Sign in to follow this  
Followers 0
w0uter

Reading A Proccess Memory.

45 posts in this topic

#1 ·  Posted (edited)

this is old code :)

see the new one in my signature.

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

Mem.au3

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post


Link to post
Share on other sites



well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

<{POST_SNAPBACK}>

Cool. Can't wait till the writing funcs are done.

Nice Job.

Going to try them now.


HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

COOOOOOOOOOOOL!!!!!! :) !!!!


FootbaG

Share this post


Link to post
Share on other sites

Nice, but I already wrote all my stuff with Outshynd's. Might rewrite it all so I don't have to use the external dll. Thanks :)

Share this post


Link to post
Share on other sites

neat


Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs

Share this post


Link to post
Share on other sites

Can I read Floats or Doubles with this?

Share this post


Link to post
Share on other sites

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

<{POST_SNAPBACK}>

I see the writing is complete. Good job. :)

No more using dlls that have to be fileinstalled to read and write memory.


HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

i love u man

in my pov this is the only thing left to do in autoit

writing to memory address and reading

thats all i really needed

can u give me some info about the function

what variables should i give the functions and what will the functions return?

Edited by rtk217

Share this post


Link to post
Share on other sites

ok u must help either something is wrong with my code or something in urs

$pid = WinGetProcess($title)

msgbox(0,"",$pid) ; check, until here i get the real working pid

local $memh = _MemOpen (0x0010 , false , $pid)

local $v_life = _MemRead($memh, 0x80D96C, 4)

msgbox(0,"",$v_life) ; here i get value -40 when i should get 167909048

local $m_life = $v_life + 1184

$m_life = hex($m_life,8)

msgbox(0,"",$m_life) ; here i get zero!

$v_life = _MemRead($memh, $m_life, 4)

$v_life = Dec($v_life)

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

Share this post


Link to post
Share on other sites

ohhh

anyway the scite compiler reoprt 5 errors in your code

so i think u should check that maybe it has something to do with that

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

ok u must help either something is wrong with my code or something in urs

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

you are supposed to add the offset to the pointer address, not what the pointer returns. So the address where life is stored should be at..

$life = 0x80D96C + 0x4A0
$pid = WinGetProcess($title)
$memh = _MemOpen (0x0010 , false , $pid)
$v_life = _MemRead($memh, $life, 4)
msgbox(0,"",$v_life)

That should work, if it doesn't then your offset and/or pointer is wrong.

Edited by Knight

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

dude all the values that i wrote are right

the life was stored at: A021B58

and the offset is 4a0

found the address with tsearch

then did autohack

i found ecx+4a0

so i did A021B58-4A0

then i convert it to decimal

and searched a memory address with that value

what i got was 80D96c

so i natulraly assume that this is the pointer.

im talking about DMA method for memory address

Edited by rtk217

Share this post


Link to post
Share on other sites

you have to add the offset to the pointer, not to what the pointer returns, that is what I am trying to tell you.

Share this post


Link to post
Share on other sites

ok now help me

the pointer is 6F8B6379

+

offset 668 (not hexdecimal)

then i get this address

6F8B6615

i know the value of my HP is on 0100579C

but when i read 6F8B6615 i get value 0

so how do i get from the offset and the pointer to the address i want

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0