Jump to content

new _Mem functions


w0uter
 Share

Recommended Posts

ASCII To Decimal Conversion And Back Again

(As seen in SciTE with default colours PS some one should make a script for this would be handy for posting code on forums :) )

#include <string.au3>

$Process = "egprocess.exe"

$Pid = ProcessExists($Process)

$h_open = _MemOpen($pid)

$ASCII = _MemRead($h_open, 0x77D67807,0)

;~ ASCII To Decimal

$ASCII = "*/"

$Temp = _StringReverse($ASCII)

$Temp = _StringToHex($Temp)

$dec = Dec($Temp)

MsgBox(0, "ASCII To Decimal", "ASCII: " & $ASCII & @LF & "Hex: " & $Temp & @LF & "Decimal: " & $dec)

;~ Decimal To ASCII

$dec = 12074

$Hex = Hex($dec,8)

$Temp = _HexToString($Hex)

$ASCII = _StringReverse($Temp)

MsgBox(0, "Decimal To ASCII", "Decimal: " & $dec & @LF & "Hex: " & $Hex & @LF & "ASCII: " & $ASCII)

_________________________________________________________________________________________________

@Analritter

No problems and Cheers NOTE: Your code is too far advanced compared to my level of AutoIt at the moment. But i am in to memory editing with other programs and botting with AutoIt so i would love to have them both rolled into the one program (i sorta understand memory editing and Cheat Engine 5.2 makes it easy)

@w0uter

Would you be able to look into getting the "_MemWrite" Working as this would be a very useful feature. The only feature that i can really use these for at the moment is just like a stats program on the application but no real editing of these values

Thanks!! I didn't realize the output was in ASCII and needed converted. :(

Link to comment
Share on other sites

well i think u need also float values to write a teleport-hack...

i would like to see more types of values and not only byte if that would be possible :(

hmm, so if you want to write double, it would be

$double = DllStructCreate('double') 
DllStructSetData($double,1,0xVALUE)
_MemWrite($pid,0xADDRESS,$double)

?

After looking further into this I modified some of w0uter's functions and now you can use different data types with it. The types were gotten from the AutoIt help file for DllStructCreate(). Append this to w0uter's code to run the example:

Global Const $MEM_STRING = ''
Global Const $MEM_BYTE = 'byte'     ; 1
Global Const $MEM_UBYTE = 'ubyte'   ; 1
Global Const $MEM_CHAR = 'char'     ; 1
Global Const $MEM_SHORT = 'short'   ; 2
Global Const $MEM_USHORT = 'ushort' ; 2
Global Const $MEM_INT = 'int'       ; 4
Global Const $MEM_UINT = 'uint'     ; 4
Global Const $MEM_DWORD = 'dword'   ; 4
Global Const $MEM_UDWORD = 'udword' ; 4
Global Const $MEM_PTR = 'ptr'       ; 4
Global Const $MEM_FLOAT = 'float'   ; 4
Global Const $MEM_DOUBLE = 'double' ; 8
Global Const $MEM_INT64 = 'int64'   ; 8
Global Const $MEM_UINT64 = 'uint64' ; 8



Func _MemReadType( $ah_Mem, $i_Address, $s_Type = '' )
    If $s_Type = $MEM_STRING Then
        Local $v_Return = ''
        Local $v_Struct = DllStructCreate('byte[1]')
        Local $v_Ret
        While 1
            DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', 1, 'int', '')
            $v_Ret = DllStructGetData($v_Struct, 1)
            If $v_Ret = 0 Then ExitLoop
            $v_Return &= Chr($v_Ret)
            $i_Address += 1
        WEnd
    Else
        Local $v_Struct = DllStructCreate($s_Type)
        DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', _SizeOf($s_Type), 'int', '')
        Local $v_Return = DllStructGetData($v_Struct, 1, 1)
    EndIf
    Return $v_Return
EndFunc  ;==>_MemReadType

Func _MemCreateType( $v_Data, $s_Type = '' )
    If $s_Type = $MEM_STRING Then
        $v_Data = StringSplit($v_Data, '')
        Local $v_Struct = DllStructCreate('byte[' & $v_Data[0] + 1 & ']')
        For $i = 1 To $v_Data[0]
            DllStructSetData($v_Struct, 1, Asc($v_Data[$i]), $i)
        Next
    Else
        Local $v_Struct = DllStructCreate($s_Type)
        DllStructSetData($v_Struct, 1, $v_Data, 1)
    EndIf
    Return $v_Struct
EndFunc  ;==>_MemCreateType

Func _SizeOf( $s_Type )
    Local $v_Struct = DllStructCreate($s_Type), $i_Size = DllStructGetSize($v_Struct)
    $v_Struct = 0
    Return $i_Size
EndFunc  ;==>_SizeOf



$i_Open = _MemOpen(@AutoItPID)
$i_Addr = _MemAlloc($i_Open, _SizeOf($MEM_FLOAT))
_MemWrite($i_Open, $i_Addr, _MemCreateType(-0.12345678912345, $MEM_FLOAT))
MsgBox(0, 'Address: 0x' & $i_Addr, _MemReadType($i_Open, $i_Addr, $MEM_FLOAT))
_MemFree($i_Open, $i_Addr)
_MemClose($i_Open)

The only problem with this is that in the example there are junk numbers on the end of the float. W0uter, do you have any insight on this? :)

Edited by erifash
Link to comment
Share on other sites

I have updated the code above, as parts of it were confusing and unnecessary. I have no clue what the problem might be. Any ideas? :)

Edited by erifash
Link to comment
Share on other sites

  • 2 weeks later...

i'm kinda new to this udf, so i'm gonna give it a try, but it seems it aint working for me

i know the adress is correct, since Tsearch and cheat engine both give the needed float.

but when i try it with autoit, it returns nothing.

$PID = ProcessExists ( "rbo_ex2.exe" )
$rboMEM = _MemOpen($PID)
ConsoleWrite("memopen"&@CR)
$test = _MemRead($rboMEM,0x00BD3B6F)
ConsoleWrite($test&@CR)
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

so it should be

_MemRead($rboMEM,0x00BD3B6F,????)

but howmuch bytes is a float ?

i just tryed 4 bytes, and the msg box is just empty

Edited by zeroZshadow
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

tryed both now, still NO value returned -.-

i did check if the pid was correct

and if it passed every step

i used:

$PID = ProcessExists ( "rbo_ex2.exe" )
if $PID = 0 Then
    MsgBox(0,"error","could not open file")
    Exit
EndIf
$rboMEM = _MemOpen($PID)
ConsoleWrite("memopen"&@CR)
$test = _MemRead($rboMEM,0x00BD3B6F,8)
MsgBox(0,"debug",$test)
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

ya u should -.- make a nice description per function xD

oke i just tested it

$test[0] gives 0

$test[1] gives (if 8 bytes) -73 (if 4 bytes) 44

but it SHOULD be 6.38543684223533E-41

strange he -.-

Edited by zeroZshadow
*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

I have been fooling around with the idea of a simple memory editor in AutoIt. It uses some of my modified memory functions but it doesn't exactly work. I know that I might not be using these in the correct way and I'm really not all that experienced with the memory functions. Could someone throw any ideas or suggestions my way as to what might the problem be? :D The code is attached.

Memory_GUI.au3

Link to comment
Share on other sites

in the memread function i see this line

Local $v_Struct = DllStructCreate('byte[1]')

doesn't that have tobe a float if i want to read a float ?

since till now, floats aint read correctly

i dont think this functions can read/write floats..
Link to comment
Share on other sites

really ?? that would suck big time

it would but dont be sure that its not possible with this functions ask the coder who did that he might know what it is possible and what not
Link to comment
Share on other sites

it can only read bytes 'out of the box'.

life takes up too much time to make a better version.

you can however just modify the call to make it read floats.

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...