Jump to content

[Help] Nomad doesnt work with 64bit?

gononono64
 Share

Recommended Posts

gononono64 Wayfarer

gononono64

Posted
Posted

Okay, so I've been screwing around with Memory trying to figure out exactly how everything works. One Include code i absolutely love is NomadMemory.au3 .

Only after finding a resent update of it, with a new function (_MemoryGetBaseAddress) I found that this function didn't work. After reading online I've noticed that a lot of users with 64 bit had problems with it. Now I've made the simplest program that i could and unless i am improperly using the function i do not know what is wrong with code. (i assume that its something wrong with nomad)

I am not advanced enough to fix it, so if someone could point me in the right direction or maybe possibly even fix it it would be much appreciated.

NomadMemory.au3 func:

;===================================================================================================

; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
;
; Description.....:  Reads the 'Allocation Base' from the open process.
;
; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
;                               process as returned by _MemoryOpen().
;                    $iHD - Return type:
;                       |0 = Hex (Default)
;                       |1 = Dec
;
; Requirement(s)..:  A valid process ID.
;
; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
;                    On Failure - Returns 0 and sets @Error to:
;                  |1 = Invalid $ah_Handle.
;                  |2 = Failed to find correct allocation address.
;                  |3 = Failed to read from the specified process.
;
; Author(s).......:  Nomad. Szhlopp.
; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
;===================================================================================================

Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0)

    Local $iv_Address = 0x00100000
    Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
    Local $vData
    Local $vType

    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf


    DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))

    If Not @Error Then

        $vData = Hex(DllStructGetData($v_Buffer, 2))
        $vType = Hex(DllStructGetData($v_Buffer, 3))

        While $vType <> "00000080"
            DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
            $vData = Hex(DllStructGetData($v_Buffer, 2))
            $vType = Hex(DllStructGetData($v_Buffer, 3))
            If Hex($iv_Address) = "01000000" Then ExitLoop
            $iv_Address += 65536

        WEnd

        If $vType = "00000080" Then
            SetError(0)
            If $iHexDec = 1 Then
                Return Dec($vData)
            Else
                Return $vData
            EndIf

        Else
            SetError(2)
            Return 0
        EndIf

    Else
        SetError(3)
        Return 0
    EndIf

EndFunc   ;==>_MemoryGetBaseAddress

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local   $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

My little piece of code:

#include <NomadMemory.au3>
#RequireAdmin
SetPrivilege("SeDebugPrivilege", 1)

$Handle = _MemoryOpen(ProcessExists("firefox.exe"))
If @error Then
    MsgBox(0,"Error","No handle found")
    Exit
EndIf

$Base = _MemoryGetBaseAddress($Handle,0)

if @error Then
    MsgBox (0,"Error","Something is wrong with nomade. @Error Returned : " & @error)
Else
    MsgBox (0,"Success",$Base)
EndIf

P.S Ive tried with many other programs, not just ff.

Also someone mentioned something about the value of $iv_Address... but did not explain

  • 2 weeks later...
KaFu Universalist

KaFu

Posted
Posted

My Firefox installation is a 32bit process. Afaig ( = as far as i googled :x) 64bit Firefox is only available as an experimental version. Maybe using the #AutoIt3Wrapper_UseX64=n directive will already solve your problem?

de.png OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu
prog_icon_amt.png AMT - Auto-Movie-Thumbnailer (2024-Oct-13) prog_icon_bic.png BIC - Batch-Image-Cropper (2023-Apr-01) prog_icon_cop.png COP - Color Picker (2009-May-21)
prog_icon_dcs.png DCS - Dynamic Cursor Selector (2024-Oct-13) prog_icon_hmw.png HMW - Hide my Windows (2024-Oct-19) prog_icon_hrc.png HRC - HotKey Resolution Changer (2012-May-16) 
prog_icon_icu.png ICU - Icon Configuration Utility (2018-Sep-16) prog_icon_smf.png SMF - Search my Files (2025-May-18) - THE file info and duplicates search tool prog_icon_ssd.png SSD - Set Sound Device (2017-Sep-16)

  • 1 month later...
  • 11 months later...
FaridAgl Universalist

FaridAgl

Posted
Posted

Try this out,

SeDebugPrivilege()
$sExecutable = 'firefox.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
MsgBox(0, '', _
ProcessModuleGetBaseAddress($hProcess, $sExecutable))
CloseHandle($hProcess)
Func SeDebugPrivilege()
Local $iTokenIndex = 1
Local $Struct = DllStructCreate('DWORD;int')
Local $TOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
While $iTokenIndex <= 1
  Local $bPrivilegeValue = DllCall('advapi32.dll', _
    'BOOL', 'LookupPrivilegeValue', _
    'str', '', _
    'str', 'SeDebugPrivilege', _ ;SE_DEBUG_NAME
    'ptr', DllStructGetPtr($Struct))
  If $bPrivilegeValue[0] Then
   DllStructSetData($TOKEN_PRIVILEGES, 2, 0x00000002, (3 * $iTokenIndex)) ;SE_PRIVILEGE_ENABLED
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 1), (3 * ($iTokenIndex - 1)) + 1)
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 2), (3 * ($iTokenIndex - 1)) + 2)
   DllStructSetData($Struct, 1, 0)
   DllStructSetData($Struct, 2, 0)
  EndIf
  $iTokenIndex += 1
WEnd
Local $hCurrentProcess = DllCall('kernel32.dll', _
   'HANDLE', 'GetCurrentProcess')
Local $hProcessToken = DllCall('advapi32.dll', _
   'BOOL', 'OpenProcessToken', _
   'HANDLE', $hCurrentProcess[0], _
   'DWORD', 0x00000020 + 0x00000008, _ ;TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY
   'HANDLE*', '')
Local $NEWTOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllCall('advapi32.dll', _
   'BOOL', 'AdjustTokenPrivileges', _
   'HANDLE', $hProcessToken[3], _
   'BOOL', False, _
   'ptr', DllStructGetPtr($TOKEN_PRIVILEGES), _
   'DWORD', DllStructGetSize($NEWTOKEN_PRIVILEGES), _
   'ptr', '', _
   'DWORD*', '')
DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcessToken[3])
EndFunc
Func OpenProcess($iProcessID)
Local $hProcess = DllCall('kernel32.dll', _
   'HANDLE', 'OpenProcess', _
   'DWORD', 0x1F0FFF, _ ;DesiredAccess = PROCESS_ALL_ACCESS
   'BOOL', True, _ ;InheritHandle = True
   'DWORD', $iProcessID)
Return $hProcess[0]
EndFunc
Func ProcessModuleGetBaseAddress($hProcess, $sModuleName)
Local $ModulesMax = DllStructCreate('ptr[1024]')
Local $iProcessModules = DllCall('psapi.dll', _
   'BOOL', 'EnumProcessModules', _
   'HANDLE', $hProcess, _
   'ptr', DllStructGetPtr($ModulesMax), _
   'DWORD', DllStructGetSize($ModulesMax), _
   'DWORD*', '')
Local $sModuleBaseName
For $i = 1 To $iProcessModules[4] / 4
  $sModuleBaseName = DllCall('psapi.dll', _
    'DWORD', 'GetModuleBaseNameW', _
    'HANDLE', $hProcess, _
    'ptr', DllStructGetData($ModulesMax, 1, $i), _
    'wstr', '', _
    'DWORD', 256)
  If $sModuleBaseName[3] = $sModuleName Then Return DllStructGetData($ModulesMax, 1, $i)
Next
EndFunc
Func CloseHandle($hProcess)
Local $bResult = DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcess)
Return $bResult[0]
EndFunc

http://faridaghili.ir

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...