ronmage Posted February 11, 2011 Posted February 11, 2011 Hi, I am hoping to get some help with Multi-level Pointers. i was looking online and i did find NomadMemory.au3 which is supposed to do it. when you open it up it states it is for "AutoIt Version: 3.1.127 (beta)" so i am not sure if it works, but looking around i did not find an update anywhere or anything to replace it. i did get it to work for just looking at one piece of memory but when i try to use it to look at a Multi-level Pointer i keep getting 0 as the output. This is the pointer data http://img16.imageshack.us/i/capturetv.png this is my code #include <NomadMemory.au3> Global $WindowTitle = "Test.exe" Global $PID = WinGetProcess($WindowTitle) Global $Ptr = 0x012f25f0 Global $Off1 = DEC("474") Global $Off2 = DEC("20") $Handle = _MemoryOpen($PID) $baseADDR = _MemoryRead($Ptr, $Handle) $LVL1 = '0x' & Hex($baseADDR + $Off1) $baseADDR = _MemoryRead($LVL1, $Handle) $LVL2 = '0x' & Hex($baseADDR + $Off2) $baseADDR = _MemoryRead($LVL2, $Handle) MsgBox("Info","data", $baseADDR) _MemoryClose($Handle)
ronmage Posted February 12, 2011 Author Posted February 12, 2011 Looking at this it looks like i need to take and address and add the offset. doing that till all the offsets are added to get my address. but i am not sure.
darkjohn20 Posted February 12, 2011 Posted February 12, 2011 (edited) Use the Pointer functions in NomadMemory.au3expandcollapse popup;================================================================================================= ; Function: _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type]) ; Description: Reads a chain of pointers and returns an array containing the destination ; address and the data at the address. ; Parameter(s): $iv_Address - The static memory address you want to start at. It must be in ; hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $av_Offset - An array of offsets for the pointers. Each pointer must have an ; offset. If there is no offset for a pointer, enter 0 for that ; array dimension. ; $sv_Type - (optional) The "Type" of data you intend to read at the destination ; address. This is set to 'dword'(32bit(4byte) signed integer) by ; default. See the help file for DllStructCreate for all types. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns an array containing the destination address and the value ; located at the address. ; On Failure - Returns 0 ; @Error - 0 = No error. ; 1 = $av_Offset is not an array. ; 2 = Invalid $ah_Handle. ; 3 = $sv_Type is not a string. ; 4 = $sv_Type is an unknown data type. ; 5 = Failed to allocate the memory needed for the DllStructure. ; 6 = Error allocating memory for $sv_Type. ; 7 = Failed to read from the specified process. ; Author(s): Nomad ; Note(s): Values returned are in Decimal format, unless a 'char' type is selected. ; Set $av_Offset like this: ; $av_Offset[0] = NULL (not used) ; $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal) ; $av_Offset[2] = Offset for pointer 2 ; etc... ; (The number of array dimensions determines the number of pointers) ;================================================================================================= Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword') If IsArray($av_Offset) Then If IsArray($ah_Handle) Then Local $iv_PointerCount = UBound($av_Offset) - 1 Else SetError(2) Return 0 EndIf Else SetError(1) Return 0 EndIf Local $iv_Data[2], $i Local $v_Buffer = DllStructCreate('dword') For $i = 0 To $iv_PointerCount If $i = $iv_PointerCount Then $v_Buffer = DllStructCreate($sv_Type) If @error Then SetError(@error + 2) Return 0 EndIf $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) ElseIf $i = 0 Then DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) Else $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @error Then SetError(7) Return 0 EndIf $iv_Data[1] = DllStructGetData($v_Buffer, 1) EndIf Next $iv_Data[0] = $iv_Address Return $iv_Data EndFunc ;==>_MemoryPointerRead ;================================================================================================= ; Function: _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data[, $sv_Type]) ; Description: Reads a chain of pointers and writes the data to the destination address. ; Parameter(s): $iv_Address - The static memory address you want to start at. It must be in ; hex format (0x00000000). ; $ah_Handle - An array containing the Dll handle and the handle of the open ; process as returned by _MemoryOpen(). ; $av_Offset - An array of offsets for the pointers. Each pointer must have an ; offset. If there is no offset for a pointer, enter 0 for that ; array dimension. ; $v_Data - The data to be written. ; $sv_Type - (optional) The "Type" of data you intend to write at the destination ; address. This is set to 'dword'(32bit(4byte) signed integer) by ; default. See the help file for DllStructCreate for all types. ; Requirement(s): The $ah_Handle returned from _MemoryOpen. ; Return Value(s): On Success - Returns the destination address. ; On Failure - Returns 0. ; @Error - 0 = No error. ; 1 = $av_Offset is not an array. ; 2 = Invalid $ah_Handle. ; 3 = Failed to read from the specified process. ; 4 = $sv_Type is not a string. ; 5 = $sv_Type is an unknown data type. ; 6 = Failed to allocate the memory needed for the DllStructure. ; 7 = Error allocating memory for $sv_Type. ; 8 = $v_Data is not in the proper format to be used with the ; "Type" selected for $sv_Type, or it is out of range. ; 9 = Failed to write to the specified process. ; Author(s): Nomad ; Note(s): Data written is in Decimal format, unless a 'char' type is selected. ; Set $av_Offset like this: ; $av_Offset[0] = NULL (not used, doesn't matter what's entered) ; $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal) ; $av_Offset[2] = Offset for pointer 2 ; etc... ; (The number of array dimensions determines the number of pointers) ;================================================================================================= Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword') If IsArray($av_Offset) Then If IsArray($ah_Handle) Then Local $iv_PointerCount = UBound($av_Offset) - 1 Else SetError(2) Return 0 EndIf Else SetError(1) Return 0 EndIf Local $iv_StructData, $i Local $v_Buffer = DllStructCreate('dword') For $i = 0 to $iv_PointerCount If $i = $iv_PointerCount Then $v_Buffer = DllStructCreate($sv_Type) If @Error Then SetError(@Error + 3) Return 0 EndIf DllStructSetData($v_Buffer, 1, $v_Data) If @Error Then SetError(8) Return 0 EndIf $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(9) Return 0 Else Return $iv_Address EndIf ElseIf $i = 0 Then DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(3) Return 0 EndIf $iv_StructData = DllStructGetData($v_Buffer, 1) Else $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i]) DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '') If @Error Then SetError(3) Return 0 EndIf $iv_StructData = DllStructGetData($v_Buffer, 1) EndIf Next EndFuncSomething like:$hMemoryOpen = _MemoryOpen(ProcessExists("process.exe")) $aOffsets[3] = [0, Dec(20), Dec(474)] $aRead = _MemoryPointerRead(0x00A5BFCC, $hMemoryOpen, $aOffsets) MsgBox(0, "Test", $aRead[1]) _MemoryClose($hMemoryOpen)should work, but hasn't been tested. Edited February 12, 2011 by darkjohn20
periander Posted May 9, 2011 Posted May 9, 2011 (edited) strange... its not working for mei'm using: $hMemoryOpen = _MemoryOpen(ProcessExists("name.exe")) dim $aOffsets[5] = [Dec("48"),Dec("3C0"),Dec("3C0"),Dec("C0"),Dec("4C0")] $aRead = _MemoryPointerRead(0x013791E8, $hMemoryOpen, $aOffsets) MsgBox(0, "Test", $aRead[1]) _MemoryClose($hMemoryOpen)with data from CE: i always get "0" back Edited May 9, 2011 by periander
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now