Sign in to follow this  
Followers 0
slaughter

Search In Java app Memory

1 post in this topic

#1 ·  Posted (edited)

Last few days im working with function grum caled _mem

Problem witch i found first

using

$Address = '0x' & hex($Address + 1)

formula search dosent go over all memory it repaets it self all aruond.

0x02DD1744

0x02DF1944

0x02D21634

Dosent go over all mem from 0x00000000 to 0xFFFFFFFF

----------------------------------------------------------------------------

I made my program work when im search in smal memory size. But when i nead to go trough ~200mb its problem....

Idea of my program. I have JAVA app witch has number witch I nead get out of it. That number allways is changing and a place in memory is not stable, because i think java uses Dynamic memory not Static.

[This script search in big memory of java trading software. nead to make working]

;This is just a structural example it will not function

;unless the correct information is entered.

#include <Memory.au3>

#include <string.au3>

;get the process ID

$ProcessID = WinGetProcess("MarketMaker - Live Trading Room")

;set the static address

$find = _HexToString("03B02210")

$find_first = _HexToString("03")

$Address = 0x02DD1744

GUICreate ( "Search" , 300 , 600 , 10, 10 , 0x00C00000 )

GUISetState ()

WinSetOnTop("Search", "", 1)

$Edit_1 = GUICtrlCreateEdit("", 10, 10, 280, 580)

;open the process

$ProcessInformation = _MemoryOpen($ProcessID)

while 1

$Address = '0x' & hex($Address + 1)

;read the memory

$Number = _MemoryRead($Address, $ProcessInformation)

$Text = _MemoryRead($Address, $ProcessInformation, 'char[2]')

$location = StringInStr($Text, $find_first)

If $location > "0" Then

$Text = _MemoryRead($Address, $ProcessInformation, 'char[6]')

$location = StringInStr($Text, $find)

If $location > "0" Then

$Address = '0x' & hex($Address + 5)

$Text = _MemoryRead($Address, $ProcessInformation, 'char[24]')

if $text <> "" then

$oldtxt = GUICtrlRead($Edit_1)

GUICtrlSetData($Edit_1, "Data:[ " & $Text & " ] Address: [ " & $Address & " ]" &@CRLF & $oldtxt)

endif

endif

endif

wend

_MemoryClose($ProcessInformation)

while 1

wend

[end]

I made smal testing script it works.

Test APP in witch i will search

$hex is a smal memory bit witch is in big memory code and witch i whant to get found and read it. Actualy i nead to read 12 number string but nubmer is changing, but before numbers is stable hex code so i what to find that stable hex code and then read my numbers.

[start]

#include <string.au3>

GUICreate ( "MM Mem sc" , 300 , 50 , 100, 400 , 0x00C00000 )

GUISetState ()

$hex = "000000009B31E2028003B02210000000"

$value = _HexToString($Hex)

$num = 1265.2

$num2 = 66.4

while 1

$num = $num + 0.2

$num2 = $num2 + 0.2

GUICtrlCreateLabel ($Value & $num &"/"& $num2, 10, 10)

sleep (10000)

wend

[end]

[start]

;This is just a structural example it will not function

;unless the correct information is entered.

#include <Memory.au3>

#include <string.au3>

;get the process ID

$ProcessID = WinGetProcess("MM Mem sc")

;set the static address

$find = _HexToString("03B02210")

$find_first = _HexToString("03")

$Address = 0x00A20EA9

$pos = 10

GUICreate ( "Search" , 300 , 600 , 10, 10 , 0x00C00000 )

GUISetState ()

WinSetOnTop("Search", "", 1)

$Edit_1 = GUICtrlCreateEdit("", 10, 10, 280, 580)

;open the process

$ProcessInformation = _MemoryOpen($ProcessID)

$found = 1

while 1

$Address = '0x' & hex($Address + 1)

;read the memory

$Number = _MemoryRead($Address, $ProcessInformation)

$Text = _MemoryRead($Address, $ProcessInformation, 'char[2]')

$location = StringInStr($Text, $find_first)

If $location > "0" Then

$Text = _MemoryRead($Address, $ProcessInformation, 'char[6]')

$location = StringInStr($Text, $find)

If $location > "0" Then

$Address = '0x' & hex($Address + 5)

$Text = _MemoryRead($Address, $ProcessInformation, 'char[12]')

if $text <> "" then

$found = $found + 1

IF $found > 2 then

$oldtxt = GUICtrlRead($Edit_1)

GUICtrlSetData($Edit_1,"Data:[ " & $Text & " ] Address: [ " & $Address & " ]" &@CRLF & $oldtxt)

$found = 1

$Address = 0x00A20EA9

endif

endif

$pos = $pos + 13

endif

endif

wend

_MemoryClose($ProcessInformation)

while 1

wend

[End]

Edited by slaughter

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0