Sign in to follow this  
Followers 0
Zephir

Reading Memory?

6 posts in this topic

Hello fellows,

I have done memory reading and editing before (using NomadMemory.au3 which i cannot find on the forums any more).

Now the current Memory.au3 include file has the following UDF:

; #INTERNAL_USE_ONLY#============================================================================================================
; Name...........: _MemRead
; Description ...: Transfer memory from external address space to internal address space
; Syntax.........: _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize)
; Parameters ....: $tMemMap     - tagMEMMAP structure
;                  $pSrce       - Pointer to external memory
;                  $pDest       - Pointer to internal memory
;                  $iSize       - Size in bytes of memory to read
; Return values .: Success      - True
;                  Failure      - False
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......: This function is used internally by Auto3Lib and should not normally be called
; Related .......: _MemWrite
; Link ..........;
; Example .......;
; ===============================================================================================================================
Func _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize)
    Local $iRead

    Return _WinAPI_ReadProcessMemory(DllStructGetData($tMemMap, "hProc"), $pSrce, $pDest, $iSize, $iRead)
EndFunc   ;==>_MemRead

Now I do not get what the parameters (except $iSize) mean and how I get them. Besides, why does it say in remarks:

This function is used internally by Auto3Lib and should not normally be called

Thank you for help :D

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Judging by what it says, I would assume you shouldn't be using it.

Also, I'm fairly sure NomadMemory is still in use. I know it was in December.

Edited by Nevin

Share this post


Link to post
Share on other sites

That quote means that you aren't supposed to be calling it yourself.

There are functions that call this. Use those functions.

Share this post


Link to post
Share on other sites

yes that is what i thought... i just cannot find any of those calling functions that i am supposed to use... cannot find NomadMemory either.

Found: http://www.autoitscript.com/forum/index.ph...mp;#entry201269 (by Nomad)

But it does not contain the SetPrivilige Func any more (it used to). It is critical though since AutoIt is not granted the needed rights to read memory...

Share this post


Link to post
Share on other sites

back to the Memory.au3 Include. The MemRead() uses _WinAPI_ReadProcessMemory() which is this:

; #FUNCTION# ====================================================================================================================
; Name...........: _WinAPI_ReadProcessMemory
; Description ...: Reads memory in a specified process
; Syntax.........: _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)
; Parameters ....: $hProcess     - Identifies an open handle of a process whose memory is read
;                  $pBaseAddress - Points to the base address in the specified process to be read
;                  $pBuffer      - Points to a buffer that receives the contents from the address space
;                  $iSize        - Specifies the requested number of bytes to read from the specified process
;                  $iRead        - The actual number of bytes transferred into the specified buffer
; Return values .: Success       - True
;                  Failure       - False
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......:
; Related .......: _WinAPI_WriteProcessMemory
; Link ..........; @@MsdnLink@@ ReadProcessMemory
; Example .......;
; ===============================================================================================================================
Func _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)
    Local $pRead, $tRead, $aResult

    $tRead = DllStructCreate("int Read")
    $pRead = DllStructGetPtr($tRead)
    $aResult = DllCall("Kernel32.dll", "int", "ReadProcessMemory", "int", $hProcess, "int", $pBaseAddress, "ptr", $pBuffer, "int", $iSize, "ptr", $pRead)
    _WinAPI_Check("_WinAPI_ReadProcessMemory", ($aResult[0] = 0), 0, True)
    $iRead = DllStructGetData($tRead, "Read")
    Return $aResult[0]
EndFunc   ;==>_WinAPI_ReadProcessMemory

what does $pBuffer buffer do here?

Share this post


Link to post
Share on other sites

oh well. I found NomadMemory (the old version) on another site and am using it now. it works.

DONE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0