Sign in to follow this  
Followers 0
dbzfanatic

Memory Scan Not Working

3 posts in this topic

#1 ·  Posted (edited)

Alright my problem is when I try to scan memory from 00000000 to FFFFFFFF it immediately exits the loop (seemingly) without finding any addresses that match. It works with addresses like 00400000 to 7FFFFFFFF and 80000000 to BFFFFFFFF but not the whole range. The function is this.

Func _MemReadLoop($start,$end,$type,$condition)
    $list = ""
    $count = 0
    GUISetState(@SW_DISABLE,$frmMemoryScanner)
    For $i = Dec($start) to Dec($end)
        $length = Dec($end) - Dec($start)
        GUICtrlSetData($prgScan,(($length - (Dec($end) - $i))/$length) * 100)
        $cur_code = _MemoryRead("0x" & Hex($i,8), $Mem_Handle, $type)
        If GUICtrlRead($cboType) <> "Value Between" and GUICtrlRead($cboType) <> "Unknown Initial Value" Then
            If Execute(GUICtrlRead($txtValue1) & $condition & $cur_code) Then
                $list &= Hex($i,8) & "|" & $cur_code & ";"
                $count += 1
            EndIf
        ElseIf GUICtrlRead($cboType) = "Value Between" Then
            If GUICtrlRead($txtValue1) < $cur_code And $cur_code < GUICtrlRead($txtValue2) Then
                $list &= Hex($i,8) & "|" & $cur_code & ";"
                $count += 1
            EndIf
        Else
            $list &= Hex($i,8) & "|" & $cur_code & ";"
            $count += 1
        EndIf
    Next
    GUISetState(@SW_ENABLE,$frmMemoryScanner)
    GUICtrlSetData($prgScan,"0")
    $temp = StringSplit($list,";")
    GUICtrlSetData($lblNumber,"Found: " & $count)
    Return $list
EndFunc

Start and End are obvious. Type is ulong and condition is "=". Everything works so far except when I run those values. I've also tried the start being 0000000F, 00000001, and 00000015 to see if it was because it interpreted the 00000000 address as nothing and exited. I've also set the end to 9FFFFFFFF and that makes no difference either. Can anyone help?

Edit: typo

Edited by dbzfanatic

Share this post


Link to post
Share on other sites



Alright my problem is when I try to scan memory from 00000000 to FFFFFFFF it immediately exits the loop (seemingly) without finding any addresses that match. It works with addresses like 00400000 to 7FFFFFFFF and 80000000 to BFFFFFFFF but not the whole range. The function is this.

Func _MemReadLoop($start,$end,$type,$condition)
    $list = ""
    $count = 0
    GUISetState(@SW_DISABLE,$frmMemoryScanner)
    For $i = Dec($start) to Dec($end)
        $length = Dec($end) - Dec($start)
        GUICtrlSetData($prgScan,(($length - (Dec($end) - $i))/$length) * 100)
        $cur_code = _MemoryRead("0x" & Hex($i,8), $Mem_Handle, $type)
        If GUICtrlRead($cboType) <> "Value Between" and GUICtrlRead($cboType) <> "Unknown Initial Value" Then
            If Execute(GUICtrlRead($txtValue1) & $condition & $cur_code) Then
                $list &= Hex($i,8) & "|" & $cur_code & ";"
                $count += 1
            EndIf
        ElseIf GUICtrlRead($cboType) = "Value Between" Then
            If GUICtrlRead($txtValue1) < $cur_code And $cur_code < GUICtrlRead($txtValue2) Then
                $list &= Hex($i,8) & "|" & $cur_code & ";"
                $count += 1
            EndIf
        Else
            $list &= Hex($i,8) & "|" & $cur_code & ";"
            $count += 1
        EndIf
    Next
    GUISetState(@SW_ENABLE,$frmMemoryScanner)
    GUICtrlSetData($prgScan,"0")
    $temp = StringSplit($list,";")
    GUICtrlSetData($lblNumber,"Found: " & $count)
    Return $list
EndFunc

Start and End are obvious. Type is ulong and condition is "=". Everything works so far except when I run those values. I've also tried the start being 0000000F, 00000001, and 00000015 to see if it was because it interpreted the 00000000 address as nothing and exited. I've also set the end to 9FFFFFFFF and that makes no difference either. Can anyone help?

Edit: typo

This was just what i was looking for thanks.

And btw i think the reason why it works with some ranges and not others, is because you are not defining the range properly, you should be scanning from the base address to the end of the memory block.

i.e 00400000 - wherever it ends

I doubt whatever your scanning is as high as FFFFFFFF, anything in the high region is probably another module loaded into memory, and since you are focusing on the pid of a particular process, it wont scan higher than its own memory block.

hope that helps, sorry im posting in an old thread, but i hope this has helped you none the less.

Share this post


Link to post
Share on other sites

Just curious, how quickly does this work?

I made a similar one and it works EXTREMELY SLOWLY because it scans each address instead of a range of addresses. This creates way too many DLL Calls.

This is a reply I got on how to make it faster. Could you help me with this?

Instead of calling readprocessmemory for every byte, call it to read big chunks of memory and evaluate that

And to figure out what blocks to read, use VirtualQueryEx to find the size and location of readable blocks

Also, do you have the newest memory reader? If you use NomadMemory make sure it has MemoryGetBaseAddress. This will get the base address and you can use that as your start address.

If you need it just ask!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0