Sign in to follow this  
Followers 0
Nomad

Improved _Mem() UDF's

91 posts in this topic

#1 ·  Posted (edited)

These are some _Memory UDF's I've been using personally. They are based on wOuter's original concept, but are not a direct copy of his functions. I had to modify his functions to get them to work for a project I was working on, and since I had to do so much research to modify them, I decided to take it an extra step and turn them into these improved UDF's. In my opinion, these are much more user friendly.

I'll let the functions speak for themself:

#include-once
#region _Memory
;=================================================================================================
; AutoIt Version:   3.1.127 (beta)
; Language:         English
; Platform:         All Windows
; Author:           Nomad
; Requirements:     These functions will only work with beta.
;=================================================================================================
; Credits:  wOuter - These functions are based on his original _Mem() functions.  But they are
;           easier to comprehend and more reliable.  These functions are in no way a direct copy
;           of his functions.  His functions only provided a foundation from which these evolved.
;=================================================================================================
;
; Functions:
;
;=================================================================================================
; Function:         _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
; Description:      Opens a process and enables all possible access rights to the process.  The
;                   Process ID of the process is used to specify which process to open.  You must
;                   call this function before calling _MemoryClose(), _MemoryRead(), or _MemoryWrite().
; Parameter(s):     $iv_Pid - The Process ID of the program you want to open.
;                   $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which enables all
;                                       possible access rights to the process specified by the
;                                       Process ID.
;                   $if_InheritHandle - (optional) If this value is TRUE, all processes created by
;                                       this process will inherit the access handle.  Set to TRUE
;                                       (1) by default.  Set to 0 if you want it to be FALSE.
; Requirement(s):   A valid process ID.
; Return Value(s):  On Success - Returns an array containing the Dll handle and an open handle to
;                                the specified process.
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $iv_Pid.
;                            2 = Failed to open Kernel32.dll.
;                            3 = Failed to open the specified process.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1)
    
    If Not ProcessExists($iv_Pid) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $ah_Handle[2] = [DllOpen('kernel32.dll')]
    
    If @Error Then
        SetError(2)
        Return 0
    EndIf
    
    Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid)
    
    If @Error Then
        DllClose($ah_Handle[0])
        SetError(3)
        Return 0
    EndIf
    
    $ah_Handle[1] = $av_OpenProcess[0]
    
    Return $ah_Handle
    
EndFunc

;=================================================================================================
; Function:         _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
; Description:      Reads the value located in the memory address specified.
; Parameter(s):     $iv_Address - The memory address you want to read from. It must be in hex
;                                 format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                   $sv_Type - (optional) The "Type" of value you intend to read.  This is set to
;                               'dword'(32bit(4byte) signed integer) by default.  See the help file
;                               for DllStructCreate for all types.
;                               An example: If you want to read a word that is 15 characters in
;                               length, you would use 'char[16]'.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns the value located at the specified address.
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):          Values returned are in Decimal format, unless specified as a 'char' type, then
;                   they are returned in ASCII format.  Also note that size ('char[size]') for all
;                   'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $v_Buffer = DllStructCreate($sv_Type)
    
    If @Error Then
        SetError(@Error + 1)
        Return 0
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
    
    If Not @Error Then
        Local $v_Value = DllStructGetData($v_Buffer, 1)
        Return $v_Value
    Else
        SetError(6)
        Return 0
    EndIf
    
EndFunc

;=================================================================================================
; Function:         _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
; Description:      Writes data to the specified memory address.
; Parameter(s):     $iv_Address - The memory address you want to write to.  It must be in hex
;                                 format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                   $v_Data - The data to be written.
;                   $sv_Type - (optional) The "Type" of value you intend to write.  This is set to
;                               'dword'(32bit(4byte) signed integer) by default.  See the help file
;                               for DllStructCreate for all types.
;                               An example: If you want to write a word that is 15 characters in
;                               length, you would use 'char[16]'.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns 1
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = $sv_Type was not a string.
;                            3 = $sv_Type is an unknown data type.
;                            4 = Failed to allocate the memory needed for the DllStructure.
;                            5 = Error allocating memory for $sv_Type.
;                            6 = $v_Data is not in the proper format to be used with the "Type"
;                                selected for $sv_Type, or it is out of range.
;                            7 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):          Values sent must be in Decimal format, unless specified as a 'char' type, then
;                   they must be in ASCII format.  Also note that size ('char[size]') for all
;                   'char' types should be 1 greater than the actual size.
;=================================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    Local $v_Buffer = DllStructCreate($sv_Type)
    
    If @Error Then
        SetError(@Error + 1)
        Return 0
    Else
        DllStructSetData($v_Buffer, 1, $v_Data)
        If @Error Then
            SetError(6)
            Return 0
        EndIf
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
    
    If Not @Error Then
        Return 1
    Else
        SetError(7)
        Return 0
    EndIf
    
EndFunc

;=================================================================================================
; Function:         _MemoryClose($ah_Handle)
; Description:      Closes the process handle opened by using _MemoryOpen().
; Parameter(s):     $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns 1
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = Invalid $ah_Handle.
;                            2 = Unable to close the process handle.
; Author(s):        Nomad
; Note(s):
;=================================================================================================
Func _MemoryClose($ah_Handle)
    
    If Not IsArray($ah_Handle) Then
        SetError(1)
        Return 0
    EndIf
    
    DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
    If Not @Error Then
        DllClose($ah_Handle[0])
        Return 1
    Else
        DllClose($ah_Handle[0])
        SetError(2)
        Return 0
    EndIf
    
EndFunc

;=================================================================================================
; Function:         _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type])
; Description:      Reads a chain of pointers and returns an array containing the destination
;                   address and the data at the address.
; Parameter(s):     $iv_Address - The static memory address you want to start at. It must be in
;                                 hex format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                   $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                offset.  If there is no offset for a pointer, enter 0 for that
;                                array dimension.
;                   $sv_Type - (optional) The "Type" of data you intend to read at the destination
;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                default.  See the help file for DllStructCreate for all types.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns an array containing the destination address and the value
;                                located at the address.
;                   On Failure - Returns 0
;                   @Error - 0 = No error.
;                            1 = $av_Offset is not an array.
;                            2 = Invalid $ah_Handle.
;                            3 = $sv_Type is not a string.
;                            4 = $sv_Type is an unknown data type.
;                            5 = Failed to allocate the memory needed for the DllStructure.
;                            6 = Error allocating memory for $sv_Type.
;                            7 = Failed to read from the specified process.
; Author(s):        Nomad
; Note(s):          Values returned are in Decimal format, unless a 'char' type is selected.
;                   Set $av_Offset like this:
;                   $av_Offset[0] = NULL (not used)
;                   $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                   $av_Offset[2] = Offset for pointer 2
;                   etc...
;                   (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')
    
    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf
    
    Local $iv_Data[2], $i
    Local $v_Buffer = DllStructCreate('dword')
    
    For $i = 0 to $iv_PointerCount
        
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @Error Then
                SetError(@Error + 2)
                Return 0
            EndIf
            
            $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        Else
            $iv_Address = '0x' & hex($iv_Data[1] + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(7)
                Return 0
            EndIf
            
            $iv_Data[1] = DllStructGetData($v_Buffer, 1)
            
        EndIf
        
    Next
    
    $iv_Data[0] = $iv_Address
    
    Return $iv_Data

EndFunc

;=================================================================================================
; Function:         _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data[, $sv_Type])
; Description:      Reads a chain of pointers and writes the data to the destination address.
; Parameter(s):     $iv_Address - The static memory address you want to start at. It must be in
;                                 hex format (0x00000000).
;                   $ah_Handle - An array containing the Dll handle and the handle of the open
;                                process as returned by _MemoryOpen().
;                   $av_Offset - An array of offsets for the pointers.  Each pointer must have an
;                                offset.  If there is no offset for a pointer, enter 0 for that
;                                array dimension.
;                   $v_Data - The data to be written.
;                   $sv_Type - (optional) The "Type" of data you intend to write at the destination
;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
;                                default.  See the help file for DllStructCreate for all types.
; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
; Return Value(s):  On Success - Returns the destination address.
;                   On Failure - Returns 0.
;                   @Error - 0 = No error.
;                            1 = $av_Offset is not an array.
;                            2 = Invalid $ah_Handle.
;                            3 = Failed to read from the specified process.
;                            4 = $sv_Type is not a string.
;                            5 = $sv_Type is an unknown data type.
;                            6 = Failed to allocate the memory needed for the DllStructure.
;                            7 = Error allocating memory for $sv_Type.
;                            8 = $v_Data is not in the proper format to be used with the
;                                "Type" selected for $sv_Type, or it is out of range.
;                            9 = Failed to write to the specified process.
; Author(s):        Nomad
; Note(s):          Data written is in Decimal format, unless a 'char' type is selected.
;                   Set $av_Offset like this:
;                   $av_Offset[0] = NULL (not used, doesn't matter what's entered)
;                   $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
;                   $av_Offset[2] = Offset for pointer 2
;                   etc...
;                   (The number of array dimensions determines the number of pointers)
;=================================================================================================
Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword')
    
    If IsArray($av_Offset) Then
        If IsArray($ah_Handle) Then
            Local $iv_PointerCount = UBound($av_Offset) - 1
        Else
            SetError(2)
            Return 0
        EndIf
    Else
        SetError(1)
        Return 0
    EndIf
    
    Local $iv_StructData, $i
    Local $v_Buffer = DllStructCreate('dword')

    For $i = 0 to $iv_PointerCount
        If $i = $iv_PointerCount Then
            $v_Buffer = DllStructCreate($sv_Type)
            If @Error Then
                SetError(@Error + 3)
                Return 0
            EndIf
            
            DllStructSetData($v_Buffer, 1, $v_Data)
            If @Error Then
                SetError(8)
                Return 0
            EndIf
            
            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(9)
                Return 0
            Else
                Return $iv_Address
            EndIf
        ElseIf $i = 0 Then
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf
            
            $iv_StructData = DllStructGetData($v_Buffer, 1)
            
        Else
            $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
            DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
            If @Error Then
                SetError(3)
                Return 0
            EndIf
            
            $iv_StructData = DllStructGetData($v_Buffer, 1)
            
        EndIf
    Next

EndFunc
#endregionoÝ÷ Ù°'{îËb¢ÛV*í¹©P¹êòèºÇ­+ºw-ò¢é®²×â®Ën±ãò:§¶§Ê¦k'[aÇîËb¢t^iÛayû§rبuêí¢Ç¶«zÛ«)ߢ¹¶*'ë.­ëhºÇzj+È)h±ì!z|¨¹ªÞvÞiDzȧØ^騯*j| ÷§¦ºz˺Ú"µÍÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOBÈ[Ý[ÛBBWÕX[]YQ^
    ÌÍÚ]ÐYÜË  ÌÍØZÒ[JBÈØÜ[ÛBSÜ[ÈHØÙÜÈ[XYÈ[]È[ÜX][ÛÜHY[[ÜHYÙHÚXÚÂBBBBXÛÛZ[ÈHY[[ÜHYÜÈÜXÚYYYÈ[Y]ÊNBIÌÍÚ]ÐYÜÈHHY[[ÜHYÜÈ[ÝHØ[ÈXYÛK]]ÝH[^ÂBBBBBBBHÜX]

KÂBBBBIÌÍØZÒ[HH[^HÛÛZ[[ÈH[H[H[HÙHÜ[ÂBBBBBBBHØÙÜÈÈ]YHÓY[[ÜSÜ[
KÈ]Z[Y[
ÊNPH[YØÙÜÈQÈ][YJÊNSÛÝXØÙÜÈH]È[^HÛÛZ[[ÈHÛÝÚ[ÎÂBBBBBBBH ÌÍÐ^VÌHHÙHYÜËÂBBBBBBBH  ÌÍÐ^VÌWHH[ØØ][ÛÙKÂBBBBBBBH ÌÍÐ^VÌHH[ØØ][ÛÝXÝÂBBBBBBBH    ÌÍÐ^VÌ×HHYÚ[ÛÚ^KÂBBBBBBBH  ÌÍÐ^VÍHHÝ]KÂBBBBBBBH  ÌÍÐ^VÍWHHÝXÝÂBBBBBBBH    ÌÍÐ^VÍHHKÂBBBBSÛZ[HH]ÈÂBBBBPÜHHÈÜÂBBBBBBHHH[[Y  ÌÍØZÒ[KÂBBBBBBHH   ÌÍÜÝÕHØÈÝHÝ[ËÂBBBBBBHÈH ÌÍÜÝÕHÈ[[ÛÝÛ]HKÂBBBBBBH
HZ[YÈ[ØØ]HHY[[ÜHYYYÜHÝXÝKÂBBBBBBH
HHÜ[ØØ][ÈY[[ÜHÜ   ÌÍÜÝÕKÂBBBBBBH
HZ[YÈXYÛHHÜXÚYYYØÙÜËÈ]]ÜÊNBSÛXYÈÝJÊNÏOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOB[ÈÕX[]YQ^
    ÌÍÚ]ÐYÜË  ÌÍØZÒ[JBBRYÝÐ^J   ÌÍØZÒ[JH[BTÙ]ÜJBBT]Q[YBSØØ[ ÌÍØ]Ñ]VÍ×K    ÌÍÚBSØØ[   ÌÍÝÐYHÝXÝÜX]J    ÌÎNÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜÙÛÜ ÌÎNÊBBRYÜ[BTÙ]ÜÜ
ÈJBBT]Q[YBQØ[
    ÌÍØZÒ[VÌK  ÌÎNÚ[    ÌÎNË ÌÎNÕX[]YQ^   ÌÎNË ÌÎNÚ[    ÌÎNË ÌÍØZÒ[VÌWK ÌÎNÚ[    ÌÎNË ÌÍÚ]ÐYÜË  ÌÎNÜÌÎNËÝXÝÙ]  ÌÍÝÐYK  ÌÎNÚ[    ÌÎNËÝXÝÙ]Ú^J ÌÍÝÐYJBBRYÝÜ[BBBQÜ   ÌÍÚHHÈ
BBBBBIÌÍØ]Ñ]VÉÌÍÚWHH^
ÝXÝÙ]]J  ÌÍÝÐY
    ÌÍÚH
ÈJJJBBBBBS^BBBT]   ÌÍØ]Ñ]BBBQ[ÙBBTÙ]Ü
BBT]Q[YB[[

Source:

VirtualQueryEx.au3

After doing a search on this function in the forum here, I only found 2 topics on it, and one of them was mine, hehe. In the other topic, someone said it couldn't be done, or something to that effect, so I decided to make this since I'm currently using it for my memory tool I've been working on.

For a working example of this function, as well as how it's used, look here. The example doesn't use this function directly, since the example scans all virtual memory for a given process, the loop time would be a little longer and I wanted to return the values as fast as possible. So if you need a structural example for this function, let me know.

Any questions about any of the following should be directed to the appropriate website. I'm only providing them for your convenience.

General Reversing Tutorials & Guides:

Reversing Basics

A Little Guide for Wannabe Reverser

Collection of Reversing Resources (has a lot)

Here are some tutorials using Ollydbg:

Netter's "HowToHackD2_Edition1"

Netter's "HowToHackD2_Edition2"

Reverse Engineering: Simple Reversing with Olly pt. 1

Easy reversing: GeekCalc.exe

Cracking Code - Part 1

OllyTutorial #1 (with crackme)

OllyTutorial #2 (with crackme)

OllyTutorials for newbies - Great link, thanks lololop :D (have to register to view)

(I'm still looking for more. If you know of any, feel free to post them)

I haven't used every one of these links personally, so I don't know for sure what level of experience is assumed. Netter's tutorials are definately good for inexperienced users. The GeekCalc is also a good one.

Programs made specifically for practicing reverse engineering:

Crackmes.de

Miscellaneous links

An Introduction to Assembly Language Programming

RCE Forums a reverse engineering forum

The Reverse Engineering Community another reverse engineering forum

You can also check the link at the bottom of my signature to learn some basic assembly language programming. I highly recommend knowing the basics before submerging yourself into reverse engineering. Learning to reverse engineer is not as easy as learning to program (debugging a program to get the memory addresses needed to use these functions is reverse engineering). There is probably not going to be a tutorial which accomplishes exactly what it is you want, which means you have to build knowledge by doing many tutorials and learn how to apply that knowledge to achieve your goals.

If you have any questions that aren't related to the linked tutorials or guides, or any comments, feel free to post them. If you don't understand how to use these functions then I suggest doing some research, this is about as simple as functions like this can be.

Nomad :D

Edit: Updated. I will try to keep all the most current information in this post.

Examples.zip

Full_Include.zip

Memory.au3

Process_Selector.au3

Edited by Nomad

Share this post


Link to post
Share on other sites



I'm a huge noob at this memory address stuff, so please show a little mercy if these are stupid questions.

In the first line of your _MemOpen function you have $InheritHandle = 0x1F0FFF. How do you determine that address? Can an address be passed to this function and replace the 1F0FFF, or is that address supposed to be a fixed address that applies all the time? I see that you have said it is optional, so can it be omitted altogether without adverse effects?

If it can be omitted, would the first line look like this:

Func _MemOpen($Pid, $InheritHandle = )

or

Func _MemOpen($Pid)

Again, I'm sorry if these are dumb questions (and I'm sure they are), but I'm just getting into the memory reads and such and am stumbling along blindly.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I'm a huge noob at this memory address stuff, so please show a little mercy if these are stupid questions.

In the first line of your _MemOpen function you have $InheritHandle = 0x1F0FFF. How do you determine that address? Can an address be passed to this function and replace the 1F0FFF, or is that address supposed to be a fixed address that applies all the time? I see that you have said it is optional, so can it be omitted altogether without adverse effects?

If it can be omitted, would the first line look like this:

Func _MemOpen($Pid, $InheritHandle = )

or

Func _MemOpen($Pid)

Again, I'm sorry if these are dumb questions (and I'm sure they are), but I'm just getting into the memory reads and such and am stumbling along blindly.

You most likely will not need to pass on that parameter. Most users will use _MemoryOpen() like this:

_MemoryOpen($ProcessID)oÝ÷ ØêmÚ«jg­z»­ç±iËeÊØZ¶mÚò¢ç§µêç¢Øbaz{ay×jém½©nz+.±ç[2-ºÇ«³¥z-ç¶)yÈÊØ^±êZ­©µêìý½7ê+ÃzÈ«yÐqë,ÓEÐQE=$,°DËaz±r^¥ªÚë^­ú+:§>ºzË0'!zvëZh²Èæqë,®(!¶Ëh¶©®²Ë)yÈçSê'*ÞjÊ'Ê°¢é]ç¶!jx¶¬Â¥u·¢*.Á©í¶Þ²Úâr×®Ö¢§zË+m²Ú-ë)yÈçi®²Áh­ìZ^Ó4×CÑ8!ISâ²Ø^ì¡×©j¶¦z׫ÂåÉéÚnW¬¶qǬ²¸ Û'^+_®­êk¡Ç¬³l騯&®¶­seôÖVÖ÷'÷Vâb33cµ&ö6W74BÂoÝ÷ ÛMúò'êâ´v§vW~Øb²ö¥¹è¬MÖØ^©e¦ºz˱ÊÞj×o+azèqë,Â,xúèqë,

I've also found a small bug with _MemoryRead(). It only applies to using a 'char' type however. If you have a 15 letter word you want to read, and set the "Type" to 'char[15]', it will return the entire 15 letter word, but it will have some ASCII garbage at the end. If you set the type to 'char[16]' instead, it reads the entire word still, but doesn't have the garbage. The only reason I can think of that would cause this would be something to do with a setting in AutoIt, but that doesn't mean it's not for some other reason. I'm going to further explore this bug before posting my updated UDF's, and if I can't find a solution, I'll implement something in the function to make this correction automatically within the function so as not to confuse anyone using the function.

I hope this helps,

Nomad :D

Edit: updated for conformance to the most recent functions.

Edited by Nomad

Share this post


Link to post
Share on other sites

that 'char' bug isnt a bug. strings need to be terminated with a 0 (NULL) char.

Ah, interesting. I wasn't aware of that. Thanks for the tip, I'll look into it further and implement some kind of corrective action.

Great work on your original functions. Without them as a guide I wouldn't have known where to begin doing this sort of thing with AutoIt. :D

Nomad :wacko:


Share this post


Link to post
Share on other sites

Thanks, Nomad. That helps alot. I think it answered all the questions I have at this point. (I'm sure I'll have more. :D) But this gives me a starting point on trying to figure some of this memory shtuff out. Not that I'm dissing w0uter's functions. They were just too hard to figure out how to use for a noob like me without any comments included. Good job to both you guys.

Share this post


Link to post
Share on other sites

Nothing was supposed to happen. They're just a bunch of functions for different purposes that are supposed to be called by your scripts.

Share this post


Link to post
Share on other sites

Thanks, Nomad. That helps alot. I think it answered all the questions I have at this point. (I'm sure I'll have more. :D ) But this gives me a starting point on trying to figure some of this memory shtuff out. Not that I'm dissing w0uter's functions. They were just too hard to figure out how to use for a noob like me without any comments included. Good job to both you guys.

No problem, when I update these in another day or two they should more clearly explain how to apply them for the inexperienced users. Which I'm sure will lead to more questions, since the actual use of these functions is the easiest part... getting the memory addresses to use them is another story. Maybe I'll locate some of the tutorials I used a while back when learning memory stuff, that way I won't be faced with questions which are going to take hours of typing to answer. :wacko:

I have no problem answering any questions relating to the actual functions, but questions like:

How do I read and/or write to the memory address for health in w/e game?

will remain unanswered. Questions such as those require more knowledge to answer than just some AutoIt programming experience. I'm not trying to be an arse, I'm just trying to head off questions before they arise. I will attempt to locate some tutorials to aid inexperienced users. For those who might like to beat me to it, look into Ollydbg (a debugger), or something like T-Search or Cheat Engine (not as good as a debugger, but easier to learn).

Basically the majority of people who will find these functions useful will be the cough* hackers cough* who like to script game bots and cheats. There are other uses for these, but that would be the main reason for using them. I prefer to read from memory as opposed to doing pixel scans (when possible) for games because it's faster, 100% accurate, uses less script space, and very little cpu load (providing you located the correct memory addresses for what you're trying to achieve :D ).

Nomad :D


Share this post


Link to post
Share on other sites

Basically the majority of people who will find these functions useful will be the cough* hackers cough* who like to script game bots and cheats. There are other uses for these, but that would be the main reason for using them. I prefer to read from memory as opposed to doing pixel scans (when possible) for games because it's faster, 100% accurate, uses less script space, and very little cpu load (providing you located the correct memory addresses for what you're trying to achieve :wacko: ).

I stand accused. :">

I can see how this would be much more reliable than a point you choose that you hope is the "right" spot for what you are trying to achieve. Right now, I'm using a function that works off of an educated guess at the total pixels horizontally of an hp bar. While it has been adequate so far, I tend to lean toward being a perfectionist and this pixel count just doesn't give me that warm fuzzy feeling. I like the idea of using memory reading to get it as exact as possible, especially since I think the graphics probably update slower than the addresses, so I could get a faster reaction time.

I am having some troubles reading the addresses I've found, but I'll keep slogging away and see if I can come up the results I expect. Like I said before, this memory stuff is all pretty new to me, but once I get the hang of it, there'll be no stopping me. :D

Share this post


Link to post
Share on other sites

Ok, I've updated the functions and provided some more examples. Sorry it took so long, I've had a lot going on with the holiday and haven't had the time to mess with this. There didn't seem to be an easy fix for the 'char' format, so I made it clear that users should add 1 to the size of the 'char' type that they want to read/write.

Nomad :D


Share this post


Link to post
Share on other sites

Smexy ^^, I mean, Funkeh, Ive a question though, If youve used cheatengine, you know how there are pointers? how would I be able to do something similiar with the mem functions? I know, erm, very basic olly xD, and im about medium at CE, but not good with the ASM.


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Smexy ^^, I mean, Funkeh, Ive a question though, If youve used cheatengine, you know how there are pointers? how would I be able to do something similiar with the mem functions? I know, erm, very basic olly xD, and im about medium at CE, but not good with the ASM.

Here is the structure I use for pointers:
;Include my _Memory() functions
#include <Memory.au3>

;Get the process ID
Global $ProcessID = WinGetProcess("window_name");or however you want to get it

_ReadUsingPointers ()

Func _ReadUsingPointers ()
 
 ;define local variables
 Local $Data, $Pointer_1, $Pointer_2, $Pointer_3
 Local $StaticAddress = 0x6FBCBB60 ;input static address in hex
 Local $Offset1 = 56 ;enter offsets in decimal, not hex
 Local $Offset2 = 200
 Local $Offset3 = 40
 
 ;Open the process
 Local $DllHandle = _MemoryOpen($ProcessID)
 
 ;Read the process
 $Data = _MemoryRead($StaticAddress, $DllHandle)
 
 ;data returned is in decimal and must be combined
 ;with the offset for the next _MemoryRead().
 $Pointer_1 = '0x' & hex($Data + $Offset1)
 
 $Data = _MemoryRead($Pointer_1, $DllHandle)
 
 ;repeat
 $Pointer_2 = '0x' & hex($Data + $Offset2)
 
 $Data = _MemoryRead($Pointer_2, $DllHandle)
 
 ;repeat...
 $Pointer_3 = '0x' & hex($Data + $Offset3)
 
 $Data = _MemoryRead($Pointer_3, $DllHandle)
 ;continue repeating until you get to the desired data
 
 ;can use either way
 ;MsgBox(4096, "Data Read", $Data)
 MsgBox(4096, "Data Read", _MemoryRead($Pointer_3, $DllHandle))
 
 ;Close the process
 _MemoryClose($DllHandle)

EndFunc

I hope this helps,

Nomad :D

Edited by Nomad

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Also, here is a potential new function. This would probably return the value faster since you wouldn't have to keep calling the _MemoryRead() function. If you get the above example working, try this:

_MemoryPointerRead() removed, see the first post

I got to thinking and decided this might be a good function to include with the rest, since a lot of game related scripts will need to read a series of pointers to get to the desired data. I haven't tested it, but it should work.

Nomad :D

Edited by Nomad

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Thanks, One question, call me stupid but, how would you use the _MemoryWrite with the pointers? Would it be something liek:

_MemoryWrite(_MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset), $ah_Handle, $v_Data)

Something liek that would work? Or am I just crazy xD

And Another edit::

Since Im here, I may aswell ask.. In cheatengine, Ive got my address's, but they cant find a pointer, how would I get around this? Is it possible to, Liek, "make" a pointer?

I think I asked this in the CE forum, but no success, due to lack of help.

Edited by AzKay

# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

Thanks, One question, call me stupid but, how would you use the _MemoryWrite with the pointers? Would it be something liek:

_MemoryWrite(_MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset), $ah_Handle, $v_Data)

Something liek that would work? Or am I just crazy xD

You cannot call a function as a parameter, so writing memory isn't going to work like that. _MemoryPointerRead does exactly that, reads. In order to write you would need to create a _MemoryPointerWrite function. I'll probably make one like that too, but i'm off for a while.

Since Im here, I may aswell ask.. In cheatengine, Ive got my address's, but they cant find a pointer, how would I get around this? Is it possible to, Liek, "make" a pointer?

I think I asked this in the CE forum, but no success, due to lack of help.

I suggest thoroughly searching the cheat engine forums.

Have a nice 4th,

Nomad :D


Share this post


Link to post
Share on other sites

Thanks, Ill do just that ^^, And once again, keep up the good work ^^


# MY LOVE FOR YOU... IS LIKE A TRUCK- #

Share this post


Link to post
Share on other sites

smaal question to your

"OpenProcess" :

in my programm its shown as this:

[DllImport("kernel32.dll")]

static extern int OpenProcess (

int dwDesiredAccess,

int bInheritHandle,

int dwProcessId);

but whereare you using the desired access =


My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity

Share this post


Link to post
Share on other sites

I have adapted these new memory functions in order to create a memory editor in AutoIt. Can anyone test this out with the Diablo II cheats to see if this works?

CODE
#include <GUIConstants.au3>

$gui = GUICreate("AutoIt Memory Editor", 360, 280)

Global $combo = GUICtrlCreateCombo("", 10, 10, 230, 20)

_RefreshList()

$open = GUICtrlCreateButton("Open", 250, 10, 45, 20)

$refresh = GUICtrlCreateButton("Refresh", 305, 10, 45, 20)

GUICtrlCreateGroup("Read", 5, 40, 350, 118)

GUICtrlCreateLabel("Data Type", 10, 58, 60, 15)

$rtype = GUICtrlCreateCombo("byte", 70, 55, 100, 20)

GUICtrlSetData(-1, "ubyte|char|short|ushort|int|uint|dword|udword|ptr|float|double|int64|uint64")

GUICtrlCreateLabel("Address", 10, 88, 60, 15)

$raddress = GUICtrlCreateInput("0x00000000", 70, 85, 100, 20)

$read = GUICtrlCreateButton("Read", 15, 120, 70, 20)

$rclose = GUICtrlCreateButton("Close", 95, 120, 70, 20)

$rdata = GUICtrlCreateEdit("", 180, 55, 170, 95)

GUICtrlCreateGroup("Write", 5, 158, 350, 117)

GUICtrlCreateLabel("Data Type", 10, 176, 60, 15)

$wtype = GUICtrlCreateCombo("byte", 70, 173, 100, 20)

GUICtrlSetData(-1, "ubyte|char|short|ushort|int|uint|dword|udword|ptr|float|double|int64|uint64")

GUICtrlCreateLabel("Address", 10, 206, 60, 15)

$waddress = GUICtrlCreateInput("0x00000000", 70, 203, 100, 20)

$write = GUICtrlCreateButton("Write", 15, 238, 70, 20)

$wclose = GUICtrlCreateButton("Close", 95, 238, 70, 20)

$wdata = GUICtrlCreateEdit("", 180, 173, 170, 95)

GUICtrlSetState($combo, $GUI_FOCUS)

_Disable()

GUISetState()

$proc = 0

$mem = 0

While 1

$msg = GUIGetMsg()

Switch $msg

Case $GUI_EVENT_CLOSE

Exit

Case $combo

$proc = ProcessExists(GUICtrlRead($combo))

Case $refresh

_RefreshList()

Case $open

$mem = _MemOpen($proc)

If @error or $mem = 0 or $proc = 0 Then

mError("Can't open process memory!")

Else

_Enable()

EndIf

Case $read

_SizeOf(GUICtrlRead($rtype))

If @error Then

mError("Wrong data type!")

Else

GUICtrlSetData($rdata, _MemRead($mem, GUICtrlRead($raddress), GUICtrlRead($rtype)))

EndIf

Case $rclose, $wclose

_MemClose($mem)

_Disable()

Case $write

_SizeOf(GUICtrlRead($wtype))

If @error Then

mError("Wrong data type!")

Else

_MemWrite($mem, GUICtrlRead($waddress), GUICtrlRead($wdata), GUICtrlRead($wtype))

EndIf

EndSwitch

Sleep(0)

WEnd

Func mError($sText, $iFatal = 0, $sTitle = "Error", $iOpt = 0)

Local $ret = MsgBox(48 + 4096 + 262144 + $iOpt, $sTitle, $sText)

If $iFatal Then Exit

Return $ret

EndFunc

Func _RefreshList()

Local $ps = ProcessList(), $list = ""

For $i = 1 to $ps[0][0]

$list &= "|" & $ps[$i][0]

Next

GUICtrlSetData($combo, $list)

GUISetState()

EndFunc

Func _Disable()

GUICtrlSetState($rtype, $GUI_DISABLE)

GUICtrlSetState($raddress, $GUI_DISABLE)

GUICtrlSetState($read, $GUI_DISABLE)

GUICtrlSetState($rclose, $GUI_DISABLE)

GUICtrlSetState($rdata, $GUI_DISABLE)

GUICtrlSetState($wtype, $GUI_DISABLE)

GUICtrlSetState($waddress, $GUI_DISABLE)

GUICtrlSetState($write, $GUI_DISABLE)

GUICtrlSetState($wclose, $GUI_DISABLE)

GUICtrlSetState($wdata, $GUI_DISABLE)

GUISetState()

EndFunc

Func _Enable()

GUICtrlSetState($rtype, $GUI_ENABLE)

GUICtrlSetState($raddress, $GUI_ENABLE)

GUICtrlSetState($read, $GUI_ENABLE)

GUICtrlSetState($rclose, $GUI_ENABLE)

GUICtrlSetState($rdata, $GUI_ENABLE)

GUICtrlSetState($wtype, $GUI_ENABLE)

GUICtrlSetState($waddress, $GUI_ENABLE)

GUICtrlSetState($write, $GUI_ENABLE)

GUICtrlSetState($wclose, $GUI_ENABLE)

GUICtrlSetState($wdata, $GUI_ENABLE)

GUISetState()

EndFunc

Func _MemOpen( $i_Pid, $i_Access = 0x1F0FFF, $i_Inherit = 0 )

Local $av_Return[2] = [DllOpen('kernel32.dll')]

Local $ai_Handle = DllCall($av_Return[0], 'int', 'OpenProcess', 'int', $i_Access, 'int', $i_Inherit, 'int', $i_Pid)

If @error Then

DllClose($av_Return[0])

SetError(1)

Return 0

EndIf

$av_Return[1] = $ai_Handle[0]

Return $av_Return

EndFunc

Func _MemRead( $ah_Mem, $i_Address, $s_Type = 'dword' )

If not IsArray($ah_Mem) Then

SetError(1)

Return ''

EndIf

Local $v_Struct = DllStructCreate($s_Type)

DllCall($ah_Mem[0], 'int', 'ReadProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', DllStructGetSize($v_Struct), 'int', '')

If @error Then

SetError(1)

Return ''

EndIf

Return DllStructGetData($v_Struct, 1, 1)

EndFunc

Func _MemWrite( $ah_Mem, $i_Address, $v_Data, $s_Type = 'dword' )

If not IsArray($ah_Mem) Then

SetError(1)

Return 0

EndIf

Local $v_Struct = DllStructCreate($s_Type)

DllStructSetData($v_Struct, 1, $v_Data, 1)

DllCall($ah_Mem[0], 'int', 'WriteProcessMemory', 'int', $ah_Mem[1], 'int', $i_Address, 'ptr', DllStructGetPtr($v_Struct), 'int', DllStructGetSize($v_Struct), 'int', '')

If not @error Then

Return 1

Else

SetError(1)

Return 0

EndIf

EndFunc

Func _MemClose( $ah_Mem )

If not IsArray($ah_Mem) Then

SetError(1)

Return 0

EndIf

DllCall($ah_Mem[0], 'int', 'CloseHandle', 'int', $ah_Mem[1])

If not @error Then

DllClose($ah_Mem[0])

Return 1

Else

DllClose($ah_Mem[0])

SetError(1)

Return 0

EndIf

EndFunc

Func _SizeOf( $s_Type )

Local $v_Struct = DllStructCreate($s_Type), $i_Size = DllStructGetSize($v_Struct)

$v_Struct = 0

Return $i_Size

EndFunc

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

@erifash: Attach the source.

smaal question to your

"OpenProcess" :

in my programm its shown as this:

[DllImport("kernel32.dll")]

static extern int OpenProcess (

int dwDesiredAccess,

int bInheritHandle,

int dwProcessId);

but whereare you using the desired access =

Thanks for directing my attention to that. I was using InheritHandle as the DesiredAccess, and had InheritHandle set to 0 (FALSE). I didn't pay much attention to the OpenProcess function while modifying the old functions since it always worked. But now I see there was an error waiting to happen there. This is one reason I posted these. So that everyone can try them out in their own way and report any errors. :wacko:

I have corrected the function in the first post, so now everything should be perfect.

Nomad :D

Edited by Nomad

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0