ameer Posted February 2, 2014 Posted February 2, 2014 hello can someone help me with this. Sorry my english not so good I need to read certain memory, and return the results in text. How do i do it? im not familiar with nomadmemory, i've been using _ReadWriteProcessMemory1.au3 Example ; $Ptr1 = _ReadProcessMemory($MemOpen, $ZPointer, 'int', 4) $Ptr2 = _ReadProcessMemory($MemOpen, $Ptr1 + $ID, 'int', 4) How do i view the results of $Ptr2 in text? The value is in unicode string. What do i replace 'int' with? I tried 'char[16]' 'char' 'wchar' they all dont work This isnt for hacking/exploit purpose, its for educational purpose. Thanks
JohnOne Posted February 2, 2014 Posted February 2, 2014 _ReadWriteProcessMemory1.au3 Link? AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
ameer Posted February 5, 2014 Author Posted February 5, 2014 expandcollapse popup#include-once ;This is for reading raw numbers from any address with any type of data.. ;$v_inject is what you want to edit the address toooo Global Const $MEM_O = 0x8 Global Const $MEM_R = 0x10 Global Const $MEM_W = 0x20 #cs Example HERE $pid = _MemOpen($MEM_R + $Mem_O + $Mem_W, False, ProcessExists('winmine.exe')) $address = 0x7746352A $return = _ReadProcessMemory($pid,$address,'float', 4) MsgBox(0, "", $return) $v_Close = _MemClose($pid) #ce ;------------------------------------------------------------------------------------------------------ Func _MemOpen($i_dwDesiredAccess, $i_bInheritHandle, $i_dwProcessId) $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $i_dwDesiredAccess, 'int', $i_bInheritHandle, 'int', $i_dwProcessId) If @error Then SetError(1) Return 0 EndIf Return $ai_Handle[0] EndFunc ;==> _MemOpen() Func _MemClose($i_hProcess) $av_CloseHandle = DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $i_hProcess) Return $av_CloseHandle[0] EndFunc ;==> _MemClose() ;----------------------------------------------------------------------------------------------------- ;$s_Type can be any of the struct types specified in DllStructCreate in your help file. Func _ReadProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$i_nSize) ;Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') Local $v_lpNumberOfBytesRead = '' dim $hDll DllCall($hDll, 'int', 'ReadProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf Local $v_Return = DllStructGetData ($v_Struct, 1) $v_Struct = 0 ;DllClose($hDll) Return $v_Return EndFunc Func _WriteProcessMemory($i_hProcess, $i_lpBaseAddress, $s_Type ,$v_Inject, $i_nSize) ;Local $hDll = DllOpen("kernel32.dll") If @error Then SetError(1) Return 0 EndIf $v_lpNumberOfBytesRead = '' Local $v_Struct = DllStructCreate ($s_Type&'[' & $i_nSize & ']') DllStructSetData ($v_Struct, 1, $v_Inject) dim $hDll $i_Call = DllCall($hDll, 'int', 'WriteProcessMemory', 'int', $i_hProcess, 'int', $i_lpBaseAddress, 'int', DllStructGetPtr ($v_Struct, 1), 'int', $i_nSize, 'int', $v_lpNumberOfBytesRead) If @error Then SetError(1) Return 0 EndIf $v_Struct = 0 ;DllClose($hDll) Return $i_Call[0] EndFunc and this is _MemReadWriteNop1.au3 expandcollapse popup#include-once ;These are for nop'ing things or reading text, etc.. Func _iMemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0) Local $av_Return[2] = [DllOpen('kernel32.dll')] Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid) If @error Then DllClose($av_Return[0]) SetError(1) Return 0 EndIf $av_Return[1] = $ai_Handle[0] Return $av_Return EndFunc ;==>_MemOpen Func _iMemRead($ah_Mem, $i_Address, $i_Size = 0) If $i_Size = 0 Then Local $v_Return = '' Local $v_Struct = DllStructCreate('byte[1]') Local $v_Ret while 1 $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '') $v_Ret = DllStructGetData($v_Struct, 1) if $v_Ret = 0 then ExitLoop $v_Return &= chr($v_Ret) $i_Address += 1 WEnd Else Local $v_Struct = DllStructCreate ('byte[' & $i_Size & ']') Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '') Local $v_Return[$v_Ret[4]] For $i = 0 To $v_Ret[4] - 1 $v_Return[$i] = DllStructGetData ($v_Struct, 1, $i + 1) Next EndIf Return $v_Return EndFunc ;==>_MemRead Func _iMemWrite($ah_Mem, $i_Address, $v_Inject) Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '') Return $av_Call[0] EndFunc ;==>_MemWrite Func _iMemClose($ah_Mem) Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1]) DllClose($ah_Mem[0]) Return $av_Ret[0] EndFunc ;==>_MemClose func _iMemHelper($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _ $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _ $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _ $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _ $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _ $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _ $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0) if UBound($1) = 4 Then Return '0x' & Hex($1[3],2) & Hex($1[2],2) & Hex($1[1],2) & Hex($1[0],2) $v_Helper = DllStructCreate('byte[' & @numparams & ']') for $i = 1 to @NumParams DllStructSetData($v_Helper, 1, Eval($i & ''), $i) Next return $v_Helper EndFunc Func _iMemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _ $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _ $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _ $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _ $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _ $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _ $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0) If IsString($1) Then $1 = StringSplit($1, '') Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']') For $i = 1 To UBound($1) - 1 DllStructSetData($v_Helper, 1, Asc($1[$i]), $i) Next Else Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']') For $i = 1 To @NumParams DllStructSetData($v_Helper, 1, Eval($i), $i) Next EndIf Return $v_Helper EndFunc ;==>_MemCreate
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now