Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

new _Mem functions


  • Please log in to reply
196 replies to this topic

#141 NegativeNrG

NegativeNrG

    Prodigy

  • Active Members
  • PipPipPip
  • 169 posts

Posted 27 May 2006 - 04:03 AM

hmm, so if you want to write double, it would be

$double = DllStructCreate('double') DllStructSetData($double,1,0xVALUE) _MemWrite($pid,0xADDRESS,$double)

?

Edited by NegativeNrG, 27 May 2006 - 04:05 AM.

My File UploadRegister at my site and upload.







#142 Nomad

Nomad

    Disgruntled Ex-member

  • Active Members
  • PipPipPipPipPipPip
  • 431 posts

Posted 27 May 2006 - 10:05 AM

ASCII To Decimal Conversion And Back Again
(As seen in SciTE with default colours PS some one should make a script for this would be handy for posting code on forums :) )

#include <string.au3>
$Process = "egprocess.exe"
$Pid = ProcessExists($Process)
$h_open = _MemOpen($pid)
$ASCII = _MemRead($h_open, 0x77D67807,0)

;~ ASCII To Decimal
$ASCII = "*/"
$Temp = _StringReverse($ASCII)
$Temp = _StringToHex($Temp)
$dec = Dec($Temp)
MsgBox(0, "ASCII To Decimal", "ASCII: " & $ASCII & @LF & "Hex: " & $Temp & @LF & "Decimal: " & $dec)

;~ Decimal To ASCII
$dec = 12074
$Hex = Hex($dec,8)
$Temp = _HexToString($Hex)
$ASCII = _StringReverse($Temp)
MsgBox(0, "Decimal To ASCII", "Decimal: " & $dec & @LF & "Hex: " & $Hex & @LF & "ASCII: " & $ASCII)

_________________________________________________________________________________________________

@Analritter
No problems and Cheers NOTE: Your code is too far advanced compared to my level of AutoIt at the moment. But i am in to memory editing with other programs and botting with AutoIt so i would love to have them both rolled into the one program (i sorta understand memory editing and Cheat Engine 5.2 makes it easy)

@w0uter
Would you be able to look into getting the "_MemWrite" Working as this would be a very useful feature. The only feature that i can really use these for at the moment is just like a stats program on the application but no real editing of these values



Thanks!! I didn't realize the output was in ASCII and needed converted. :(
Posted Image

#143 erifash

erifash

    autoit - think free

  • Active Members
  • PipPipPipPipPipPip
  • 517 posts

Posted 27 May 2006 - 09:44 PM

well i think u need also float values to write a teleport-hack...

i would like to see more types of values and not only byte if that would be possible :(

hmm, so if you want to write double, it would be

$double = DllStructCreate('double') DllStructSetData($double,1,0xVALUE) _MemWrite($pid,0xADDRESS,$double)

?

After looking further into this I modified some of w0uter's functions and now you can use different data types with it. The types were gotten from the AutoIt help file for DllStructCreate(). Append this to w0uter's code to run the example:

AutoIt         
Global Const $MEM_STRING = '' Global Const $MEM_BYTE = 'byte'     ; 1 Global Const $MEM_UBYTE = 'ubyte'   ; 1 Global Const $MEM_CHAR = 'char'     ; 1 Global Const $MEM_SHORT = 'short'   ; 2 Global Const $MEM_USHORT = 'ushort' ; 2 Global Const $MEM_INT = 'int'       ; 4 Global Const $MEM_UINT = 'uint'     ; 4 Global Const $MEM_DWORD = 'dword'   ; 4 Global Const $MEM_UDWORD = 'udword' ; 4 Global Const $MEM_PTR = 'ptr'       ; 4 Global Const $MEM_FLOAT = 'float'   ; 4 Global Const $MEM_DOUBLE = 'double' ; 8 Global Const $MEM_INT64 = 'int64'   ; 8 Global Const $MEM_UINT64 = 'uint64' ; 8 Func _MemReadType( $ah_Mem, $i_Address, $s_Type = '' )     If $s_Type = $MEM_STRING Then         Local $v_Return = ''         Local $v_Struct = DllStructCreate('byte[1]')         Local $v_Ret         While 1             DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')             $v_Ret = DllStructGetData($v_Struct, 1)             If $v_Ret = 0 Then ExitLoop             $v_Return &= Chr($v_Ret)             $i_Address += 1         WEnd     Else         Local $v_Struct = DllStructCreate($s_Type)         DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', _SizeOf($s_Type), 'int', '')         Local $v_Return = DllStructGetData($v_Struct, 1, 1)     EndIf     Return $v_Return EndFunc  ;==>_MemReadType Func _MemCreateType( $v_Data, $s_Type = '' )     If $s_Type = $MEM_STRING Then         $v_Data = StringSplit($v_Data, '')         Local $v_Struct = DllStructCreate('byte[' & $v_Data[0] + 1 & ']')         For $i = 1 To $v_Data[0]             DllStructSetData($v_Struct, 1, Asc($v_Data[$i]), $i)         Next     Else         Local $v_Struct = DllStructCreate($s_Type)         DllStructSetData($v_Struct, 1, $v_Data, 1)     EndIf     Return $v_Struct EndFunc  ;==>_MemCreateType Func _SizeOf( $s_Type )     Local $v_Struct = DllStructCreate($s_Type), $i_Size = DllStructGetSize($v_Struct)     $v_Struct = 0     Return $i_Size EndFunc  ;==>_SizeOf $i_Open = _MemOpen(@AutoItPID) $i_Addr = _MemAlloc($i_Open, _SizeOf($MEM_FLOAT)) _MemWrite($i_Open, $i_Addr, _MemCreateType(-0.12345678912345, $MEM_FLOAT)) MsgBox(0, 'Address: 0x' & $i_Addr, _MemReadType($i_Open, $i_Addr, $MEM_FLOAT)) _MemFree($i_Open, $i_Addr) _MemClose($i_Open)

The only problem with this is that in the example there are junk numbers on the end of the float. W0uter, do you have any insight on this? :)

Edited by erifash, 03 June 2006 - 11:31 PM.


#144 erifash

erifash

    autoit - think free

  • Active Members
  • PipPipPipPipPipPip
  • 517 posts

Posted 29 May 2006 - 03:18 PM

I have updated the code above, as parts of it were confusing and unnecessary. I have no clue what the problem might be. Any ideas? :)

Edited by erifash, 03 June 2006 - 11:44 PM.


#145 julmae

julmae

    Seeker

  • Active Members
  • 25 posts

Posted 31 May 2006 - 04:47 PM

mmh anyone know why this happens to me ?

Posted Image

#146 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 31 May 2006 - 05:10 PM

you have it in 'string' mode

add a number of bytes that it should read.
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#147 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 13 June 2006 - 01:05 PM

i'm kinda new to this udf, so i'm gonna give it a try, but it seems it aint working for me
i know the adress is correct, since Tsearch and cheat engine both give the needed float.

but when i try it with autoit, it returns nothing.
$PID = ProcessExists ( "rbo_ex2.exe" ) $rboMEM = _MemOpen($PID) ConsoleWrite("memopen"&@CR) $test = _MemRead($rboMEM,0x00BD3B6F) ConsoleWrite($test&@CR)

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#148 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 13 June 2006 - 03:13 PM

You also read in 'string' mode.

add a number of bytes that it should read.


My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#149 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 13 June 2006 - 03:22 PM

so it should be

_MemRead($rboMEM,0x00BD3B6F,????)

but howmuch bytes is a float ?

i just tryed 4 bytes, and the msg box is just empty

Edited by zeroZshadow, 13 June 2006 - 03:31 PM.

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#150 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 13 June 2006 - 03:29 PM

that depends.

float32 = 4 bytes
float64 = 8 bytes
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#151 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 13 June 2006 - 04:30 PM

tryed both now, still NO value returned -.-

i did check if the pid was correct
and if it passed every step

i used:
$PID = ProcessExists ( "rbo_ex2.exe" ) if $PID = 0 Then     MsgBox(0,"error","could not open file")     Exit EndIf $rboMEM = _MemOpen($PID) ConsoleWrite("memopen"&@CR) $test = _MemRead($rboMEM,0x00BD3B6F,8) MsgBox(0,"debug",$test)

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#152 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 13 June 2006 - 04:31 PM

$test is an array.

i should really document my functions more :D

Edited by w0uter, 13 June 2006 - 04:32 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#153 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 13 June 2006 - 05:17 PM

ya u should -.- make a nice description per function xD

oke i just tested it

$test[0] gives 0
$test[1] gives (if 8 bytes) -73 (if 4 bytes) 44

but it SHOULD be 6.38543684223533E-41

strange he -.-

Edited by zeroZshadow, 13 June 2006 - 05:21 PM.

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#154 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 17 June 2006 - 09:52 AM

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#155 erifash

erifash

    autoit - think free

  • Active Members
  • PipPipPipPipPipPip
  • 517 posts

Posted 17 June 2006 - 04:31 PM

I have been fooling around with the idea of a simple memory editor in AutoIt. It uses some of my modified memory functions but it doesn't exactly work. I know that I might not be using these in the correct way and I'm really not all that experienced with the memory functions. Could someone throw any ideas or suggestions my way as to what might the problem be? :D The code is attached.

Attached File  Memory_GUI.au3   6.72KB   376 downloads

#156 xXx

xXx

    Seeker

  • Active Members
  • 28 posts

Posted 19 June 2006 - 06:10 PM

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly

i dont think this functions can read/write floats..

#157 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 19 June 2006 - 07:44 PM

really ?? that would suck big time
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...

#158 xXx

xXx

    Seeker

  • Active Members
  • 28 posts

Posted 20 June 2006 - 03:07 PM

really ?? that would suck big time

it would but dont be sure that its not possible with this functions ask the coder who did that he might know what it is possible and what not

#159 w0uter

w0uter

    resreveR nA

  • Active Members
  • PipPipPipPipPipPip
  • 2,262 posts

Posted 20 June 2006 - 03:24 PM

it can only read bytes 'out of the box'.

life takes up too much time to make a better version.

you can however just modify the call to make it read floats.

Edited by w0uter, 20 June 2006 - 03:25 PM.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

#160 zeroZshadow

zeroZshadow

    Autoit Veteran

  • Active Members
  • PipPipPipPipPipPip
  • 421 posts

Posted 20 June 2006 - 07:50 PM

wadda ya mean with, modify the call ?
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users