Zephir Posted January 27, 2008 Posted January 27, 2008 Hello fellows, I have done memory reading and editing before (using NomadMemory.au3 which i cannot find on the forums any more). Now the current Memory.au3 include file has the following UDF: ; #INTERNAL_USE_ONLY#============================================================================================================ ; Name...........: _MemRead ; Description ...: Transfer memory from external address space to internal address space ; Syntax.........: _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize) ; Parameters ....: $tMemMap - tagMEMMAP structure ; $pSrce - Pointer to external memory ; $pDest - Pointer to internal memory ; $iSize - Size in bytes of memory to read ; Return values .: Success - True ; Failure - False ; Author ........: Paul Campbell (PaulIA) ; Modified.......: ; Remarks .......: This function is used internally by Auto3Lib and should not normally be called ; Related .......: _MemWrite ; Link ..........; ; Example .......; ; =============================================================================================================================== Func _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize) Local $iRead Return _WinAPI_ReadProcessMemory(DllStructGetData($tMemMap, "hProc"), $pSrce, $pDest, $iSize, $iRead) EndFunc ;==>_MemRead Now I do not get what the parameters (except $iSize) mean and how I get them. Besides, why does it say in remarks: This function is used internally by Auto3Lib and should not normally be called Thank you for help
Nevin Posted January 27, 2008 Posted January 27, 2008 (edited) Judging by what it says, I would assume you shouldn't be using it. Also, I'm fairly sure NomadMemory is still in use. I know it was in December. Edited January 27, 2008 by Nevin
Richard Robertson Posted January 27, 2008 Posted January 27, 2008 That quote means that you aren't supposed to be calling it yourself. There are functions that call this. Use those functions.
Zephir Posted January 27, 2008 Author Posted January 27, 2008 yes that is what i thought... i just cannot find any of those calling functions that i am supposed to use... cannot find NomadMemory either.Found: http://www.autoitscript.com/forum/index.ph...mp;#entry201269 (by Nomad)But it does not contain the SetPrivilige Func any more (it used to). It is critical though since AutoIt is not granted the needed rights to read memory...
Zephir Posted January 27, 2008 Author Posted January 27, 2008 back to the Memory.au3 Include. The MemRead() uses _WinAPI_ReadProcessMemory() which is this: ; #FUNCTION# ==================================================================================================================== ; Name...........: _WinAPI_ReadProcessMemory ; Description ...: Reads memory in a specified process ; Syntax.........: _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead) ; Parameters ....: $hProcess - Identifies an open handle of a process whose memory is read ; $pBaseAddress - Points to the base address in the specified process to be read ; $pBuffer - Points to a buffer that receives the contents from the address space ; $iSize - Specifies the requested number of bytes to read from the specified process ; $iRead - The actual number of bytes transferred into the specified buffer ; Return values .: Success - True ; Failure - False ; Author ........: Paul Campbell (PaulIA) ; Modified.......: ; Remarks .......: ; Related .......: _WinAPI_WriteProcessMemory ; Link ..........; @@MsdnLink@@ ReadProcessMemory ; Example .......; ; =============================================================================================================================== Func _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead) Local $pRead, $tRead, $aResult $tRead = DllStructCreate("int Read") $pRead = DllStructGetPtr($tRead) $aResult = DllCall("Kernel32.dll", "int", "ReadProcessMemory", "int", $hProcess, "int", $pBaseAddress, "ptr", $pBuffer, "int", $iSize, "ptr", $pRead) _WinAPI_Check("_WinAPI_ReadProcessMemory", ($aResult[0] = 0), 0, True) $iRead = DllStructGetData($tRead, "Read") Return $aResult[0] EndFunc ;==>_WinAPI_ReadProcessMemory what does $pBuffer buffer do here?
Zephir Posted January 27, 2008 Author Posted January 27, 2008 oh well. I found NomadMemory (the old version) on another site and am using it now. it works. DONE
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now