ameer Posted February 2, 2014 Share Posted February 2, 2014 hello can someone help me with this. Sorry my english not so good I need to read certain memory, and return the results in text. How do i do it? im not familiar with nomadmemory, i've been using _ReadWriteProcessMemory1.au3 Example ; $Ptr1 = _ReadProcessMemory($MemOpen, $ZPointer, 'int', 4) $Ptr2 = _ReadProcessMemory($MemOpen, $Ptr1 + $ID, 'int', 4) How do i view the results of $Ptr2 in text? The value is in unicode string. What do i replace 'int' with? I tried 'char[16]' 'char' 'wchar' they all dont work This isnt for hacking/exploit purpose, its for educational purpose. Thanks Link to comment Share on other sites More sharing options...
JohnOne Posted February 2, 2014 Share Posted February 2, 2014 _ReadWriteProcessMemory1.au3 Link? AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
ameer Posted February 5, 2014 Author Share Posted February 5, 2014 expandcollapse popup#include-once ;This is for reading raw numbers from any address with any type of data.. ;$v_inject is what you want to edit the address toooo Global Const $MEM_O = 0x8 Global Const $MEM_R = 0x10 Global Const $MEM_W = 0x20 #cs Example HERE $pid = _MemOpen($MEM_R + $Mem_O + $Mem_W, False, ProcessExists('winmine.exe')) $address = 0x7746352A $return = _ReadProcessMemory($pid,$address,'float', 4) MsgBox(0, "", $return) $v_Close = _MemClose($pid) #ce ;------------------------------------------------------------------------------------------------------ Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId) $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId) If @error Then SetError(1) Return 0 EndIf Return $ai_Handle[0] EndFunc ;==> _MemOpen() Func _MemClose($i_hProcess) $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess) Return $av_CloseHandle[0] EndFunc ;==> _MemClose() ;----------------------------------------------------------------------------------------------------- ;$s_Type can be any of the struct types specified in DllStructCreate in your help file. Func _ReadProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$i_nSize) ;Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') Local $v_lpNumberOfBytesRead = '' dim $hDll DllCall($hDll, 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf Local $v_Return = DllStructGetData ($v_Struct, 1) $v_Struct = 0 ;DllClose($hDll) Return $v_Return EndFunc Func _WriteProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$v_Inject, $i_nSize) ;Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf $v_lpNumberOfBytesRead = '' Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') DllStructSetData ($v_Struct, 1, $v_Inject) dim $hDll $i_Call = DllCall($hDll, 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf $v_Struct = 0 ;DllClose($hDll) Return $i_Call[0] EndFunc and this is _MemReadWriteNop1.au3 expandcollapse popup#include-once ;These are for nop'ing things or reading text, etc.. Func _iMemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0) Local $av_Return[2] = [DllOpen('kernel32.dll')] Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0]) SetError(1) Return 0 EndIf $av_Return[1] = $ai_Handle[0] Return $av_Return EndFunc ;==>_MemOpen Func _iMemRead($ah_Mem, $i_Address, $i_Size = 0) If $i_Size = 0 Then Local $v_Return = '' Local $v_Struct = DllStructCreate('byte[1]') Local $v_Ret while 1 $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '') $v_Ret = DllStructGetData($v_Struct, 1) if $v_Ret = 0 then ExitLoop $v_Return &= chr($v_Ret) $i_Address += 1 WEnd Else Local $v_Struct = DllStructCreate ('byte[' & $i_Size & ']') Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '') Local $v_Return[$v_Ret[4]] For $i = 0 To $v_Ret[4] - 1 $v_Return[$i] = DllStructGetData ($v_Struct, 1, $i + 1) Next EndIf Return $v_Return EndFunc ;==>_MemRead Func _iMemWrite($ah_Mem, $i_Address, $v_Inject) Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '') Return $av_Call[0] EndFunc ;==>_MemWrite Func _iMemClose($ah_Mem) Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) DllClose($ah_Mem[0]) Return $av_Ret[0] EndFunc ;==>_MemClose func _iMemHelper($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _ $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _ $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _ $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _ $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _ $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _ $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0) if UBound($1) = 4 Then Return '0x' & Hex($1[3],2) & Hex($1[2],2) & Hex($1[1],2) & Hex($1[0],2) $v_Helper = DllStructCreate('byte[' & @numparams & ']') for $i = 1 to @NumParams DllStructSetData($v_Helper, 1, Eval($i & ''), $i) Next return $v_Helper EndFunc Func _iMemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _ $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _ $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _ $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _ $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _ $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _ $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0) If IsString($1) Then $1 = StringSplit($1, '') Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']') For $i = 1 To UBound($1) - 1 DllStructSetData($v_Helper, 1, Asc($1[$i]), $i) Next Else Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']') For $i = 1 To @NumParams DllStructSetData($v_Helper, 1, Eval($i), $i) Next EndIf Return $v_Helper EndFunc ;==>_MemCreate Link to comment Share on other sites More sharing options...
ameer Posted February 8, 2014 Author Share Posted February 8, 2014 nvm pproblem solved Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now