Jump to content
JohnOne

dllall possible bitness issue

Recommended Posts

JohnOne

This simple dllcall sets @error == 1 (cannot use dll file)

I suspect bitness issue and hoping someone on x86 can try it.

;#AutoIt3Wrapper_UseX64=y
$BUFFER = DllStructCreate("CHAR VAR[2048]")
$PBUFFER = DllStructGetPtr($BUFFER)
$SIZE = DllStructCreate("DWORD")
$PSIZE = DllStructGetPtr($SIZE)

$call = DllCall("C:\Windows\System32\Urlmon.dll", "LONG", "ObtainUserAgentString", "DWORD", 0, "STR*", $PBUFFER, "DWORD*", $PSIZE)

;ConsoleWrite(@error & @CRLF)
MsgBox(0, @AutoItX64, @error)

Compiled as either x86 or x64 @error is always 1.

Win10 x64

 

EDIT: never mind I used ^ instead of *

New screen res, and i'm blind.

Edited by JohnOne
  • Like 1

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
JohnOne

I'm as blind as a dodo.

Also I still cannot get the results I want, the string is always appears to be empty even though it is reported as a size of 70 chars.

#include<NomadMemory.au3>

$BUFFER = DllStructCreate("CHAR[2048]")
$PBUFFER = DllStructGetPtr($BUFFER)
$SIZE = DllStructCreate("DWORD")
$PSIZE = DllStructGetPtr($SIZE)

$call = DllCall("C:\Windows\System32\Urlmon.dll", "LONG", "ObtainUserAgentString", "DWORD", 0, "STR*", $PBUFFER, "DWORD", $PSIZE)
ConsoleWrite("DllCall @error: " & @error & @CRLF)
ConsoleWrite("The pointer to the string: " & $call[2] & @LF)
ConsoleWrite("The size of the string: " & DllStructGetData($SIZE, 1) & @LF)

$_MemoryOpen = _MemoryOpen(@AutoItPID) ;0x0400
ConsoleWrite("_MemoryOpen @error: " & @error & @CRLF)

$_MemoryRead = _MemoryRead(Binary($call[2]), $_MemoryOpen, "char[" & DllStructGetData($SIZE, 1) & "]")
ConsoleWrite("_MemoryRead @error: " & @error & @CRLF)

_MemoryClose($_MemoryOpen)

ConsoleWrite("The string: " & $_MemoryRead & @LF)
DllCall @error: 0
The pointer to the string: 0x00D459F0
The size of the string: 70
_MemoryOpen @error: 0
_MemoryRead @error: 0
The string:

My au3 is a bit rusty though, can anyone see a glaring mistake?

Edited by JohnOne

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
Danyfirex

You have rights to read your own process memory :S.

 

Local $tUserAgent=DllStructCreate("char String[512]")
Local $aRet = DllCall("Urlmon.dll", "LONG", "ObtainUserAgentString", "DWORD", 0, "ptr", DllStructGetptr($tUserAgent), "dword*", DllStructGetSize($tUserAgent))
ConsoleWrite( $tUserAgent.String & @CRLF)

Saludos

 

 

  • Like 1

Share this post


Link to post
Share on other sites
JohnOne
3 hours ago, Danyfirex said:

You have rights to read your own process memory :S.

 

Local $tUserAgent=DllStructCreate("char String[512]")
Local $aRet = DllCall("Urlmon.dll", "LONG", "ObtainUserAgentString", "DWORD", 0, "ptr", DllStructGetptr($tUserAgent), "dword*", DllStructGetSize($tUserAgent))
ConsoleWrite( $tUserAgent.String & @CRLF)

Saludos

Thanks, I was way over complicating it.

 


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
Danyfirex

Hello You're right. maybe I check how it works internally later.

 

Saludos

Edited by Danyfirex

Share this post


Link to post
Share on other sites
JohnOne

I found that when au3 script is compiled, it gives the same agent as c and c# in vs 

script: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

compiled script: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)

EDIT:

So thinking process gets current user agent string from  its parent, which is desktop/progman when run directly by user, or autoit when run by autoit uncompiled.

 

EDIT 2: actually, the above are made with autoit, the below is from vs

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)

Notice "Windows NT 6.2"

EDIT 3: actually that was from c++ in vs, the following is pinvoked in c# which is different again.

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)

EDIT 4: ok getting a bit happier now, below is autoit uncompiled using x64

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)

Edited by JohnOne

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.