_WinAPI_ReadProcessMemory return array

[Azothoras 0]

Hi, I am trying to read a programs memory (The entire programs memory) I've managed to make it quiet fast but then it's 100 spaces of memory in one line in the array.

I want 1 memory adress read to be 1 slot in the array.

_WinAPI_ReadProcessMemory($hProcess, $startadress, DllStructGetPtr($pBuffer), $step, $iRead)

$step is set to 200 ATM... And all works well except that when I later call

DllStructGetData($pBuffer, 1)

It return all the memory that was read in one line and not in an array. I know I can divide the string into an array etc but this takes time when I am scanning an entire program.

_WinAPI_ReadProcessMemory($hProcess, $startadress, $arraytoreadto, $step, $iRead)

I would like this to work but it doesn't _WinAPI_ return some error when I try this.

So can this be done? And if it can please teach me how

// IzC

[trancexx 922]

You can access any member of that array like this:

DllStructGetData($pBuffer, 1, $iIndexOfWantedMember)

[Azothoras 0]

You can access any member of that array like this:

DllStructGetData($pBuffer, 1, $iIndexOfWantedMember)

Yeah I already knew that but is there a way to access the entire array right away?

Like can I somehow use _ArrayConcatenate() ..? Or similiar or do I have to create a For loop?

For $x=1 to StringLen(DllStructGetData($pBuffer, 1))/2-1
    $desiredarray[$x+step] = DllStructGetData($pBuffer, 1, $x)
Next

This works but it's not optimal...

[trancexx 922]

Yeah I already knew that but is there a way to access the entire array right away?

Like can I somehow use _ArrayConcatenate() ..? Or similiar or do I have to create a For loop?

For $x=1 to StringLen(DllStructGetData($pBuffer, 1))/2-1
    $desiredarray[$x+step] = DllStructGetData($pBuffer, 1, $x)
Next

This works but it's not optimal...

Aha, you mean to use the _Array... functions on structure.

No, you can't do that. Those are two different types.

Edited January 21, 2010 by trancexx

[Azothoras 0]

Aha, you mean to use the _Array... functions on structure.

No, you can't do that. Those are two different types.

Ok, can I use something else instead of dllstruct to get the value out then?

[trancexx 922]

Ok, can I use something else instead of dllstruct to get the value out then?

No.

_WinAPI_ReadProcessMemory() is calling directly ReadProcessMemory function from kernel32.dll.

That function requires a pointer to a buffer that receives... That means address of some (free) space that you must provide. In AutoIt you get that address by doing DllStructGetPtr() on created structure (allocated space).

[Azothoras 0]

Ty for replies and help...

Local $randomarray[200]

I know this isn't a pointer but doesn't it allocate space..?

Also wouldn't it be possible to get a pointer to this then..?

[trancexx 922]

Ty for replies and help...

Local $randomarray[200]

I know this isn't a pointer but doesn't it allocate space..?

Also wouldn't it be possible to get a pointer to this then..?

It's much more complicated than it seems at first glance.

You can't get that pointer.

[SXGuy 0]

I might be way off with what you want, but i think i was trying something similar a few days ago.

Using GetBaseAddress as a starting point and reading however many bytes i needed to read.

Dividing bytes by each increment of the base address.

Then i try to output results to a console, but i was just getting nothing returned.

example:

While $BaseAddress
$Array = _WinAPI_ReadProcessMemory($hProcess, "0x" & HEX($BaseAddress),'byte[1]')
$baseAddress = $BaseAddress+1
ConsoleWrite() ;do some console writing based on $Array
If $BaseAddress = Dec("7FFFFFFF") Then Call ("Submit")
WEnd

Func Submit()
While 1
Sleep(10)
Wend
EndFunc

I know im way off with my code, and i know that $Array isnt defined properly, this is just off the top of my head, but i think you can see where i was trying to go with it anyway.

Edited January 25, 2010 by SXGuy