Azothoras Posted January 21, 2010 Share Posted January 21, 2010 Hi, I am trying to read a programs memory (The entire programs memory) I've managed to make it quiet fast but then it's 100 spaces of memory in one line in the array. I want 1 memory adress read to be 1 slot in the array. _WinAPI_ReadProcessMemory($hProcess, $startadress, DllStructGetPtr($pBuffer), $step, $iRead) $step is set to 200 ATM... And all works well except that when I later call DllStructGetData($pBuffer, 1) It return all the memory that was read in one line and not in an array. I know I can divide the string into an array etc but this takes time when I am scanning an entire program. _WinAPI_ReadProcessMemory($hProcess, $startadress, $arraytoreadto, $step, $iRead) I would like this to work but it doesn't _WinAPI_ return some error when I try this. So can this be done? And if it can please teach me how // IzC Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2010 Share Posted January 21, 2010 You can access any member of that array like this: DllStructGetData($pBuffer, 1, $iIndexOfWantedMember) ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Azothoras Posted January 21, 2010 Author Share Posted January 21, 2010 You can access any member of that array like this: DllStructGetData($pBuffer, 1, $iIndexOfWantedMember) Yeah I already knew that but is there a way to access the entire array right away? Like can I somehow use _ArrayConcatenate() ..? Or similiar or do I have to create a For loop? For $x=1 to StringLen(DllStructGetData($pBuffer, 1))/2-1 $desiredarray[$x+step] = DllStructGetData($pBuffer, 1, $x) Next This works but it's not optimal... Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2010 Share Posted January 21, 2010 (edited) Yeah I already knew that but is there a way to access the entire array right away? Like can I somehow use _ArrayConcatenate() ..? Or similiar or do I have to create a For loop? For $x=1 to StringLen(DllStructGetData($pBuffer, 1))/2-1 $desiredarray[$x+step] = DllStructGetData($pBuffer, 1, $x) Next This works but it's not optimal... Aha, you mean to use the _Array... functions on structure. No, you can't do that. Those are two different types. Edited January 21, 2010 by trancexx ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Azothoras Posted January 21, 2010 Author Share Posted January 21, 2010 Aha, you mean to use the _Array... functions on structure. No, you can't do that. Those are two different types.Ok, can I use something else instead of dllstruct to get the value out then? Link to comment Share on other sites More sharing options...
trancexx Posted January 21, 2010 Share Posted January 21, 2010 Ok, can I use something else instead of dllstruct to get the value out then?No._WinAPI_ReadProcessMemory() is calling directly ReadProcessMemory function from kernel32.dll.That function requires a pointer to a buffer that receives... That means address of some (free) space that you must provide. In AutoIt you get that address by doing DllStructGetPtr() on created structure (allocated space). ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Azothoras Posted January 24, 2010 Author Share Posted January 24, 2010 Ty for replies and help... Local $randomarray[200] I know this isn't a pointer but doesn't it allocate space..? Also wouldn't it be possible to get a pointer to this then..? Link to comment Share on other sites More sharing options...
trancexx Posted January 24, 2010 Share Posted January 24, 2010 Ty for replies and help... Local $randomarray[200] I know this isn't a pointer but doesn't it allocate space..? Also wouldn't it be possible to get a pointer to this then..? It's much more complicated than it seems at first glance. You can't get that pointer. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
SXGuy Posted January 25, 2010 Share Posted January 25, 2010 (edited) I might be way off with what you want, but i think i was trying something similar a few days ago. Using GetBaseAddress as a starting point and reading however many bytes i needed to read. Dividing bytes by each increment of the base address. Then i try to output results to a console, but i was just getting nothing returned. example: While $BaseAddress $Array = _WinAPI_ReadProcessMemory($hProcess, "0x" & HEX($BaseAddress),'byte[1]') $baseAddress = $BaseAddress+1 ConsoleWrite() ;do some console writing based on $Array If $BaseAddress = Dec("7FFFFFFF") Then Call ("Submit") WEnd Func Submit() While 1 Sleep(10) Wend EndFunc I know im way off with my code, and i know that $Array isnt defined properly, this is just off the top of my head, but i think you can see where i was trying to go with it anyway. Edited January 25, 2010 by SXGuy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now