Jump to content

How to use WinIO to access memory


Recommended Posts

 

Below is my code to access memory data via WinIO; however, I only get 0 from $result[0] or BSOD. I can use DumpPhys.exe to dump memory data and it is correct. Do I miss something? 

Local $hDLL = DllOpen("WinIo64.dll")
sleep(500)
DllCall($hDLL, "bool", "InitializeWinIo")
sleep(500)
Local $result = ""
$result = DllCall($hDLL, "bool", "GetPhysLong", "byte*", "D6F76010", "dword*", "")
sleep(500)
msgbox(0,"0xD6F76010 0",$result[0])
DllCall($hDLL, "none", "ShutdownWinIo")
sleep(500)
DllClose($hDLL)
 

Link to comment
Share on other sites

DllCall($hDLL, "bool", "GetPhysLong", "byte*", "D6F76010", "dword*", "")

The parameters type are probably wrong D6F76010 doesn't look a byte to me :lol:, and passing it as a * (ptr) well...

Link to comment
Share on other sites

  • Developers
23 minutes ago, francischi said:

My OS is x64 so I want to use WinIO64.dll. Or I still can use WinIO32.dll on x64 OS?

Depends which version of AutoIt3 you use I guess!

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

I tried to change type but I still got BSOD only. 

$result = DllCall($hDLL, "bool", "GetPhysLong", "PTR*", "0xD6F76010", "DWORD", "")

$result = DllCall($hDLL, "bool", "GetPhysLong", "BYTE*", "0xD6F76010", "DWORD*", "")

$result = DllCall($hDLL, "bool", "GetPhysLong", "INT*", "0xD6F76010", "DWORD*", "")

Besides, I just check help WinIO.chm, and it mentions GetPhysLong function.  

bool _stdcall GetPhysLong( PBYTE pbPhysAddr, PDWORD pdwPhysVal );   

Parameters

pbPhysAddr
[in] Pointer to the physical address

pdwPhysVal
[out] Pointer to a DWORD variable that receives the value obtained from the physical memory location.

Link to comment
Share on other sites

Do you know if this particular dll needs to be registered ?  Have you registered it ?

Can you show the result of DllCall($hDLL, "bool", "InitializeWinIo") ? Is it 0 or 1 ?

Can you upload the chm ?  Since I never used WinIo there maybe something missing...

Since you are using 64 bits, you know you must compile it x64 before running it...

Link to comment
Share on other sites

3 hours ago, Nine said:

you must compile it x64 before running it

:huh2: No you don't. Just add directive:

#AutoIt3Wrapper_UseX64=Y

in Scite to run from the editor in x64 mode without compiling.

Link to comment
Share on other sites

  • Developers
2 hours ago, RTFC said:

:huh2: No you don't. Just add directive:

#AutoIt3Wrapper_UseX64=Y

in Scite to run from the editor in x64 mode without compiling.

This works only when the full installer for SciTE4AutoIt3 is installed ! :) 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

11 hours ago, Nine said:

Do you know if this particular dll needs to be registered ?  Have you registered it ?

Can you show the result of DllCall($hDLL, "bool", "InitializeWinIo") ? Is it 0 or 1 ?

Can you upload the chm ?  Since I never used WinIo there maybe something missing...

Since you are using 64 bits, you know you must compile it x64 before running it...

I didn't register but I enable test mode and run DumpPhys.exe as attachment to make sure it can work. DllCall returned 0 after I call it and I compile it as x64 too. 

WinIo.zip

Link to comment
Share on other sites

2 hours ago, Nine said:

so 0 means it failed. so you have to find a way to make initialize... to work.  Have you run your exe as admin ?

 

Yes, I run exe as admin. I check DllCall function, it should return 0 if I call successfully.

 

Return Value

Success: an array. See remarks.
Failure: sets the @error flag to non-zero.
@error: 1 = unable to use the DLL file,
2 = unknown "return type",
3 = "function" not found in the DLL file,
4 = bad number of parameters,
5 = bad parameter.
Link to comment
Share on other sites

9 hours ago, francischi said:

I check DllCall function, it should return 0 if I call successfully.

It returns an array.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites

Link to comment
Share on other sites

Here the code I used and it is working...

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
Local $hDLL1 = DllOpen("WinIo64.dll")
Sleep (200)
ConsoleWrite ("hdll = " & $hDLL1 & @CRLF)

$result = DllCall($hDLL1, "bool", "InitializeWinIo")
Sleep (1000)
ConsoleWrite ("Init " & $result[0] & @CRLF)
Local $b = "0xD6F7"
For $i = 1 to 20
  $result = DllCall($hDLL1, "bool", "GetPhysLong", "int_ptr", $b, "dword*", 0)
  $b += 1
  Sleep (1000)
  ConsoleWrite ("Get " & $result[0] &"/" & $result[1] &"/" & $result[2] & "/" & @CRLF)
Next

DllCall($hDLL1, "none", "ShutdownWinIo")
DllClose($hDLL1)

Results :

hdll = 1
Init 1
Get 1/55031/3389158144/
Get 1/55032/3402236531/
Get 1/55033/13289986/
Get 1/55034/51914/
Get 1/55035/202/
Get 1/55036/0/
Get 1/55037/0/
Get 1/55038/0/
Get 1/55039/0/
Get 1/55040/0/
Get 1/55041/0/
Get 1/55042/0/
Get 1/55043/0/
Get 1/55044/0/
Get 1/55045/1442840576/
Get 1/55046/1498808320/
Get 1/55047/1247368704/
Get 1/55048/4872534/
Get 1/55049/19033/
Get 1/55050/74/

 

Edited by Nine
Link to comment
Share on other sites

18 hours ago, Nine said:

Here the code I used and it is working...

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=y
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
Local $hDLL1 = DllOpen("WinIo64.dll")
Sleep (200)
ConsoleWrite ("hdll = " & $hDLL1 & @CRLF)

$result = DllCall($hDLL1, "bool", "InitializeWinIo")
Sleep (1000)
ConsoleWrite ("Init " & $result[0] & @CRLF)
Local $b = "0xD6F7"
For $i = 1 to 20
  $result = DllCall($hDLL1, "bool", "GetPhysLong", "int_ptr", $b, "dword*", 0)
  $b += 1
  Sleep (1000)
  ConsoleWrite ("Get " & $result[0] &"/" & $result[1] &"/" & $result[2] & "/" & @CRLF)
Next

DllCall($hDLL1, "none", "ShutdownWinIo")
DllClose($hDLL1)

Results :

hdll = 1
Init 1
Get 1/55031/3389158144/
Get 1/55032/3402236531/
Get 1/55033/13289986/
Get 1/55034/51914/
Get 1/55035/202/
Get 1/55036/0/
Get 1/55037/0/
Get 1/55038/0/
Get 1/55039/0/
Get 1/55040/0/
Get 1/55041/0/
Get 1/55042/0/
Get 1/55043/0/
Get 1/55044/0/
Get 1/55045/1442840576/
Get 1/55046/1498808320/
Get 1/55047/1247368704/
Get 1/55048/4872534/
Get 1/55049/19033/
Get 1/55050/74/

 

I also can get memory data on your code. Thanks. I have another question about function type. I modify int_ptr to uint_ptr, but I still got 0 when my memory address $b > 0x7fffffff.

$result = DllCall($hDLL1, "bool", "GetPhysLong", "UINT_PTR", $b, "DWORD*", 0)

Link to comment
Share on other sites

On 2018/11/13 at 5:48 PM, francischi said:

I also can get memory data on your code. Thanks. I have another question about function type. I modify int_ptr to uint_ptr, but I still got 0 when my memory address $b > 0x7fffffff.

$result = DllCall($hDLL1, "bool", "GetPhysLong", "UINT_PTR", $b, "DWORD*", 0)

I can fix it know. Thanks all.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...