FinalVersion Posted March 31, 2010 Share Posted March 31, 2010 (edited) I didn't create this, just been sitting on my hard drive.The last memory udf I seen, didn't include a couple of the functions in this one.Functions:_MemOpen()_MemRead()_MemWrite()_MemClose()_MemCreate()_MemRev()_MemAlloc()_MemFree()_MemText()expandcollapse popup#region _Mem() Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0) Local $av_Return[2] = [DllOpen('kernel32.dll') ] Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0]) SetError(1) Return 0 EndIf $av_Return[1] = $ai_Handle[0] Return $av_Return EndFunc ;==>_MemOpen Func _MemRead($ah_Mem, $i_Address, $i_Size = 0) If $i_Size = 0 Then Local $v_Return = '' Local $v_Struct = DllStructCreate('byte[1]') Local $v_Ret While 1 $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '') $v_Ret = DllStructGetData($v_Struct, 1) If $v_Ret = 0 Then ExitLoop $v_Return &= Chr($v_Ret) $i_Address += 1 WEnd Else Local $v_Struct = DllStructCreate('byte[' & $i_Size & ']') Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '') Local $v_Return[$v_Ret[4]] For $i = 0 To $v_Ret[4] - 1 $v_Return[$i] = DllStructGetData($v_Struct, 1, $i + 1) Next EndIf Return $v_Return EndFunc ;==>_MemRead Func _MemWrite($ah_Mem, $i_Address, $v_Inject) Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '') Return $av_Call[0] EndFunc ;==>_MemWrite Func _MemClose($ah_Mem) Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) DllClose($ah_Mem[0]) Return $av_Ret[0] EndFunc ;==>_MemClose Func _MemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _ $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _ $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _ $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _ $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _ $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _ $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0) If IsString($1) Then $1 = StringSplit($1, '') Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']') For $i = 1 To UBound($1) - 1 DllStructSetData($v_Helper, 1, Asc($1[$i]), $i) Next Else Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']') For $i = 1 To @NumParams DllStructSetData($v_Helper, 1, Eval($i), $i) Next EndIf Return $v_Helper EndFunc ;==>_MemCreate Func _MemRev($v_DWORD) If UBound($v_DWORD) = 4 Then Return '0x' & Hex($v_DWORD[3], 2) & Hex($v_DWORD[2], 2) & Hex($v_DWORD[1], 2) & Hex($v_DWORD[0], 2) Local $v_Ret[4] = ['0x' & StringMid(Hex($v_DWORD, 8), 7, 2), '0x' & StringMid(Hex($v_DWORD, 8), 5, 2), '0x' & StringMid(Hex($v_DWORD, 8), 3, 2), '0x' & StringMid(Hex($v_DWORD, 8), 1, 2) ] Return $v_Ret EndFunc ;==>_MemRev Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40) Switch @OSVersion Case "WIN_ME", "WIN_98", "WIN_95" $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', BitOR($i_AT, 0x8000000), 'int', $i_Protect) Case Else $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect) EndSwitch Return $av_Alloc[0] EndFunc ;==>_MemAlloc Func _MemFree($ah_Mem, $i_Address) Switch @OSVersion Case "WIN_ME", "WIN_98", "WIN_95" $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', 0, 'int', 0x8000) Case Else $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000) EndSwitch Return $av_Free[0] EndFunc ;==>_MemFree Func _MemText($ah_Mem, $s_Text) Local $i_Size = StringLen($s_Text) + 1 Local $i_Addr = _MemAlloc($ah_Mem, $i_Size) _MemWrite($ah_Mem, $i_Addr, _MemCreate($s_Text)) Return $i_Addr EndFunc ;==>_MemText #endregion Edited March 31, 2010 by FinalVersion [center][+] Steam GUI [+][+] Clipboard Tool [+][+] System :: Uptime [+][+] StarCraft II Mouse Trap [+][/center] Link to comment Share on other sites More sharing options...
Ascend4nt Posted March 31, 2010 Share Posted March 31, 2010 (edited) The read/write operations aren't x64 safe and the last parameter is a pointer to a variable (just checked my own process manipulation UDF).Here's my Read call:Local $aRet=DllCall("kernel32.dll","bool","ReadProcessMemory","handle",$hProcess,"ptr",$pSource,"ptr",$pDest,"ulong_ptr",$iNumBytes,"ulong_ptr*",0)And my Write call:Local $aRet=DllCall("kernel32.dll","bool","WriteProcessMemory","handle",$hProcess,"ptr", $pDest,"ptr",$pSource,"ulong_ptr",$iNumBytes,"ulong_ptr*",0)*Edit: actually, there's more than just those ones.. the OpenProcess and memory allocation/free functions are wrong too.. you should check MSDN and update this stuff. You could also just use some of the standard UDF's (<Memory.au3> for allocation/freeing* Found out where that UDF really originated from: 'new _Mem functions' by w0uter Edited April 2, 2010 by Ascend4nt My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
FinalVersion Posted March 31, 2010 Author Share Posted March 31, 2010 As I said in my first post, I didn't make this. And it worked last time I used it. [center][+] Steam GUI [+][+] Clipboard Tool [+][+] System :: Uptime [+][+] StarCraft II Mouse Trap [+][/center] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now