gononono64 Posted January 6, 2011 Share Posted January 6, 2011 Okay, so I've been screwing around with Memory trying to figure out exactly how everything works. One Include code i absolutely love is NomadMemory.au3 . Only after finding a resent update of it, with a new function (_MemoryGetBaseAddress) I found that this function didn't work. After reading online I've noticed that a lot of users with 64 bit had problems with it. Now I've made the simplest program that i could and unless i am improperly using the function i do not know what is wrong with code. (i assume that its something wrong with nomad) I am not advanced enough to fix it, so if someone could point me in the right direction or maybe possibly even fix it it would be much appreciated. NomadMemory.au3 func: expandcollapse popup;=================================================================================================== ; Function........: _MemoryGetBaseAddress($ah_Handle, $iHD) ; ; Description.....: Reads the 'Allocation Base' from the open process. ; ; Parameter(s)....: $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $iHD - Return type: ; |0 = Hex (Default) ; |1 = Dec ; ; Requirement(s)..: A valid process ID. ; ; Return Value(s).: On Success - Returns the 'allocation Base' address and sets @Error to 0. ; On Failure - Returns 0 and sets @Error to: ; |1 = Invalid $ah_Handle. ; |2 = Failed to find correct allocation address. ; |3 = Failed to read from the specified process. ; ; Author(s).......: Nomad. Szhlopp. ; URL.............: http://www.autoitscript.com/forum/index.php?showtopic=78834 ; Note(s).........: Go to Www.CheatEngine.org for the latest version of CheatEngine. ;=================================================================================================== Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0) Local $iv_Address = 0x00100000 Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword') Local $vData Local $vType If Not IsArray($ah_Handle) Then SetError(1) Return 0 EndIf DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer)) If Not @Error Then $vData = Hex(DllStructGetData($v_Buffer, 2)) $vType = Hex(DllStructGetData($v_Buffer, 3)) While $vType <> "00000080" DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer)) $vData = Hex(DllStructGetData($v_Buffer, 2)) $vType = Hex(DllStructGetData($v_Buffer, 3)) If Hex($iv_Address) = "01000000" Then ExitLoop $iv_Address += 65536 WEnd If $vType = "00000080" Then SetError(0) If $iHexDec = 1 Then Return Dec($vData) Else Return $vData EndIf Else SetError(2) Return 0 EndIf Else SetError(3) Return 0 EndIf EndFunc ;==>_MemoryGetBaseAddress Func _MemoryModuleGetBaseAddress($iPID, $sModule) If Not ProcessExists($iPID) Then Return SetError(1, 0, 0) If Not IsString($sModule) Then Return SetError(2, 0, 0) Local $PSAPI = DllOpen("psapi.dll") ;Get Process Handle Local $hProcess Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If $iPID > 0 Then Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID) If $hProcess[0] Then $hProcess = $hProcess[0] EndIf EndIf ;EnumProcessModules Local $Modules = DllStructCreate("ptr[1024]") Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0) If $aCall[4] > 0 Then Local $iModnum = $aCall[4] / 4 Local $aTemp For $i = 1 To $iModnum $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260) If $aTemp[3] = $sModule Then DllClose($PSAPI) Return Ptr(DllStructGetData($Modules, 1, $i)) EndIf Next EndIf DllClose($PSAPI) Return SetError(-1, 0, 0) EndFunc My little piece of code: #include <NomadMemory.au3> #RequireAdmin SetPrivilege("SeDebugPrivilege", 1) $Handle = _MemoryOpen(ProcessExists("firefox.exe")) If @error Then MsgBox(0,"Error","No handle found") Exit EndIf $Base = _MemoryGetBaseAddress($Handle,0) if @error Then MsgBox (0,"Error","Something is wrong with nomade. @Error Returned : " & @error) Else MsgBox (0,"Success",$Base) EndIf P.S Ive tried with many other programs, not just ff. Also someone mentioned something about the value of $iv_Address... but did not explain Link to comment Share on other sites More sharing options...
gononono64 Posted January 15, 2011 Author Share Posted January 15, 2011 anyone? Link to comment Share on other sites More sharing options...
KaFu Posted January 15, 2011 Share Posted January 15, 2011 My Firefox installation is a 32bit process. Afaig ( = as far as i googled ) 64bit Firefox is only available as an experimental version. Maybe using the #AutoIt3Wrapper_UseX64=n directive will already solve your problem? Â OS: Win10-22H2 - 64bit - German, AutoIt Version: 3.3.16.1, AutoIt Editor: SciTE, Website: https://funk.eu AMT - Auto-Movie-Thumbnailer (2022-Nov-26)Â BIC - Batch-Image-Cropper (2023-Apr-01) COP - Color Picker (2009-May-21) DCS - Dynamic Cursor Selector (2024-Feb-16) HMW - Hide my Windows (2018-Sep-16) HRC - HotKey Resolution Changer (2012-May-16)Â ICU - Icon Configuration Utility (2018-Sep-16) SMF - Search my Files (2023-Jun-03) - THE file info and duplicates search tool SSD - Set Sound Device (2017-Sep-16) Link to comment Share on other sites More sharing options...
gononono64 Posted March 8, 2011 Author Share Posted March 8, 2011 I tried but it did not work Link to comment Share on other sites More sharing options...
faldo Posted February 18, 2012 Share Posted February 18, 2012 This might be a bit late but here is a solution to your problem that works in 64-bit Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API Link to comment Share on other sites More sharing options...
FaridAgl Posted February 18, 2012 Share Posted February 18, 2012 Try this out, expandcollapse popupSeDebugPrivilege() $sExecutable = 'firefox.exe' $hProcess = OpenProcess(ProcessExists($sExecutable)) MsgBox(0, '', _ ProcessModuleGetBaseAddress($hProcess, $sExecutable)) CloseHandle($hProcess) Func SeDebugPrivilege() Local $iTokenIndex = 1 Local $Struct = DllStructCreate('DWORD;int') Local $TOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']') DllStructSetData($TOKEN_PRIVILEGES, 1, 1) While $iTokenIndex <= 1 Local $bPrivilegeValue = DllCall('advapi32.dll', _ 'BOOL', 'LookupPrivilegeValue', _ 'str', '', _ 'str', 'SeDebugPrivilege', _ ;SE_DEBUG_NAME 'ptr', DllStructGetPtr($Struct)) If $bPrivilegeValue[0] Then DllStructSetData($TOKEN_PRIVILEGES, 2, 0x00000002, (3 * $iTokenIndex)) ;SE_PRIVILEGE_ENABLED DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 1), (3 * ($iTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 2), (3 * ($iTokenIndex - 1)) + 2) DllStructSetData($Struct, 1, 0) DllStructSetData($Struct, 2, 0) EndIf $iTokenIndex += 1 WEnd Local $hCurrentProcess = DllCall('kernel32.dll', _ 'HANDLE', 'GetCurrentProcess') Local $hProcessToken = DllCall('advapi32.dll', _ 'BOOL', 'OpenProcessToken', _ 'HANDLE', $hCurrentProcess[0], _ 'DWORD', 0x00000020 + 0x00000008, _ ;TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY 'HANDLE*', '') Local $NEWTOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']') DllCall('advapi32.dll', _ 'BOOL', 'AdjustTokenPrivileges', _ 'HANDLE', $hProcessToken[3], _ 'BOOL', False, _ 'ptr', DllStructGetPtr($TOKEN_PRIVILEGES), _ 'DWORD', DllStructGetSize($NEWTOKEN_PRIVILEGES), _ 'ptr', '', _ 'DWORD*', '') DllCall('kernel32.dll', _ 'BOOL', 'CloseHandle', _ 'HANDLE', $hProcessToken[3]) EndFunc Func OpenProcess($iProcessID) Local $hProcess = DllCall('kernel32.dll', _ 'HANDLE', 'OpenProcess', _ 'DWORD', 0x1F0FFF, _ ;DesiredAccess = PROCESS_ALL_ACCESS 'BOOL', True, _ ;InheritHandle = True 'DWORD', $iProcessID) Return $hProcess[0] EndFunc Func ProcessModuleGetBaseAddress($hProcess, $sModuleName) Local $ModulesMax = DllStructCreate('ptr[1024]') Local $iProcessModules = DllCall('psapi.dll', _ 'BOOL', 'EnumProcessModules', _ 'HANDLE', $hProcess, _ 'ptr', DllStructGetPtr($ModulesMax), _ 'DWORD', DllStructGetSize($ModulesMax), _ 'DWORD*', '') Local $sModuleBaseName For $i = 1 To $iProcessModules[4] / 4 $sModuleBaseName = DllCall('psapi.dll', _ 'DWORD', 'GetModuleBaseNameW', _ 'HANDLE', $hProcess, _ 'ptr', DllStructGetData($ModulesMax, 1, $i), _ 'wstr', '', _ 'DWORD', 256) If $sModuleBaseName[3] = $sModuleName Then Return DllStructGetData($ModulesMax, 1, $i) Next EndFunc Func CloseHandle($hProcess) Local $bResult = DllCall('kernel32.dll', _ 'BOOL', 'CloseHandle', _ 'HANDLE', $hProcess) Return $bResult[0] EndFunc http://faridaghili.ir Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now