Jump to content

Reading A Proccess Memory.


w0uter
 Share

Recommended Posts

this is old code :)

see the new one in my signature.

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

Mem.au3

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

  • Replies 44
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

<{POST_SNAPBACK}>

Cool. Can't wait till the writing funcs are done.

Nice Job.

Going to try them now.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites

  • 2 weeks later...

well after make'ing those ftp functions i decided to pick up my old memory read func's

they didnt work at that time. but now they do,

since the FTP functions gave me a much clearer understanding of DllCall.

ty ejoc for DLL struct

ty CodeProject for the example

ty Microsoft (eww) for making winmine.exe that helped me throug testing.

next up is Writing (shouldt be that hard)

[edit] done. new file attached. [/edit]

<{POST_SNAPBACK}>

I see the writing is complete. Good job. :)

No more using dlls that have to be fileinstalled to read and write memory.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites

  • 2 months later...

i love u man

in my pov this is the only thing left to do in autoit

writing to memory address and reading

thats all i really needed

can u give me some info about the function

what variables should i give the functions and what will the functions return?

Edited by rtk217
Link to comment
Share on other sites

ok u must help either something is wrong with my code or something in urs

$pid = WinGetProcess($title)

msgbox(0,"",$pid) ; check, until here i get the real working pid

local $memh = _MemOpen (0x0010 , false , $pid)

local $v_life = _MemRead($memh, 0x80D96C, 4)

msgbox(0,"",$v_life) ; here i get value -40 when i should get 167909048

local $m_life = $v_life + 1184

$m_life = hex($m_life,8)

msgbox(0,"",$m_life) ; here i get zero!

$v_life = _MemRead($memh, $m_life, 4)

$v_life = Dec($v_life)

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

Link to comment
Share on other sites

ok u must help either something is wrong with my code or something in urs

u see

the program is using DMA

meanning i need to use the pointer, get the value from the pointer, the value is Dec, convert the value to hex, add to the hex 4A0/1184, and check the value in the address i got.

can u help me???

pointer address: 80D96c

value: 167909048

Add: 4A0

get: A021B58

you are supposed to add the offset to the pointer address, not what the pointer returns. So the address where life is stored should be at..

$life = 0x80D96C + 0x4A0
$pid = WinGetProcess($title)
$memh = _MemOpen (0x0010 , false , $pid)
$v_life = _MemRead($memh, $life, 4)
msgbox(0,"",$v_life)

That should work, if it doesn't then your offset and/or pointer is wrong.

Edited by Knight
Link to comment
Share on other sites

dude all the values that i wrote are right

the life was stored at: A021B58

and the offset is 4a0

found the address with tsearch

then did autohack

i found ecx+4a0

so i did A021B58-4A0

then i convert it to decimal

and searched a memory address with that value

what i got was 80D96c

so i natulraly assume that this is the pointer.

im talking about DMA method for memory address

Edited by rtk217
Link to comment
Share on other sites

ok now help me

the pointer is 6F8B6379

+

offset 668 (not hexdecimal)

then i get this address

6F8B6615

i know the value of my HP is on 0100579C

but when i read 6F8B6615 i get value 0

so how do i get from the offset and the pointer to the address i want

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...