Sign in to follow this  
Followers 0
ameer

How to read memory value in text?

4 posts in this topic

hello

can someone help me with this. Sorry my english not so good

I need to read certain memory, and return the results in text. How do i do it? im not familiar with nomadmemory, i've been using _ReadWriteProcessMemory1.au3

Example ;

$Ptr1 = _ReadProcessMemory($MemOpen, $ZPointer, 'int', 4)
$Ptr2 = _ReadProcessMemory($MemOpen, $Ptr1 + $ID, 'int', 4)

 

How do i view the results of $Ptr2 in text? The value is in unicode string. What do i replace 'int' with?

I tried 'char[16]' 'char' 'wchar' they all dont work

This isnt for hacking/exploit purpose, its for educational purpose.

Thanks

Share this post


Link to post
Share on other sites



#include-once

;This is for reading raw numbers from any address with any type of data..
;$v_inject is what you want to edit the address toooo

Global Const $MEM_O = 0x8
Global Const $MEM_R = 0x10
Global Const $MEM_W = 0x20

#cs Example HERE
$pid = _MemOpen($MEM_R + $Mem_O + $Mem_W, False, ProcessExists('winmine.exe'))
$address = 0x7746352A

$return = _ReadProcessMemory($pid,$address,'float', 4)
MsgBox(0, "", $return)

$v_Close = _MemClose($pid)
#ce
;------------------------------------------------------------------------------------------------------

Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId)

    $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId)
    If @error Then
        SetError(1)
        Return 0
    EndIf

    Return $ai_Handle[0]
EndFunc ;==> _MemOpen()

Func _MemClose($i_hProcess)

    $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess)
    Return $av_CloseHandle[0]

EndFunc ;==> _MemClose()

;-----------------------------------------------------------------------------------------------------

;$s_Type can be any of the struct types specified in DllStructCreate in your help file.
Func _ReadProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$i_nSize)
   ;Local $hDll = DllOpen("kernel32.dll")
   If @error Then
      SetError(1)
      Return 0
   EndIf
   Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']')
   Local $v_lpNumberOfBytesRead = ''
   dim $hDll
   DllCall($hDll, 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
   If @error Then
      SetError(1)
      Return 0
   EndIf
   Local $v_Return = DllStructGetData ($v_Struct, 1)
   $v_Struct = 0
   ;DllClose($hDll)
   Return $v_Return
EndFunc

Func _WriteProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$v_Inject, $i_nSize)
   ;Local $hDll = DllOpen("kernel32.dll")
   If @error Then
      SetError(1)
      Return 0
   EndIf
   $v_lpNumberOfBytesRead = ''
   Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']')
   DllStructSetData ($v_Struct, 1, $v_Inject)
dim $hDll
   $i_Call = DllCall($hDll, 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead)
   If @error Then
      SetError(1)
      Return 0
   EndIf
   $v_Struct = 0
   ;DllClose($hDll)
   Return $i_Call[0]
EndFunc

and this is _MemReadWriteNop1.au3

#include-once

;These are for nop'ing things or reading text, etc..

Func _iMemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll')]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc  ;==>_MemOpen

Func _iMemRead($ah_Mem, $i_Address, $i_Size = 0)
    If $i_Size = 0 Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret

        while 1
            $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            if $v_Ret = 0 then ExitLoop
            $v_Return &= chr($v_Ret)
            $i_Address += 1
        WEnd

    Else
        Local $v_Struct = DllStructCreate ('byte[' & $i_Size & ']')
        Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '')
        Local $v_Return[$v_Ret[4]]
        For $i = 0 To $v_Ret[4] - 1
            $v_Return[$i] = DllStructGetData ($v_Struct, 1, $i + 1)
        Next
    EndIf
    Return $v_Return
EndFunc  ;==>_MemRead

Func _iMemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc  ;==>_MemWrite

Func _iMemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc  ;==>_MemClose

func _iMemHelper($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0,  $7 = 0,  $8 = 0,  $9 = 0,  $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
                $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
                $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
                $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
                $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
                $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
                $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    if UBound($1) = 4 Then Return '0x' & Hex($1[3],2) & Hex($1[2],2) & Hex($1[1],2) & Hex($1[0],2)
    $v_Helper = DllStructCreate('byte[' & @numparams & ']')
    for $i = 1 to @NumParams
        DllStructSetData($v_Helper, 1, Eval($i & ''), $i)
    Next
    return $v_Helper
EndFunc

Func _iMemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
        $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
        $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
        $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
        $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
        $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
        $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    If IsString($1) Then
        $1 = StringSplit($1, '')
        Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
        For $i = 1 To UBound($1) - 1
            DllStructSetData($v_Helper, 1, Asc($1[$i]), $i)
        Next
    Else
        Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']')
        For $i = 1 To @NumParams
            DllStructSetData($v_Helper, 1, Eval($i), $i)
        Next
    EndIf
    Return $v_Helper
EndFunc  ;==>_MemCreate

Share this post


Link to post
Share on other sites

nvm pproblem solved

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0