new _Mem functions

Recommended Posts

• Replies 198
• Created

Popular Posts

I agree that reviving old topics with a valid request is fine. I also agree that a certain politeness should be adhered to in all topics. But following the board (see "General Help"), this is the thir

Posted Images

Once again, Great Work Wouter!

Thanks,

JKnight

Share on other sites

you can find it by using a debugger (i used OllyDbg)

(i think there is just a really small amout of people that actually have knowledge enough to use these functions )

Would I be able to use this program to get information from a status bar? Then would I be able to turn it back into what the status bar said?
INI TreeViewA bus station is where a bus stops, a train station is where a train stops. Onmy desk I have a work station...
Share on other sites

60 view and no replies, that makes me sad

Hi w0uter,

Given what you've done, could you also change the display time to something less than a second? Not to something subliminal, but only a little above. I frequently use MsgBoxes to show me variable content when I'm tracking a problem. I currently set them for one second but this is a lot slower than I could deal with and the boredom factor is high.

Gene

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Share on other sites

Why doesn't this work? I found the mem adress with T-search. It's the adress for my characters health.

I have Win XP in case that matters

Opt("WinTitleMatchMode", 3)

$pid = WinGetProcess("Tibia")$open = _MemOpen($pid)$read = _MemRead($open,0x4A1240,4) MsgBox(0,"",$read)

$i_Pid = Run("K:\Local\Prog\AutoIt3\beta\AutoIt3.exe /AutoIt3ExecuteLine ""MsgBox I'm running Win2K SP 4, 256MB RAM, several GB free space, IE 6.x SP1 Gene Edit: H'mmmn, didn't see Valiks post. i think you are mistaken. i hacked autoits internal handeling of the MsgBox Command. After looking at the source for like ~60 seconds my guess would be to hack "vParams[3].nValue() * 1000" out of the source code. Edited by Gene [font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right... Link to post Share on other sites I know how AutoIt is achieving the effect, but why does the source code matter at all? I thought the point of this thread was hacking things in memory, not removing lines of code from the source file and re-compiling. How does knowing the source code help Gene at all? Why do you even mention it? And where are you modifying the internals of AutoIt's MessageBox handling? I see you writing to memory a couple times but I can't see any difference in behavior that suggests you've modified how AutoIt is handling the MessageBox. Source code just makes it easyer to know what to hack out in the memory. As you probly know windows loads the code in the memory. Meaning that that line from the sourcecode will also be there. (even though it is now converted to byte-code) thus making you able to remove that multiply in memory. in version 103 its located at: 004177F0 69C0 E8030000 IMUL EAX,EAX,3E8 And by modifieng autoits handleing i ment that where it normaly would push the parameters for MessageBox on the stack it would this time push my parameters on the stack. #region _Mem() Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF,$i_Inherit = 0)
Local $av_Return[2] = [DllOpen('kernel32.dll') ] Local$ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int',$i_Access, 'int', $i_Inherit, 'int',$i_Pid)
If @error Then
DllClose($av_Return[0]) SetError(1) Return 0 EndIf$av_Return[1] = $ai_Handle[0] Return$av_Return
EndFunc  ;==>_MemOpen

Func _MemWrite($ah_Mem,$i_Address, $v_Inject) Local$av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int',$ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '') Return$av_Call[0]
EndFunc  ;==>_MemWrite

Func _MemClose($ah_Mem) Local$av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int',$ah_Mem[1])
DllClose($ah_Mem[0]) Return$av_Ret[0]
EndFunc  ;==>_MemClose

Func _MemCreate($1,$2 = 0, $3 = 0,$4 = 0, $5 = 0,$6 = 0, $7 = 0,$8 = 0, $9 = 0,$10 = 0, $11 = 0,$12 = 0, $13 = 0,$14 = 0, $15 = 0, _$16 = 0, $17 = 0,$18 = 0, $19 = 0,$20 = 0, $21 = 0,$22 = 0, $23 = 0,$24 = 0, $25 = 0,$26 = 0, $27 = 0,$28 = 0, $29 = 0, _$30 = 0, $31 = 0,$32 = 0, $33 = 0,$34 = 0, $35 = 0,$36 = 0, $37 = 0,$38 = 0, $39 = 0,$40 = 0, $41 = 0,$42 = 0, $43 = 0, _$44 = 0, $45 = 0,$46 = 0, $47 = 0,$48 = 0, $49 = 0,$50 = 0, $51 = 0,$52 = 0, $53 = 0,$54 = 0, $55 = 0,$56 = 0, $57 = 0, _$58 = 0, $59 = 0,$60 = 0, $61 = 0,$62 = 0, $63 = 0,$64 = 0, $65 = 0,$66 = 0, $67 = 0,$68 = 0, $69 = 0,$70 = 0, $71 = 0, _$72 = 0, $73 = 0,$74 = 0, $75 = 0,$76 = 0, $77 = 0,$78 = 0, $79 = 0,$80 = 0, $81 = 0,$82 = 0, $83 = 0,$84 = 0, $85 = 0, _$86 = 0, $87 = 0,$88 = 0, $89 = 0,$90 = 0, $91 = 0,$92 = 0, $93 = 0,$94 = 0, $95 = 0,$96 = 0, $97 = 0,$98 = 0, $99 = 0) If IsString($1) Then
$1 = StringSplit($1, '')
Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
For $i = 1 To UBound($1) - 1
DllStructSetData($v_Helper, 1, Asc($1[$i]),$i)
Next
Else
Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']') For$i = 1 To @NumParams
DllStructSetData($v_Helper, 1, Eval($i), $i) Next EndIf Return$v_Helper
EndFunc  ;==>_MemCreate

#endregion

$i_Open = _MemOpen(@autoitpid) _MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90))
_MemClose($i_Open) MsgBox(0, 'title', 'text', 500) Edited by w0uter My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll Link to post Share on other sites I added a ConsoleWrite() just to show what version I was using: 3.1.1.103 >Exit code: 0 Time: 17.159 That's 17 seconds, after I grew tired of waiting for it to disappear. I suspect it would of taken 500 seconds. I don't know what instructions you set to NOP but they weren't the right ones. Link to post Share on other sites Ahh, I did not run it compiled. Well, that exposes a second fundamental problem. Not only must we use the right version of AutoIt, we must also use it compiled (or not, depending on how it was tested). It's a nice proof of concept, maybe, but the things that you're trying to do aren't that practical. Link to post Share on other sites I downloaded and installed beta 103, compiled your code below. Outstanding! I can use this for problem tracing. After a little experimenting I find that something between 1/8 and 1/4 second is as fast as I can deal with. Thank you for the added feature. Gene #region _Mem() Func _MemOpen($i_Pid, $i_Access = 0x1F0FFF,$i_Inherit = 0)
Local $av_Return[2] = [DllOpen('kernel32.dll') ] Local$ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int',$i_Access, 'int', $i_Inherit, 'int',$i_Pid)
If @error Then
DllClose($av_Return[0]) SetError(1) Return 0 EndIf$av_Return[1] = $ai_Handle[0] Return$av_Return
EndFunc ;==>_MemOpen

Func _MemWrite($ah_Mem,$i_Address, $v_Inject) Local$av_Call = DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int',$ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Inject), 'int', DllStructGetSize($v_Inject), 'int', '') Return$av_Call[0]
EndFunc ;==>_MemWrite

Func _MemClose($ah_Mem) Local$av_Ret = DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int',$ah_Mem[1])
DllClose($ah_Mem[0]) Return$av_Ret[0]
EndFunc ;==>_MemClose

Func _MemCreate($1,$2 = 0, $3 = 0,$4 = 0, $5 = 0,$6 = 0, $7 = 0,$8 = 0, $9 = 0,$10 = 0, $11 = 0,$12 = 0, $13 = 0,$14 = 0, $15 = 0, _$16 = 0, $17 = 0,$18 = 0, $19 = 0,$20 = 0, $21 = 0,$22 = 0, $23 = 0,$24 = 0, $25 = 0,$26 = 0, $27 = 0,$28 = 0, $29 = 0, _$30 = 0, $31 = 0,$32 = 0, $33 = 0,$34 = 0, $35 = 0,$36 = 0, $37 = 0,$38 = 0, $39 = 0,$40 = 0, $41 = 0,$42 = 0, $43 = 0, _$44 = 0, $45 = 0,$46 = 0, $47 = 0,$48 = 0, $49 = 0,$50 = 0, $51 = 0,$52 = 0, $53 = 0,$54 = 0, $55 = 0,$56 = 0, $57 = 0, _$58 = 0, $59 = 0,$60 = 0, $61 = 0,$62 = 0, $63 = 0,$64 = 0, $65 = 0,$66 = 0, $67 = 0,$68 = 0, $69 = 0,$70 = 0, $71 = 0, _$72 = 0, $73 = 0,$74 = 0, $75 = 0,$76 = 0, $77 = 0,$78 = 0, $79 = 0,$80 = 0, $81 = 0,$82 = 0, $83 = 0,$84 = 0, $85 = 0, _$86 = 0, $87 = 0,$88 = 0, $89 = 0,$90 = 0, $91 = 0,$92 = 0, $93 = 0,$94 = 0, $95 = 0,$96 = 0, $97 = 0,$98 = 0, $99 = 0) If IsString($1) Then
$1 = StringSplit($1, '')
Local $v_Helper = DllStructCreate('byte[' & UBound($1) & ']')
For $i = 1 To UBound($1) - 1
DllStructSetData($v_Helper, 1, Asc($1[$i]),$i)
Next
Else
Local $v_Helper = DllStructCreate('byte[' & @NumParams & ']') For$i = 1 To @NumParams
DllStructSetData($v_Helper, 1, Eval($i), $i) Next EndIf Return$v_Helper
EndFunc ;==>_MemCreate

#endregion

$i_Open = _MemOpen(@autoitpid) _MemWrite($i_Open, 0x004177F0, _MemCreate(0x90, 0x90, 0x90, 0x90, 0x90, 0x90))
_MemClose(\$i_Open)

MsgBox(0, 'title', 'text', 500)

[font="Verdana"]Thanks for the response.Gene[/font]Yes, I know the punctuation is not right...

Share on other sites

Gene, IMO, you need to really re-think your debugging methods if you aren't able to do it without hacking AutoIt. I know with SciTE I can insert trace statements for any variable I want or I can insert a trace of all function calls (Like a call stack) for an entire file just with hotkeys. I rarely use message boxes for debugging and I definitely never needed to hack AutoIt to do it.

In addition, the moment 3.1.1.104 comes out, w0uter will have to give you a new base address. Is this really practical for you to hack AutoIt each release to ensure you can debug code when their are tons of other, more suitable ways of doing it?

Create an account

Register a new account