Sign in to follow this  
Followers 0

new _Mem functions

197 posts in this topic

Posted (edited)

i rewrote open/read/write/close to fix all bugs known

if you dont know how to use it it is not for you :P

#region _Mem()

Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll') ]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc  ;==>_MemOpen

Func _MemRead($ah_Mem, $i_Address, $i_Size = 0)
    If $i_Size = 0 Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret
        
        While 1
            $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            If $v_Ret = 0 Then ExitLoop
            $v_Return &= Chr($v_Ret)
            $i_Address += 1
        WEnd
        
    Else
        Local $v_Struct = DllStructCreate('byte[' & $i_Size & ']')
        Local $v_Ret = DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', $i_Size, 'int', '')
        Local $v_Return[$v_Ret[4]]
        For $i = 0 To $v_Ret[4] - 1
            $v_Return[$i] = DllStructGetData($v_Struct, 1, $i + 1)
        Next
    EndIf
    Return $v_Return
EndFunc  ;==>_MemRead

Func _MemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc  ;==>_MemWrite

Func _MemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc  ;==>_MemClose

Func _MemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
        $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
        $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
        $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
        $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
        $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
        $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    If IsString($1) Then
        $1 = StringSplit($1, '')
        Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
        For $i = 1 To UBound($1) - 1
            DllStructSetData($v_Helper, 1, Asc($1[$i]), $i)
        Next
    Else
        Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']')
        For $i = 1 To @NumParams
            DllStructSetData($v_Helper, 1, Eval($i), $i)
        Next
    EndIf
    Return $v_Helper
EndFunc  ;==>_MemCreate

Func _MemRev($v_DWORD)
    If UBound($v_DWORD) = 4 Then Return '0x' & Hex($v_DWORD[3], 2) & Hex($v_DWORD[2], 2) & Hex($v_DWORD[1], 2) & Hex($v_DWORD[0], 2)
    Local $v_Ret[4] = ['0x' & StringMid(Hex($v_DWORD, 8), 7, 2), '0x' & StringMid(Hex($v_DWORD, 8), 5, 2), '0x' & StringMid(Hex($v_DWORD, 8), 3, 2), '0x' & StringMid(Hex($v_DWORD, 8), 1, 2) ]
    Return $v_Ret
EndFunc  ;==>_MemRev

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', BitOR($i_AT, 0x8000000), 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc  ;==>_MemAlloc

Func _MemFree($ah_Mem, $i_Address)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', 0, 'int', 0x8000)
        Case Else
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)
    EndSwitch
    Return $av_Free[0]
EndFunc  ;==>_MemFree

Func _MemText($ah_Mem, $s_Text)
    Local $i_Size = StringLen($s_Text) + 1
    Local $i_Addr = _MemAlloc($ah_Mem, $i_Size)
    _MemWrite($ah_Mem, $i_Addr, _MemCreate($s_Text))
    Return $i_Addr
EndFunc  ;==>_MemText

#endregion
Edited by w0uter

Share this post


Link to post
Share on other sites



Posted

60 view and no replies, that makes me sad :P

Share this post


Link to post
Share on other sites

Posted

60 view and no replies, that makes me sad :lmao:

:P w0uter

Share this post


Link to post
Share on other sites

Posted

w0uter can you explain what this does please.

Share this post


Link to post
Share on other sites

Posted (edited)

the bottom is commented ...

simply what this does is read the title and text of a messagebox created with autoit.

[edit] i wonder why the forum made a new post while i hitted edit ... [ /edit ]

Edited by w0uter

Share this post


Link to post
Share on other sites

Posted (edited)

could you give me a example ??

i don't know how to use it.

could you?

if you're free,i hope you could explain the purpose of script.

thanks

Edited by ilovecui

Share this post


Link to post
Share on other sites

Posted

could you give me a example ??

at the bottom of the code there is an example.

if you're free,i hope you could explain the purpose of script.

it can read memory from processes.

this means you can now get data in other ways then external resources (like an GUI)

(and also that you can create hacks in autoit well not yet much since writing is still broken)

Share this post


Link to post
Share on other sites

Posted

thanks ,this is a very good script! well done!

but,how could i know the mem address in the programme when runing

_MemRead($v_Open, 0x0012FBC0, 4)

like :0x0012FBC0

could you tell me how do you know the 0x0012FBC0?

do you know by using another mem editer??

Share this post


Link to post
Share on other sites

Posted

you can find it by using a debugger (i used OllyDbg)

(i think there is just a really small amout of people that actually have knowledge enough to use these functions :P)

Share this post


Link to post
Share on other sites

Posted

you're right!

i know something about this,but just a little!So I don;t know how to use this script to hack the autoit,can you tell me how to do it?

even if i know a little,but i don't konw how to use it the hack programme,like reading the data when checking the password in the mem.

if you're free,could you tell me how to clean the Password in mem after i press the ok button!because i don't want sb know this useing by mem editer ,could you do this by ur script???

Share this post


Link to post
Share on other sites

Posted

lots of new code, see first post :P

Share this post


Link to post
Share on other sites

Posted

At first glance i didn't understand what this script did, but after looking at it closely i realized that he wrote a script that simply modified memory addresses(actually it isn't so simple, i know that it is very complicated). Very clever. I guess this means you could write a trainer for a video game with auto it. :P

Share this post


Link to post
Share on other sites

Posted

hey, thanks for the script, i think its really useful.

i noticed it doesnt support pointers so i made my own function for pointers.

Func _MemReadPointer($ah_Mem, $i_Address, $i_Offset, $i_Size = 4, $negative = 0)

if $negative Then

Local $v_pointer = _MemRead($ah_Mem, '0x' & Hex(_MemHelper(_MemRead($ah_Mem, $i_Address, 4)) - $i_Offset), $i_Size)

Else

Local $v_pointer = _MemRead($ah_Mem, '0x' & Hex(_MemHelper(_MemRead($ah_Mem, $i_Address, 4)) + $i_Offset), $i_Size)

EndIf

Return $v_pointer

EndFunc ;==>_MemReadPointer

Share this post


Link to post
Share on other sites

Posted (edited)

2 new functions. :lmao:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    Return $av_Alloc[0]
EndFunc  ;==>_MemAlloc

Func _MemFree($ah_Mem, $i_Address)
    $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)
    Return $av_Free[0]
EndFunc  ;==>_MemFree

$i_Open = _MemOpen(@AutoItPID)
$i_Alloc = _MemAlloc($i_Open, 7)
_MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0))
MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc))
_MemFree($i_Open, $i_Alloc)
_MemClose($i_Open)
Edited by w0uter

Share this post


Link to post
Share on other sites

Posted

could someone with 9x/ME give this a try ?

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirutalAlloc', 'int', $i_Adress, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc  ;==>_MemAlloc

Func _MemFree($ah_Mem, $i_Address)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirutalFree', 'int', $i_Adress, 'int', $i_Size)
        Case Else
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)
    EndSwitch
    Return $av_Free[0]
EndFunc  ;==>_MemFree

$i_Open = _MemOpen(@AutoItPID)
$i_Alloc = _MemAlloc($i_Open, 7)
_MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0))
MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc))
_MemFree($i_Open, $i_Alloc)
_MemClose($i_Open)

Share this post


Link to post
Share on other sites

Posted

I am using 98. Here are some things:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirutalAlloc', 'int', $i_Adress, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc ;==>_MemAlloc

$i_Adress ---> $i_Address (also in _MemFree)

Return $av_Alloc[0]: This is generating error: subscript used on a non-array variable

If you can figure out these issues, I'll try it again.

Mike

Share this post


Link to post
Share on other sites

Posted

could someone with 9x/ME give this a try ?

Change

Virutal
to
Virtual
- several occurances, also in the first post code.

Mike :lmao:

Share this post


Link to post
Share on other sites

Posted

could someone with 9x/ME give this a try ?

after I changed the items I show above, this shows up:

Func _MemFree($ah_Mem, $i_Address)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', $i_Size)

$i_Size: Variable used without being declared

hmmm, I don't have enough time to figure this out right now...

Mike :lmao:

Share this post


Link to post
Share on other sites

Posted (edited)

thanx mike

btw welcome to the board :lmao:

new code:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $i_AT = BitOR($i_AT, 0x8000000); UNDOCUMENTED VA_SHARED
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc;==>_MemAlloc

Func _MemFree($ah_Mem, $i_Address)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFree', 'int', $i_Address, 'int', 0, 'int', 0x8000)
        Case Else
            $av_Free = DllCall($ah_Mem[0], 'int', 'VirtualFreeEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', 0, 'int', 0x8000)
    EndSwitch
    Return $av_Free[0]
EndFunc;==>_MemFree

$i_Open = _MemOpen(@AutoItPID)
$i_Alloc = _MemAlloc($i_Open, 7)
_MemWrite($i_Open, $i_Alloc, _MemHelper(119, 111, 117, 116, 101, 114, 0))
MsgBox(0, 'OmFg RoX0r', _MemRead($i_Open, $i_Alloc))
_MemFree($i_Open, $i_Alloc)
_MemClose($i_Open)
Edited by w0uter

Share this post


Link to post
Share on other sites

Posted

thanx mike

Welcome :lmao:

btw welcome to the board ;)

Glad to be here. - been signed up, lots of scripts written, employer does not want me to share them though. Finally posted.

I think this worked fine, small dialog popped up, Title = OmFg RoXOr, text = wouter.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.