Ferryman Posted March 11, 2013 Posted March 11, 2013 I am trying to access CPU MSR registers by using WinRing0 low-level driver. All of the other functions work fine, however I am not able to access any functions which would return multiple values. MSR Read function should return two DWORD;, eax and edx. CPUID function should return quad DWORDs; eax, ebx, ecx, edx. For RdMsr: BOOL // TRUE: success, FALSE: failure WINAPI Rdmsr( DWORD index, // MSR index PDWORD eax, // bit 0-31 PDWORD edx // bit 32-63 For CPUID: BOOL // TRUE: success, FALSE: failure WINAPI Cpuid( DWORD index, // CPUID index PDWORD eax, PDWORD ebx, PDWORD ecx, PDWORD edx $DLL=DllOpen("WinRing0x64.dll") $CPUID1 = DllCall($DLL, "bool", "Cpuid", "dword", "0x00000001", "dword", "", "dword", "", "dword", "", "dword", "") $CPUID1[0] - $CPUID1[5] variables return zero, except $CPUID1[1] which is 1 (0x00000001) of course. Any help would be highly appreciated as I am a total newbie with AutoIT
trancexx Posted March 11, 2013 Posted March 11, 2013 PDWORD is "dword*" (notice asterisk). FrancescoDiMuro 1 ♡♡♡ . eMyvnE
Ferryman Posted April 2, 2013 Author Posted April 2, 2013 PDWORD is "dword*" (notice asterisk). That was simple, thank you I would now have yet another issue. I need to access the physical memory, however it is done with a buffer, and naturally I have no clue how to create one. I have tried with DllStructCreate and MemAlloc, however both methods seem to fail. The required format for the call is: DWORD // Read size(byte), 0: failure WINAPI ReadPhysicalMemory( DWORD_PTR address, // Physical Memory Address PBYTE buffer, // Buffer DWORD count, // Count DWORD unitSize // Unit Size (BYTE, WORD, DWORD) I can easily access the physical memory with another Dll (WinIo), however the driver is unsigned and it would require activation of "Test Mode" on X64 OS. Any help is HIGHLY appreciated, thanks!
francischi Posted July 17, 2018 Posted July 17, 2018 (edited) Hi Ferryman, can you share how did you access physical memory via WinIO dll? Edited July 17, 2018 by Melba23 Reformatted text and removed HUGE quote
FrancescoDiMuro Posted July 17, 2018 Posted July 17, 2018 Hi @francischi, and welcome to the AutoIt forum Did you see that this post is 5 years old? I suggest you to open a new one, in which you ask what you want. Remeber always to check first the Forum Rules and Forum Etiquette Best Regards. Click here to see my signature: Spoiler ALWAYS GOOD TO READ: Forum Rules Forum Etiquette
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now