Jump to content
Sign in to follow this  
ddarek

Get Extra info from DllStructGetData - how ?

Recommended Posts

ddarek

Hello

I am only beginner in receiving data from structures

I have such functions

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo
$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func BasicInfo($object); geting infos from basic structure eg $data = DllStructGetData(BasicInfo($object),'info3')
Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($ObjectStruct), 'int', DllStructGetSize($ObjectStruct), 'int', '')
    Return $ObjectStruct; returns basic structure
EndFunc

Func ExtraInfo($object); direct calling for interesting data (here infoX)
      $object = BasicInfo($object)
      $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo");
      DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraStruct), 'int', DllStructGetSize($ObjectExtraStruct), 'int', '')
     
      Return DllStructGetData($ObjectExtraStruct, 'infoX'); returns only one info from ExtraStructure
EndFunc

1st function return whole structure, 2nd one only one info (1 or 2 or 3)

How I can combine retrieving basic structure and extra structure in one function?

Or How I can get Return whole ExtraInfo structure for same $object ?

Can I call twice DllCall ? Once for basic once for Extra ?

Edited by ddarek

Share this post


Link to post
Share on other sites
jaberwacky

Several items:

BasicInfo() -

1) Passing $object into BasicInfo() even though you don't use $object within that function.

2) Using DLLCall but not using the return value, is this intentional?

3) $BasePtr is used before declaration

3) $mHandle[0] used before declaration

4) DllStructGetPtr($ObjectStruct) is fed the wrong argument -- should it be: DllStructGetPtr($Struct)?

5) Same issue with DllStructGetSize($ObjectStruct)

There are more but work on these and then come back.

Share this post


Link to post
Share on other sites
ddarek

Several items:

BasicInfo() -

1) Passing $object into BasicInfo() even though you don't use $object within that function.

2) Using DLLCall but not using the return value, is this intentional?

3) $BasePtr is used before declaration

3) $mHandle[0] used before declaration

4) DllStructGetPtr($ObjectStruct) is fed the wrong argument -- should it be: DllStructGetPtr($Struct)?

5) Same issue with DllStructGetSize($ObjectStruct)

There are more but work on these and then come back.

1. not matter, works anyway

2. hmmmm I return whole structure

3. irrelevant

4. irrelevant

5. nope, it is correct

6. nope it is correct

but your answer wasnt very helpful, was it?

Share this post


Link to post
Share on other sites
trancexx

1. not matter, works anyway

2. hmmmm I return whole structure

3. irrelevant

4. irrelevant

5. nope, it is correct

6. nope it is correct

but your answer wasnt very helpful, was it?

What's correct? It's not fucking correct.

Either read and try to comprehend what's written to you or don't ask for help at all here.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
jaberwacky

True, the two undeclared variables are irrelevant, I see that now, but the other questions are valid. Anyways, there are quite a few mysterious things going in your script which are valid and need to be addressed.

6) $Struct is declared and assigned but not used. $Struct holds the actual struct that you will use! $ObjectStruct is like a struct definition.

7) $ObjectStruct is returned from the function (See item #6)

After having read about readprocessmemory I see that not using the return value from the DllCall is intentional however, you do not return $Struct from the function (See item #7)

Anyways, I'm trying to help you and so any more snarks and you can get help from someone else. In order to make your script work more efficiently you must first make it work.

Edited by LaCastiglione

Share this post


Link to post
Share on other sites
ddarek

@trancex and @LaCastiglione

You are right

Sorry

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo
$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func BasicInfo($aobject); geting infos from basic structure eg $data = DllStructGetData(BasicInfo($object),'info3')
Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct), 'int', '')
    Return $ObjectStruct; returns basic structure
EndFunc

Func ExtraInfo($aobject); direct calling for interesting data (here infoX)
      $object = BasicInfo($aobject)
      $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo");
      DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraStruct), 'int', DllStructGetSize($ObjectExtraStruct), 'int', '')
     Return $ObjectExtraStruct
EndFunc

Should be like this

Anyway it works for me

Question is if I can combine it somehow (in nice way) to have one func working both for basic struct and extra struct

(it is still same object just in ExtraStruct it holds additionall infos)

What you are missing is bunch of code not presented here

(just extract)

Edited by ddarek

Share this post


Link to post
Share on other sites
jaberwacky

Does this do what you want?

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo

$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func ExtraInfo($aobject); direct calling for interesting data (here infoX)
    Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct))
    Local $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo")
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraPtr), 'int', DllStructGetSize($ObjectExtraPtr))
    Return $ObjectExtraStruct
EndFunc   ;==>ExtraInfo
Edited by LaCastiglione

Share this post


Link to post
Share on other sites
ddarek

Hmmm not really

It returns extrastruct

What bout basic struct?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.