Jump to content
toto22

Reading memory "double"

Recommended Posts

toto22

I'm trying to get a "double" value from memory . However my code gives me error.

 

Opt("WinTitleMatchMode", 4)
    Global $ProcessID = WinGetProcess("TI Pro")

    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        Exit
    EndIf

    Local $DllInformation = _MemoryOpen($ProcessID)
    If @Error Then
        MsgBox(4096, "ERROR", "Failed to open memory.")
        Exit
    EndIf

  Local $dAddress = 0x1FECD474
  Local $tNbSteps = DllStructCreate("double", $dAddress)
  Local $value = DllStructSetData($tNbSteps, 1, (_MemoryRead($dAddress, $DllInformation)))

     MsgBox($MB_SYSTEMMODAL, $value)
Edited by toto22

Share this post


Link to post
Share on other sites
TheXman

One obvious error is that the MsgBox function requires at least 3 parameters.

MsgBox ( flag, "title", "text" [, timeout = 0 [, hwnd]] )

 

Share this post


Link to post
Share on other sites
TheXman

What version of AutoIt are you using?  I don't see a _MemoryOpen function in 3.3.14.2.

 

Share this post


Link to post
Share on other sites
JLogan3o13

@toto22 how about explaining what you are trying to automate? Why do you need to pull it out of memory? What is the app? Is the info displayed in a field, on a webpage, etc.? The more information you can provide, the better we can assist.


√-1 2^3 ∑ π, and it was delicious!

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites
toto22

Hey guys, thank you for your replies. I'm trying to get information form trade-ideas software to help me place trades faster. I tried extracting information using windows UI, but I was unsuccessful. My code below works for 4 bit values. Any ideas on how to modify it to get it working for "double" values?

#include <nomadMemory.au3>

Opt("WinTitleMatchMode", 4)
    Global $ProcessID = WinGetProcess("TI Pro")

    If $ProcessID = -1 Then
        MsgBox(4096, "ERROR", "Failed to detect process.")
        Exit
    EndIf

    Local $DllInformation = _MemoryOpen($ProcessID)
    If @Error Then
        MsgBox(4096, "ERROR", "Failed to open memory.")
        Exit
    EndIf

    $Value = Number(_MemoryRead(0x1FECD474, $DllInformation),2)
    If @Error Then
        MsgBox(4096, "ERROR", "Failed to read memory.")
        Exit
    EndIf


    _MemoryClose($DllInformation)
    If @Error Then
        MsgBox(4096, "ERROR", "Failed to close memory.")
        Exit
    EndIf

 

 

Edited by toto22

Share this post


Link to post
Share on other sites
Zedna

Maybe try to read 2 bytes separatelly and then combine these two values in AutoIt:

$Value1 = Number(_MemoryRead(0x1FECD474, $DllInformation),1)
$Value2 = Number(_MemoryRead(0x1FECD475, $DllInformation),1)

or try this:

$Value = Number(_MemoryRead(0x1FECD474, $DllInformation),3)

 

Edited by Zedna
  • Like 1

Share this post


Link to post
Share on other sites
Mat

I don't think Number(###, 3) will work in this case, as it will still treat the integer value at that memory location as a number, rather than an IEEE754 encoded value. The Dec function does do this conversion though, if you give it a string value.

$xMem = 0x40151CAC083126E9

$sMemHex = String(Hex($xMem, 16))
$nNum = Dec($sMemHex, 3)

MsgBox(0, $xMem, $nNum)

In this case, the expected answer is 5.278. 

For completeness, to go the other way you can just use the Hex function on a double value. 

  • Like 1

Share this post


Link to post
Share on other sites
toto22

Thank you guys. 

Zedna - Mat is right, #3 does return tread integer, and I'm not sure on how to combine 4 bit values in order to get a double.

Mat - somethig like this? "$Value = Dec(Hex(_MemoryRead(0x1FECD474, $DllInformation),8),3)"

Share this post


Link to post
Share on other sites
Mat

If _MemoryRead is returning 4 byte values (which I think it does, but I haven't used it in a long time) then to combine you should use BitShift and BitOr. For example:

BitOr(BitShift(_MemoryRead(...), 32), _MemoryRead(...))

So this shifts the more significant dword up and combines it with the lower dword. 

You'll have to do some reading on endianness to work out what addresses each would be. 

Once you have that value, then you can convert it to floating point using the method above.

  • Like 1

Share this post


Link to post
Share on other sites
Mat

@toto22, There's a mistake in my previous post. The bit operations only work on 32 bit integers in AutoIt (no idea why). The below code shows a method using concatenation to build the hex string instead:

; Simulate the program
$t = DllStructCreate("DOUBLE")
DllStructSetData($t, 1, 123.456)
$p = DllStructGetPtr($t)


MsgBox(0, "Address", $p)


; This is what _MemoryRead($p) does the equivalent of
$tRead = DllStructCreate("DWORD", $p)
$hi = DllStructGetData($tRead, 1)

; This is what _MemoryRead($p+4) does the equivalent of
$tRead = DllStructCreate("DWORD", $p+4)
$lo = DllStructGetData($tRead, 1)

; Combine back into an 8byte integer:
$full = Hex($lo,8) & Hex($hi,8)

MsgBox(0, "Read from memory", "Two dwords:" & @CRLF & Hex($hi,8) & @CRLF & Hex($lo,8) & @CRLF & $full)

; Conversion to double:
$sMemHex = String($full)
$nNum = Dec($sMemHex, 3)

MsgBox(0, $full, $nNum)

I don't have NomadMemory installed, so instead I've shown the equivalent using structs (this method only works within one process). 

  • Like 1

Share this post


Link to post
Share on other sites
Ascer

@toto22

This code should works

Local $iPid = WinGetProcess("TI Pro")
Local $iAddress = 0x1FECD474

If $iPid = -1 Then
    ConsoleWrite("+++ Failed to get process PID. Open good process or change parameter in WinGetProcess func." & @CRLF)
    Exit
EndIf

Local $hHandle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $iPid)

If @error Then
    ConsoleWrite("+++ Failed to open process memory for FULL_ACCESS. Error is " & @error & @CRLF)
    Exit
EndIf

Local $tagStruct = "struct;double var1;endstruct"

Local $sStruct = DllStructCreate($tagStruct)

If @error Then
    ConsoleWrite("+++ Failed to create $sStruct. Error is " & @error & @CRLF)
    Exit
EndIf

DllCall("kernel32.dll", 'int', 'ReadProcessMemory', 'int', $hHandle[0], 'int', $iAddress, 'ptr', DllStructGetPtr($sStruct), 'int', DllStructGetSize($sStruct), 'int', '')

If @error Then
    ConsoleWrite("+++ Failed to Read Process Memory. Error is " & @error & @CRLF)
    Exit
EndIf

Local $vRet = DllStructGetData($sStruct, "var1")

If @error Then
    ConsoleWrite("+++ Failed to Get data from $sStruct. Error is " & @error & @CRLF)
    Exit
EndIf

ConsoleWrite("++ Successfully read memory at addr 0x" & Hex($iAddress) & " value is " & $vRet & @CRLF)

 

  • Like 1

Share this post


Link to post
Share on other sites
toto22

Thank you so much guys.

and Ascer that code works perfectly. Exactly what i was looking for. Thank you

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • CarlD
      By CarlD
      Is there a reliable way to ensure that data assigned to variables in a script is overwritten or deleted when the script exits? I have scripts that encrypt/decrypt data and would like to ensure, if possible, that the encryption keys and decrypted data do not stay in memory after the script exits. Thanks.
    • Tersion
      By Tersion
      Here test example of a dummy program with random added controls to the main form:
      If #include <GuiListView.au3> is commented out, then this simple program uses around 3,5 MB of RAM. When #include <GuiListView.au3> NOT commented out - RAM usage is around 13-14 MB.
      How can I reduce memory usage? Even if I'm not using GuiListView.au3 - 3,5 MB quite a bit for a such dummy program!
      I found out that using this DLLCall in main loop:
      DllCall("psapi.dll", "int", "EmptyWorkingSet", "long", -1) Significantly reduces RAM usage (even with GuiListView.au3 included, from 13-14 MB to 600 KB !!! ) but I'm not sure if it's doesn't have any impact to common workflow of a program...
      So, give me any advice about that, please.
    • DynamicRookie
      By DynamicRookie
      Hey there!
       
      I've been developing a artificial intelligence.

      My first hard task was letting the A.I know when a sentence is found in memory with different words
      What i tried to do here is simply, get all the words in user sentence that could be used
      as a identifier
              
              example: Steve Jobs
              
              then identify the sentence purpose with the words we found in the past "for" loop
              
              example: Do/Know/You/Who/Steve/Jobs
              
              Compare the example in the following matching sentences in memory.
              
              1-Steve jobs was a known person
              2-Do you know who barack obama is?
              3-Do you know Steve jobs?
              4-Do you know who steve jobs is?
              5-How much money steve jobs had
              
              Then find the sentence that has way more matches than the other ones, remember that if the identifier words were not found
              (Steve jobs) then the sentence is invalid.
              
              Every sentence has a different answer and is important that the right one is chosen.
              
      If there's no more than the half of words in matches, then assign a variable the result of function, such as a return but for a global var.
      I couldn't figure out how to do that with StringRegExp.
       
      I honestly need help with detecting identifiers on memory sentences.
      I would also like to let the AI know typos, meaning that moeny and money means the same thing.
      Any help is hugely appreciated.

       
    • xEviiLx
      By xEviiLx
      I'm trying to read value of a base pointer + offset.
      With only address I can easily the value but with base addres (pointer) I really don't know how I can do that.
       
    • RTFC
      By RTFC
      Please answer me these questions three, ere the other side you see:
      Are you running a 64-bit machine with a 64-bit Windows operating system? Can your AutoIt scripts cope with having directive #AutoIt3Wrapper_UseX64=Y, and thus @AutoItX64=True? Are you sick and tired of seeing this error message?
      If you (like me) answered "YES" to all three questions, then the _HighMem library may ease your pain (the name commemorates a useful utility from the days when CPUs were still steam-powered). Forget about pathetic boot switches /3GB and /userva; in a full-fledged 64-bit environment, _HighMem can pre-allocate all available physical/virtual RAM you've got (or any smaller size you need), and manage individual allocations therein with four simple functions:
      _HighMem_StartUp( $nSize, $sUnit="GB" ) ; parse size of total region to pre-allocate, e.g. (10,"GB") _HighMem_Allocate( $nSize, $sUnit="B" ) ; returns $pOffset (new allocation's base address) _HighMem_Release( $pOffset ) ; existing allocations are identified by their offset (base address) _HighMem_CleanUp() ; close handles, release all pre-allocated memory Of course, existing AutoIt limitations remain in force (e.g., DllstructCreate() is still limited to 2 GB per call), but the maximum of 2-4 GB of virtual memory per Windows process can (under the right circumstances, in the proper environment) be circumvented. However, this is the first beta release, so glitches are likely, and performance may vary. In fact, it may not work at all for you (if you're running 32-bit, for example). And since this involves your own hardware, it's unlikely I would be able to reproduce your issues in my own work environment. Nevertheless, if you find obvious bugs or mistakes in the code, please do post. And if it works for you, that's also good to hear. My own motivation for developing it was to supercharge my matrix computing environment (Eigen4AutoIt), so it can handle matrices of any size that fit in machine RAM.
      The attached zip contains the library itself (HighMem.au3) and two test examples. HighMem_Test1 performs a dry run stress test of the allocation management system; it does not actually do any memory I/O. By contrast, HighMem_Test2 pre-allocates a 6 GB space, stores 3 x 2GB structs there, performs some basic I/O, and releases the allocations one by one. Obviously, for this to work you'll need at least that much free RAM to begin with (check with Task Manager -> Performance -> Memory if you're unsure). My own test environment has 16 GB of physical RAM, and runs W10Pro/64.
      EDIT: minor edits added to improve user experience (many more status messages if $_HighMem_Verbose=True)
      HighMem.v0.85.7z
      EDIT: from beta version 0.9, HighMem supports shared memory, including mutex negotiation.
       
      HighMem.v0.91.7z
×