Jump to content
Sign in to follow this  
LinuZ

_WinAPI : OpenProcess & WriteProcessMemory

Recommended Posts

LinuZ

#Include <WinAPI.au3>

DllOpen("kernel32.dll")

Const $PROCESS_ALL_ACCESS = 0xFFFF

Global $return

$process = ProcessExists("war3.exe")

$war3 = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 1, $process)

_WinAPI_WriteProcessMemory($war3, 0x6f3a04ab, 0x9090, 2, $return)

This is the code. What is should do is:

1. Open the specified process (in this case Warcraft III process)

2. Write some bytes

3. Exit

What I do get is:

Posted Image

or this:

Posted Image

Anyone that has experienced this problem before?

The thing is: I guess Warcraft III has protected its memory somehow :/

Any syntax/practical errors I've made? Any way to get more access?

Thanks for taking your time!

Edited by LinuZ

Share this post


Link to post
Share on other sites
killerofsix

try adding #RequireAdmin


"The quieter you are, the more you are able to hear..."

My AppsUSB Finder

Share this post


Link to post
Share on other sites
LinuZ

try adding #RequireAdmin

Ehh, I am using XP...

But however, thanks for trying!

Share this post


Link to post
Share on other sites
LinuZ

try using Nomads memory functions. there are a lot more topics regarding his memory functions then the winapi one's

Here's the topic: http://www.autoitscript.com/forum/index.php?showtopic=28351

Oh thanks m8! That helped ;)

Will look into them, and reply if I need further help or if I can't get that to work either! :D

Thanks again!

Share this post


Link to post
Share on other sites
LinuZ

#include "Memory.au3"
Opt("WinTitleMatchMode", 4)
$DecimalWrite = 9090
$PID = WinGetProcess("ClassName=Warcraft III", "")
If $PID = -1 Then
    MsgBox(4096, "ERROR", "Failed to detect process.")
    Exit
EndIf
$open = _MemoryOpen($PID)
_MemoryWrite(0x6f3a04ab, $open, $DecimalWrite)
_MemoryClose($open)

This is what I tried this time. Not working at all ;)

Any more ideas?

Share this post


Link to post
Share on other sites
oMBRa

change $PID = WinGetProcess("ClassName=Warcraft III", "") with $PID = WinGetProcess("Warcraft III", "")

Share this post


Link to post
Share on other sites
killerofsix
#include "Memory.au3"
Opt("WinTitleMatchMode", 4)
$DecimalWrite = 9090
$PID = WinGetProcess("ClassName=Warcraft III", "")
If $PID = -1 Then
    MsgBox(4096, "ERROR", "Failed to detect process.")
    Exit
EndIf
$open = _MemoryOpen($PID)
_MemoryWrite(0x6f3a04ab, $open, $DecimalWrite)
_MemoryClose($open)oÝ÷ Ù8b²+0«H¶¸vØb²Ø¦xÚ-Âäxµ©e|¦¢·¢uæ¬þ«¨µå,y'­>¸¯W y§]Ûhʫ騯&®Ý«­¢+Øìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô(ìչѥ½¸è$$%MÑAÉ¥Ù¥± ÀÌØíÁÉ¥Ù¥±°ÀÌØí¹±¤(ìÍÉ¥ÁÑ¥½¸è$%¹±Ì¡½È¥Í±Ì¤Ñ¡ÀÌØíÁÉ¥Ù¥±½¸Ñ¡ÕÉɹÐÁɽÍÌ(ì¡Aɽ±ä¤ÉÅÕ¥É̵¥¹¥ÍÑÉѽÈÁÉ¥Ù¥±ÌѼÉÕ¸(ì(ìÕÑ¡½È¡Ì¤è$%1ÉÉä¡É½´Õѽ¥ÑÍÉ¥Áй½´Ìäí̽ÉÕ´¤(ì9½Ñ̡̤è(ì¡ÑÑÀè¼½ÝÝܹÕѽ¥ÑÍÉ¥Áй½´½½ÉÕ´½¥¹à¹Á¡ÀýÌôµÀíÍ¡½ÝѽÁ¥ôÌÄÈÐàµÀíÙ¥Üõ¥¹Á½ÍеÀíÀôÈÈÌäää(ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô()Õ¹MÑAÉ¥Ù¥± ÀÌØíÁÉ¥Ù¥±°ÀÌØí¹±¤(
½¹ÍÐÀÌØí5e}Q=-9})UMQ}AI%Y%1LôÁàÀÀÈÀ(
½¹ÍÐÀÌØí5e}Q=-9}EUIdôÁàÀÀÀà(
½¹ÍÐÀÌØí5e}M}AI%Y%1}9   1ôÁàÀÀÀÈ(1½°ÀÌØí¡Q½­¸°ÀÌØíMA}ÕáÉаÀÌØíMA}ÉаÀÌØí¡
ÕÉÉAɽÍÌ°ÀÌØí¹Q½­¹Ì°ÀÌØí¹Q½­¹%¹à°ÀÌØíÁÉ¥Ø(ÀÌØí¹Q½­¹ÌôÄ(ÀÌØí1U%ô11MÑÉÕÑ
ÉÑ ÅÕ½ÐíݽÉí¥¹ÐÅÕ½Ðì¤(%%ÍÉÉä ÀÌØíÁÉ¥Ù¥±¤Q¡¸ÀÌØí¹Q½­¹ÌôU  ½Õ¹ ÀÌØíÁÉ¥Ù¥±¤(ÀÌØíQ=-9}AI%Y%1Lô11MÑÉÕÑ
ÉÑ ÅÕ½ÐíݽÉíݽÉlÅÕ½ÐìµÀì ̨ÀÌØí¹Q½­¹Ì¤µÀìÅÕ½ÐítÅÕ½Ðì¤(ÀÌØí9]Q=-9}AI%Y%1Lô11MÑÉÕÑ
ÉÑ ÅÕ½ÐíݽÉíݽÉlÅÕ½ÐìµÀì ̨ÀÌØí¹Q½­¹Ì¤µÀìÅÕ½ÐítÅÕ½Ðì¤(ÀÌØí¡
ÕÉÉAɽÍÌô11
±° ÅÕ½Ðí­É¹°Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¡Ý¹ÅÕ½Ðì°ÅÕ½ÐíÑ
ÕÉɹÑAɽÍÌÅÕ½Ðì¤(ÀÌØíMA}ÕáÉÐô11
±° ÅÕ½ÐíÙÁ¤Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°ÅÕ½Ðí=Á¹AɽÍÍQ½­¸ÅÕ½Ðì°ÅÕ½Ðí¡Ý¹ÅÕ½Ðì°ÀÌØí¡
ÕÉÉAɽÍÍlÁt°|(ÅÕ½Ðí¥¹ÐÅÕ½Ðì± ¥Ñ=H ÀÌØí5e}Q=-9})UMQ}AI%Y%1L°ÀÌØí5e}Q=-9}EUId¤°ÅÕ½Ðí¥¹Ð¨ÅÕ½Ðì°À¤(%ÀÌØíMA}ÕáÉÑlÁtQ¡¸(ÀÌØí¡Q½­¸ôÀÌØíMA}ÕáÉÑlÍt(11MÑÉÕÑMÑÑ ÀÌØíQ=-9}AI%Y%1L°Ä°Ä¤(ÀÌØí¹Q½­¹%¹àôÄ(]¡¥±ÀÌØí¹Q½­¹%¹à±ÐìôÀÌØí¹Q½­¹Ì(%%ÍÉÉä ÀÌØíÁÉ¥Ù¥±¤Q¡¸(ÀÌØíÁÉ¥ØôÀÌØíÁÉ¥Ù¥±lÀÌØí¹Q½­¹%¹à´Åt(±Í(ÀÌØíÁÉ¥ØôÀÌØíÁÉ¥Ù¥±(¹%(ÀÌØíÉÐô11
±° ÅÕ½ÐíÙÁ¤Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°ÅÕ½Ðí1½½­ÕÁAÉ¥Ù¥±Y±ÕÅÕ½Ðì°ÅÕ½ÐíÍÑÈÅÕ½Ðì°ÅÕ½ÐìÅÕ½Ðì°ÅÕ½ÐíÍÑÈÅÕ½Ðì°ÀÌØíÁɥذ|(ÅÕ½ÐíÁÑÈÅÕ½Ðì±11MÑÉÕÑÑAÑÈ ÀÌØí1U%¤¤(%ÀÌØíÉÑlÁtQ¡¸(%ÀÌØí¹±Q¡¸(11MÑÉÕÑMÑÑ ÀÌØíQ=-9}AI%Y%1L°È°ÀÌØí5e}M}AI%Y%1}9 1° ̨ÀÌØí¹Q½­¹%¹à¤¤(±Í(11MÑÉÕÑMÑÑ ÀÌØíQ=-9}AI%Y%1L°È°À° ̨ÀÌØí¹Q½­¹%¹à¤¤(¹%(11MÑÉÕÑMÑÑ ÀÌØíQ=-9}AI%Y%1L°È±±±MÑÉÕÑÑÑ ÀÌØí1U%°Ä¤° ̨ ÀÌØí¹Q½­¹%¹à´Ä¤¤¬Ä¤(11MÑÉÕÑMÑÑ ÀÌØíQ=-9}AI%Y%1L°È±±±MÑÉÕÑÑÑ ÀÌØí1U%°È¤° ̨ ÀÌØí¹Q½­¹%¹à´Ä¤¤¬È¤(11MÑÉÕÑMÑÑ ÀÌØí1U%°Ä°À¤(11MÑÉÕÑMÑÑ ÀÌØí1U%°È°À¤(¹%(ÀÌØí¹Q½­¹%¹à¬ôÄ(]¹(ÀÌØíÉÐô11
±° ÅÕ½ÐíÙÁ¤Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°ÅÕ½Ðí©ÕÍÑQ½­¹AÉ¥Ù¥±ÌÅÕ½Ðì°ÅÕ½Ðí¡Ý¹ÅÕ½Ðì°ÀÌØí¡Q½­¸°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°À°|(ÅÕ½ÐíÁÑÈÅÕ½Ðì±±±MÑÉÕÑÑAÑÈ ÀÌØíQ=-9}AI%Y%1L¤°ÅÕ½Ðí¥¹ÐÅÕ½Ðì±±±MÑÉÕÑÑM¥é ÀÌØí9]Q=-9}AI%Y%1L¤°|(ÅÕ½ÐíÁÑÈÅÕ½Ðì±±±MÑÉÕÑÑAÑÈ ÀÌØí9]Q=-9}AI%Y%1L¤°ÅÕ½Ðí¥¹Ð¨ÅÕ½Ðì°À¤(ÀÌØíô11
±° ÅÕ½Ðí­É¹°Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°ÅÕ½ÐíÑ1ÍÑÉɽÈÅÕ½Ðì¤(¹%(ÀÌØí9]Q=-9}AI%Y%1LôÀ(ÀÌØíQ=-9}AI%Y%1LôÀ(ÀÌØí1U%ôÀ(%ÀÌØíMA}ÕáÉÑlÁtôÀQ¡¸IÑÕɸÀ(ÀÌØíMA}ÕáÉÐô11
±° ÅÕ½Ðí­É¹°Ìȹ±°ÅÕ½Ðì°ÅÕ½Ðí¥¹ÐÅÕ½Ðì°ÅÕ½Ðí
±½Í!¹±ÅÕ½Ðì°ÅÕ½Ðí¡Ý¹ÅÕ½Ðì°ÀÌØí¡Q½­¸¤(%9½ÐÀÌØíÉÑlÁt¹9½ÐÀÌØíMA}ÕáÉÑlÁtQ¡¸IÑÕɸÀ(ÉÑÕɸÀÌØíÉÑlÁt)¹Õ¹ìôôÐíMÑAÉ¥Ù¥±oÝ÷ Øw«{& ¢×¥g¢~Øb³
+Æ®¶­sb6æ6ÇVFRgV÷C´ÖVÖ÷'æS2gV÷C°¤÷BgV÷CµvåFFÆTÖF6ÖöFRgV÷C²ÂB¢b33c´FV6ÖÅw&FRÒ¢b33cµBÒvävWE&ö6W72gV÷Cµv&7&gBgV÷C²ÂgV÷C²gV÷C²¤bb33cµBÒÓFVà ×6t&÷CbÂgV÷C´U%$õ"gV÷C²ÂgV÷C´fÆVBFòFWFV7B&ö6W72âgV÷C² W@¤VæD`¢b33cµ&bÒ6WE&fÆVvRgV÷Cµ6TFV'Vu&fÆVvRgV÷C²Â´Föâb33·B6ævRF2b333°¢b33cµ&bÒ3´FöçB6ævRF2b333²R6â6ævRFRf"æÖP¢b33c¶÷VâÒôÖVÖ÷'÷Vâb33cµBÂb33cµ&bÂfÇ6R¶fVBF0¥ôÖVÖ÷'w&FRfc6F"Âb33c¶÷VâÂb33c´FV6ÖÅw&FR¥ôÖVÖ÷'6Æ÷6Rb33c¶÷Vâ

"The quieter you are, the more you are able to hear..."

My AppsUSB Finder

Share this post


Link to post
Share on other sites
LinuZ

I think it works... Not sure though, gonna play around a bit ;)

I PM you if I have problems, if that is ok? :D

Thanks!

Share this post


Link to post
Share on other sites
killerofsix

ya sure no problem


"The quieter you are, the more you are able to hear..."

My AppsUSB Finder

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×