Jump to content

new _Mem functions


w0uter
 Share

Recommended Posts

you can find it by using a debugger (i used OllyDbg)

(i think there is just a really small amout of people that actually have knowledge enough to use these functions :lmao:)

Would I be able to use this program to get information from a status bar? Then would I be able to turn it back into what the status bar said?
INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
Link to comment
Share on other sites

60 view and no replies, that makes me sad :lmao:

Hi w0uter,

Given what you've done, could you also change the display time to something less than a second? Not to something subliminal, but only a little above. I frequently use MsgBoxes to show me variable content when I'm tracking a problem. I currently set them for one second but this is a lot slower than I could deal with and the boredom factor is high.

Gene

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Link to comment
Share on other sites

Why doesn't this work? I found the mem adress with T-search. It's the adress for my characters health.

I have Win XP in case that matters

Opt("WinTitleMatchMode", 3) 

$pid = WinGetProcess("Tibia")

$open = _MemOpen($pid)

$read = _MemRead($open,0x4A1240,4)
 
MsgBox(0,"",$read)


_MemWrite($open,0x4A1240,100)

Hallman

Link to comment
Share on other sites

Hi w0uter,

Given what you've done, could you also change the display time to something less than a second? Not to something subliminal, but only a little above. I frequently use MsgBoxes to show me variable content when I'm tracking a problem. I currently set them for one second but this is a lot slower than I could deal with and the boredom factor is high.

Gene

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.
Link to comment
Share on other sites

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.

Hi Valik,

Yes, that's what I was after, sigh. :lmao:

I've done the same thing with vars writing them to a file, but that's hard to corelate with what was happening on screen. I'e even tried capturing screen bitmaps but they often don't coincide and suck up lots of time and drive space.

Gene

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Link to comment
Share on other sites

Are you referring to the timeout feature of AutoIt's MsgBox() function? If yes, that's something AutoIt does, not Windows, so hacking that is not something that's easy to do like what w0uter has demonstrated.

i think you are mistaken. i hacked autoits internal handeling of the MsgBox Command.

After looking at the source for like ~60 seconds my guess would be to hack "vParams[3].nValue() * 1000" out of the source code.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

I know how AutoIt is achieving the effect, but why does the source code matter at all? I thought the point of this thread was hacking things in memory, not removing lines of code from the source file and re-compiling. How does knowing the source code help Gene at all? Why do you even mention it?

And where are you modifying the internals of AutoIt's MessageBox handling? I see you writing to memory a couple times but I can't see any difference in behavior that suggests you've modified how AutoIt is handling the MessageBox.

Link to comment
Share on other sites

@w0uter

I realize that you're referencing the 4th MsgBox parameter and the number is multiplied times 1000 clicks per second. If I had the src code I could find that snippet, but would have no idea what to do with it. No "C/C++" skills here. I was hoping you'd add that functionality in a UDF if it wasn't too much trouble. :lmao:

In attempting to try out your code in the first post, I created the attached file. When running the compiled script it errored saying that it couldn't execute the external file on lines 77 and 123. I edited them as shown below, now it runs, but says it can't find "K:\AutoIt3ExecuteLine".

;$i_Pid = Run(@ScriptFullPath & " /AutoIt3ExecuteLine ""MsgBox
$i_Pid = Run("K:\Local\Prog\AutoIt3\beta\AutoIt3.exe /AutoIt3ExecuteLine ""MsgBox

I'm running Win2K SP 4, 256MB RAM, several GB free space, IE 6.x SP1

Gene ;)

Edit: H'mmmn, didn't see Valiks post.

i think you are mistaken. i hacked autoits internal handeling of the MsgBox Command.

After looking at the source for like ~60 seconds my guess would be to hack "vParams[3].nValue() * 1000" out of the source code.

Edited by Gene

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Link to comment
Share on other sites

I know how AutoIt is achieving the effect, but why does the source code matter at all? I thought the point of this thread was hacking things in memory, not removing lines of code from the source file and re-compiling. How does knowing the source code help Gene at all? Why do you even mention it?

And where are you modifying the internals of AutoIt's MessageBox handling? I see you writing to memory a couple times but I can't see any difference in behavior that suggests you've modified how AutoIt is handling the MessageBox.

Source code just makes it easyer to know what to hack out in the memory.

As you probly know windows loads the code in the memory. Meaning that that line from the sourcecode will also be there.

(even though it is now converted to byte-code) thus making you able to remove that multiply in memory.

in version 103 its located at:

004177F0 69C0 E8030000 IMUL EAX,EAX,3E8

And by modifieng autoits handleing i ment that where it normaly would push the parameters for MessageBox on the stack it would this time push my parameters on the stack.

#region _Mem()

Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll') ]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc  ;==>_MemOpen

Func _MemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc  ;==>_MemWrite

Func _MemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc  ;==>_MemClose

Func _MemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
        $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
        $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
        $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
        $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
        $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
        $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    If IsString($1) Then
        $1 = StringSplit($1, '')
        Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
        For $i = 1 To UBound($1) - 1
            DllStructSetData($v_Helper, 1, Asc($1[$i]), $i)
        Next
    Else
        Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']')
        For $i = 1 To @NumParams
            DllStructSetData($v_Helper, 1, Eval($i), $i)
        Next
    EndIf
    Return $v_Helper
EndFunc  ;==>_MemCreate

#endregion

$i_Open = _MemOpen(@autoitpid)
_MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90))
_MemClose($i_Open)

MsgBox(0, 'title', 'text', 500)
Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

I added a ConsoleWrite() just to show what version I was using:

3.1.1.103
>Exit code: 0   Time: 17.159

That's 17 seconds, after I grew tired of waiting for it to disappear. I suspect it would of taken 500 seconds. I don't know what instructions you set to NOP but they weren't the right ones.

Link to comment
Share on other sites

Ahh, I did not run it compiled. Well, that exposes a second fundamental problem. Not only must we use the right version of AutoIt, we must also use it compiled (or not, depending on how it was tested). It's a nice proof of concept, maybe, but the things that you're trying to do aren't that practical.

Link to comment
Share on other sites

I downloaded and installed beta 103, compiled your code below. Outstanding! I can use this for problem tracing. After a little experimenting I find that something between 1/8 and 1/4 second is as fast as I can deal with. Thank you for the added feature.

Gene

#region _Mem()

Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0)
    Local $av_Return[2] = [DllOpen('kernel32.dll') ]
    Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)
    If @error Then
        DllClose($av_Return[0])
        SetError(1)
        Return 0
    EndIf
    $av_Return[1] = $ai_Handle[0]
    Return $av_Return
EndFunc ;==>_MemOpen

Func _MemWrite($ah_Mem, $i_Address, $v_Inject)
    Local $av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '')
    Return $av_Call[0]
EndFunc ;==>_MemWrite

Func _MemClose($ah_Mem)
    Local $av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])
    DllClose($ah_Mem[0])
    Return $av_Ret[0]
EndFunc ;==>_MemClose

Func _MemCreate($1, $2 = 0, $3 = 0, $4 = 0, $5 = 0, $6 = 0, $7 = 0, $8 = 0, $9 = 0, $10 = 0, $11 = 0, $12 = 0, $13 = 0, $14 = 0, $15 = 0, _
        $16 = 0, $17 = 0, $18 = 0, $19 = 0, $20 = 0, $21 = 0, $22 = 0, $23 = 0, $24 = 0, $25 = 0, $26 = 0, $27 = 0, $28 = 0, $29 = 0, _
        $30 = 0, $31 = 0, $32 = 0, $33 = 0, $34 = 0, $35 = 0, $36 = 0, $37 = 0, $38 = 0, $39 = 0, $40 = 0, $41 = 0, $42 = 0, $43 = 0, _
        $44 = 0, $45 = 0, $46 = 0, $47 = 0, $48 = 0, $49 = 0, $50 = 0, $51 = 0, $52 = 0, $53 = 0, $54 = 0, $55 = 0, $56 = 0, $57 = 0, _
        $58 = 0, $59 = 0, $60 = 0, $61 = 0, $62 = 0, $63 = 0, $64 = 0, $65 = 0, $66 = 0, $67 = 0, $68 = 0, $69 = 0, $70 = 0, $71 = 0, _
        $72 = 0, $73 = 0, $74 = 0, $75 = 0, $76 = 0, $77 = 0, $78 = 0, $79 = 0, $80 = 0, $81 = 0, $82 = 0, $83 = 0, $84 = 0, $85 = 0, _
        $86 = 0, $87 = 0, $88 = 0, $89 = 0, $90 = 0, $91 = 0, $92 = 0, $93 = 0, $94 = 0, $95 = 0, $96 = 0, $97 = 0, $98 = 0, $99 = 0)
    If IsString($1) Then
        $1 = StringSplit($1, '')
        Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
        For $i = 1 To UBound($1) - 1
            DllStructSetData($v_Helper, 1, Asc($1[$i]), $i)
        Next
    Else
        Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']')
        For $i = 1 To @NumParams
            DllStructSetData($v_Helper, 1, Eval($i), $i)
        Next
    EndIf
    Return $v_Helper
EndFunc ;==>_MemCreate

#endregion

$i_Open = _MemOpen(@autoitpid)
_MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90))
_MemClose($i_Open)

MsgBox(0, 'title', 'text', 500)

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Link to comment
Share on other sites

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt. I know with SciTE I can insert trace statements for any variable I want or I can insert a trace of all function calls (Like a call stack) for an entire file just with hotkeys. I rarely use message boxes for debugging and I definitely never needed to hack AutoIt to do it.

In addition, the moment 3.1.1.104 comes out, w0uter will have to give you a new base address. Is this really practical for you to hack AutoIt each release to ensure you can debug code when their are tons of other, more suitable ways of doing it?

Link to comment
Share on other sites

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt.

i agree, i always use consolewrite for debugging.

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...