherit = 0) Local$av_Return[2] = [DllOpen('kernel32.dll') ]
Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int',$i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0])
SetError(1)
Return 0
EndIf
$av_Return[1] =$ai_Handle[0]
Return $av_Return EndFunc ;==>_MemOpen Func _MemWrite($ah_Mem, $i_Address,$v_Inject)
Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int',$i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
Return $av_Call[0] EndFunc ;==>_MemWrite Func _MemClose($ah_Mem)
Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) DllClose($ah_Mem[0])
Return $av_Ret[0] EndFunc ;==>_MemClose Func _MemCreate($1, $2 = 0,$3 = 0, $4 = 0,$5 = 0, $6 = 0,$7 = 0, $8 = 0,$9 = 0, $10 = 0,$11 = 0, $12 = 0,$13 = 0, $14 = 0,$15 = 0, _
$16 = 0,$17 = 0, $18 = 0,$19 = 0, $20 = 0,$21 = 0, $22 = 0,$23 = 0, $24 = 0,$25 = 0, $26 = 0,$27 = 0, $28 = 0,$29 = 0, _
$30 = 0,$31 = 0, $32 = 0,$33 = 0, $34 = 0,$35 = 0, $36 = 0,$37 = 0, $38 = 0,$39 = 0, $40 = 0,$41 = 0, $42 = 0,$43 = 0, _
$44 = 0,$45 = 0, $46 = 0,$47 = 0, $48 = 0,$49 = 0, $50 = 0,$51 = 0, $52 = 0,$53 = 0, $54 = 0,$55 = 0, $56 = 0,$57 = 0, _
$58 = 0,$59 = 0, $60 = 0,$61 = 0, $62 = 0,$63 = 0, $64 = 0,$65 = 0, $66 = 0,$67 = 0, $68 = 0,$69 = 0, $70 = 0,$71 = 0, _
$72 = 0,$73 = 0, $74 = 0,$75 = 0, $76 = 0,$77 = 0, $78 = 0,$79 = 0, $80 = 0,$81 = 0, $82 = 0,$83 = 0, $84 = 0,$85 = 0, _
$86 = 0,$87 = 0, $88 = 0,$89 = 0, $90 = 0,$91 = 0, $92 = 0,$93 = 0, $94 = 0,$95 = 0, $96 = 0,$97 = 0, $98 = 0,$99 = 0)
If IsString($1) Then$1 = StringSplit($1, '') Local$v_Helper = DllStructCreate('byte[' & UBound($1) & ']') For$i = 1 To UBound($1) - 1 DllStructSetData($v_Helper, 1, Asc($1[$i]), $i) Next Else Local$v_Helper = DllStructCreate('byte[' & @NumParams & ']')
For $i = 1 To @NumParams DllStructSetData($v_Helper, 1, Eval($i),$i)
Next
EndIf
Return $v_Helper EndFunc ;==>_MemCreate #endregion$i_Open = _MemOpen(@autoitpid)
_MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90)) _MemClose($i_Open)

MsgBox(0, 'title', 'text', 500)

Thanks for the response.GeneYes, I know the punctuation is not right...

### #39 Valik

Valik

Former developer.

• Active Members
• 18,879 posts

Posted 22 January 2006 - 06:53 PM

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt. I know with SciTE I can insert trace statements for any variable I want or I can insert a trace of all function calls (Like a call stack) for an entire file just with hotkeys. I rarely use message boxes for debugging and I definitely never needed to hack AutoIt to do it.

In addition, the moment 3.1.1.104 comes out, w0uter will have to give you a new base address. Is this really practical for you to hack AutoIt each release to ensure you can debug code when their are tons of other, more suitable ways of doing it?

### #40 w0uter

w0uter

resreveR nA

• Active Members
• 2,262 posts

Posted 22 January 2006 - 09:12 PM

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt.

i agree, i always use consolewrite for debugging.
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#### 0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users