Jump to content

Reading Memory?


Zephir
 Share

Recommended Posts

Hello fellows,

I have done memory reading and editing before (using NomadMemory.au3 which i cannot find on the forums any more).

Now the current Memory.au3 include file has the following UDF:

; #INTERNAL_USE_ONLY#============================================================================================================
; Name...........: _MemRead
; Description ...: Transfer memory from external address space to internal address space
; Syntax.........: _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize)
; Parameters ....: $tMemMap     - tagMEMMAP structure
;                  $pSrce       - Pointer to external memory
;                  $pDest       - Pointer to internal memory
;                  $iSize       - Size in bytes of memory to read
; Return values .: Success      - True
;                  Failure      - False
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......: This function is used internally by Auto3Lib and should not normally be called
; Related .......: _MemWrite
; Link ..........;
; Example .......;
; ===============================================================================================================================
Func _MemRead(ByRef $tMemMap, $pSrce, $pDest, $iSize)
    Local $iRead

    Return _WinAPI_ReadProcessMemory(DllStructGetData($tMemMap, "hProc"), $pSrce, $pDest, $iSize, $iRead)
EndFunc   ;==>_MemRead

Now I do not get what the parameters (except $iSize) mean and how I get them. Besides, why does it say in remarks:

This function is used internally by Auto3Lib and should not normally be called

Thank you for help :D
Link to comment
Share on other sites

yes that is what i thought... i just cannot find any of those calling functions that i am supposed to use... cannot find NomadMemory either.

Found: http://www.autoitscript.com/forum/index.ph...mp;#entry201269 (by Nomad)

But it does not contain the SetPrivilige Func any more (it used to). It is critical though since AutoIt is not granted the needed rights to read memory...

Link to comment
Share on other sites

back to the Memory.au3 Include. The MemRead() uses _WinAPI_ReadProcessMemory() which is this:

; #FUNCTION# ====================================================================================================================
; Name...........: _WinAPI_ReadProcessMemory
; Description ...: Reads memory in a specified process
; Syntax.........: _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)
; Parameters ....: $hProcess     - Identifies an open handle of a process whose memory is read
;                  $pBaseAddress - Points to the base address in the specified process to be read
;                  $pBuffer      - Points to a buffer that receives the contents from the address space
;                  $iSize        - Specifies the requested number of bytes to read from the specified process
;                  $iRead        - The actual number of bytes transferred into the specified buffer
; Return values .: Success       - True
;                  Failure       - False
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......:
; Related .......: _WinAPI_WriteProcessMemory
; Link ..........; @@MsdnLink@@ ReadProcessMemory
; Example .......;
; ===============================================================================================================================
Func _WinAPI_ReadProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iRead)
    Local $pRead, $tRead, $aResult

    $tRead = DllStructCreate("int Read")
    $pRead = DllStructGetPtr($tRead)
    $aResult = DllCall("Kernel32.dll", "int", "ReadProcessMemory", "int", $hProcess, "int", $pBaseAddress, "ptr", $pBuffer, "int", $iSize, "ptr", $pRead)
    _WinAPI_Check("_WinAPI_ReadProcessMemory", ($aResult[0] = 0), 0, True)
    $iRead = DllStructGetData($tRead, "Read")
    Return $aResult[0]
EndFunc   ;==>_WinAPI_ReadProcessMemory

what does $pBuffer buffer do here?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...