Brian777 Posted July 28, 2011 Share Posted July 28, 2011 (edited) Hi. I wanna read the memory of 'calc.exe'. I try it, using two methods. First way is using"_WinAPI_ReadProcessMemory" func but return value of that func is false(=0). I think it works until "_WinAPI_OpenProcess" func. And second way is using "DllCall"func. I used it like that DllCall("Kernel32.dll", "DWORD", "ReadProcessMemory", "HANDLE", $hwnd, "int", 0xff200000, "ptr", DllStructGetPtr($MemData,1), "ULONG_PTR", DllStructGetSize($MemData), "ULONG_PTR", 0) but it also doesn't work.... How can i get that memory? If u can, let me know total code working well. ======================It's my first code=========================== #include Global $hProcess, $temp $hProcess = ProcessExists ( "calc.exe" ) $hwnd = _WinAPI_OpenProcess(0x1000 , False, $hProcess) MsgBox(0,"$hProcess", $hProcess) $MemData =DllStructCreate("int var") DllStructSetData($MemData, 1, 0x1234) MsgBox(0,"$hwnd", $hwnd) $iRead = 0 $result1=_WinAPI_ReadProcessMemory($hwnd, 0xff200000, DllStructGetPtr($MemData,1), DllStructGetSize($MemData), $iRead) MsgBox(0,"Hex($MemData)", Hex( DllStructGetData($MemData,1) ) ) MsgBox(0,"success", $result1) Edited July 28, 2011 by Brian777 Link to comment Share on other sites More sharing options...
rockets Posted July 28, 2011 Share Posted July 28, 2011 (edited) If you just looking for simplicity , use NomadMemory.au3 . it wraps up basic read write using ReadProcessMemory() but in easy to use functions. or if you want to do it all your self you can look at Nomads code and see how he calls RPM() . Edited July 28, 2011 by rockets Link to comment Share on other sites More sharing options...
Brian777 Posted July 28, 2011 Author Share Posted July 28, 2011 If you just looking for simplicity , use NomadMemory.au3 . it wraps up basic read write using ReadProcessMemory() but in easy to use functions.or if you want to do it all your self you can look at Nomads code and see how he calls RPM() .thanks. I finally read memory, using NomadMemory.au3but it doesn't work to some process having an admin access.do u know how to read the memory of process having an admin access? Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 29, 2011 Share Posted July 29, 2011 do u know how to read the memory of process having an admin access?How are you going to provide the admin credentials? Did you try RunAs()?The Windows system is trying very hard (not always successfully) to keep you from doing that without the correct permissions. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now