Jump to content

Get Extra info from DllStructGetData - how ?


 Share

Recommended Posts

Hello

I am only beginner in receiving data from structures

I have such functions

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo
$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func BasicInfo($object); geting infos from basic structure eg $data = DllStructGetData(BasicInfo($object),'info3')
Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($ObjectStruct), 'int', DllStructGetSize($ObjectStruct), 'int', '')
    Return $ObjectStruct; returns basic structure
EndFunc

Func ExtraInfo($object); direct calling for interesting data (here infoX)
      $object = BasicInfo($object)
      $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo");
      DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraStruct), 'int', DllStructGetSize($ObjectExtraStruct), 'int', '')
     
      Return DllStructGetData($ObjectExtraStruct, 'infoX'); returns only one info from ExtraStructure
EndFunc

1st function return whole structure, 2nd one only one info (1 or 2 or 3)

How I can combine retrieving basic structure and extra structure in one function?

Or How I can get Return whole ExtraInfo structure for same $object ?

Can I call twice DllCall ? Once for basic once for Extra ?

Edited by ddarek
Link to comment
Share on other sites

Several items:

BasicInfo() -

1) Passing $object into BasicInfo() even though you don't use $object within that function.

2) Using DLLCall but not using the return value, is this intentional?

3) $BasePtr is used before declaration

3) $mHandle[0] used before declaration

4) DllStructGetPtr($ObjectStruct) is fed the wrong argument -- should it be: DllStructGetPtr($Struct)?

5) Same issue with DllStructGetSize($ObjectStruct)

There are more but work on these and then come back.

Link to comment
Share on other sites

Several items:

BasicInfo() -

1) Passing $object into BasicInfo() even though you don't use $object within that function.

2) Using DLLCall but not using the return value, is this intentional?

3) $BasePtr is used before declaration

3) $mHandle[0] used before declaration

4) DllStructGetPtr($ObjectStruct) is fed the wrong argument -- should it be: DllStructGetPtr($Struct)?

5) Same issue with DllStructGetSize($ObjectStruct)

There are more but work on these and then come back.

1. not matter, works anyway

2. hmmmm I return whole structure

3. irrelevant

4. irrelevant

5. nope, it is correct

6. nope it is correct

but your answer wasnt very helpful, was it?

Link to comment
Share on other sites

1. not matter, works anyway

2. hmmmm I return whole structure

3. irrelevant

4. irrelevant

5. nope, it is correct

6. nope it is correct

but your answer wasnt very helpful, was it?

What's correct? It's not fucking correct.

Either read and try to comprehend what's written to you or don't ask for help at all here.

Link to comment
Share on other sites

True, the two undeclared variables are irrelevant, I see that now, but the other questions are valid. Anyways, there are quite a few mysterious things going in your script which are valid and need to be addressed.

6) $Struct is declared and assigned but not used. $Struct holds the actual struct that you will use! $ObjectStruct is like a struct definition.

7) $ObjectStruct is returned from the function (See item #6)

After having read about readprocessmemory I see that not using the return value from the DllCall is intentional however, you do not return $Struct from the function (See item #7)

Anyways, I'm trying to help you and so any more snarks and you can get help from someone else. In order to make your script work more efficiently you must first make it work.

Edited by LaCastiglione
Link to comment
Share on other sites

@trancex and @LaCastiglione

You are right

Sorry

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo
$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func BasicInfo($aobject); geting infos from basic structure eg $data = DllStructGetData(BasicInfo($object),'info3')
Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct), 'int', '')
    Return $ObjectStruct; returns basic structure
EndFunc

Func ExtraInfo($aobject); direct calling for interesting data (here infoX)
      $object = BasicInfo($aobject)
      $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo");
      DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraStruct), 'int', DllStructGetSize($ObjectExtraStruct), 'int', '')
     Return $ObjectExtraStruct
EndFunc

Should be like this

Anyway it works for me

Question is if I can combine it somehow (in nice way) to have one func working both for basic struct and extra struct

(it is still same object just in ExtraStruct it holds additionall infos)

What you are missing is bunch of code not presented here

(just extract)

Edited by ddarek
Link to comment
Share on other sites

Does this do what you want?

$ObjectStruct = 'byte info1;long info2;byte info3;ptr ExtraInfo'; structure contains pointer to ExtraInfo

$ObjectExtraStruct = 'byte infoX;long infoY;byte infoZ'; structure of extra infos

Func ExtraInfo($aobject); direct calling for interesting data (here infoX)
    Local $Struct = DllStructCreate($ObjectStruct)
    Local $Offset[3] = [0, 0x18, 0x40]; it is as it is
    Local $ObjectPtr = MemoryReadPtr($BasePtr, $Offset)
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectPtr[1], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct))
    Local $ObjectExtraPtr = DllStructGetData($object, "ExtraInfo")
    DllCall($mHandle[0], 'int', 'ReadProcessMemory', 'int', $mHandle[1], 'int', $ObjectExtraPtr, 'ptr', DllStructGetPtr($ObjectExtraPtr), 'int', DllStructGetSize($ObjectExtraPtr))
    Return $ObjectExtraStruct
EndFunc   ;==>ExtraInfo
Edited by LaCastiglione
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...