Jump to content
Sign in to follow this  
Zisly

Memory writing

Recommended Posts

Zisly

Problem solved, thanks Authenticity !!

Edited by Zisly

Share this post


Link to post
Share on other sites
Authenticity

You don't need to split and write each a time.

Use $Bin = Binary($var).

Then it goes something like this:

#include <Memory.au3>

Dim $RSA_KEY = '1091201329673994292788609605089955415282375029027981291234687579372662914925764463307396960011106039' & _
               '0723088861007265581882535850342905759282762943641310856602909362821263595383668656267584972062078627' & _
               '9431090218017681061521755056710823876476444260558147179707119674283982419152118103759076030616683978' & _
               '566631413'

; Get binary representation of the key.
Dim $BinRSA = Binary($RSA_KEY)

; Create the buffer, pointer to the buffer and size of the buffer.
Dim $tBuff = DllStructCreate('byte[' & BinaryLen($BinRSA) & ']'), $tMem
Dim $pBuff = DllStructGetPtr($tBuff)
Dim $iBuff = DllStructGetSize($tBuff)

; Fill buffer with binary representation
 DllStructSetData($tBuff, 1, $BinRSA)
 
 ; Initialize memory in the process address space.
Dim $pMemory = _MemInit(WinGetHandle('Tibia'), $iBuff, $tMem)
_MemWrite($tMem, $pBuff, $pMemory, $iBuff)

; $Return = _MemRead($tMem, $pMemory, $pBuff, $iBuff)
_MemFree($tMem)

Hope it's correct.

Share this post


Link to post
Share on other sites
Zisly

Thanks for the fast answer, I will test this when I get home. :D

But one thing that I don't get, where is the memory adress? :S

Edited by Zisly

Share this post


Link to post
Share on other sites
Zisly

Nevermind, I solved it :D

Share this post


Link to post
Share on other sites
Zisly

Well I have a problem.

The RSA key is protected or something so I can't change it :D

In C++ people use VirtualProtectEx to write the RSA.

Is there something similar available for autoit?

Share this post


Link to post
Share on other sites
Authenticity

_MemInit, _MemWrite. Both use VirtualAllocateEx and WriteProcessMemory, etc.. #include <Memory.au3>

Edit: About VirtualProtectEx. You can use DllCall to call them directly, the constants are already included by Memory.au3

Edited by Authenticity

Share this post


Link to post
Share on other sites
Zisly

_MemInit, _MemWrite. Both use VirtualAllocateEx and WriteProcessMemory, etc.. #include <Memory.au3>

Edit: About VirtualProtectEx. You can use DllCall to call them directly, the constants are already included by Memory.au3

Could you possibly write a little example?

Share this post


Link to post
Share on other sites
Authenticity

I gave you example about _MemInit and _MemWrite. What you need is to read about the definition of VirtualProtectEx on MSDN like which dll exposes it (most probably it's kernel32.dll) and come back if you have a hard time implementing it. ;] Good-luck.

Share this post


Link to post
Share on other sites
Zisly

I gave you example about _MemInit and _MemWrite. What you need is to read about the definition of VirtualProtectEx on MSDN like which dll exposes it (most probably it's kernel32.dll) and come back if you have a hard time implementing it. ;] Good-luck.

Well to me your code doesn't seem to write to a specific address (which I want) or does it? :S

Well I'll check out MSDN :D

Share this post


Link to post
Share on other sites
Authenticity

Oh ;] specific address. Look up "NomadMemory.au3".

Share this post


Link to post
Share on other sites
Zisly

Oh ;] specific address. Look up "NomadMemory.au3".

Well thats what I'm using.

I can write and everything, the only thing I have problems is with the protected memory or what you call it :o

It won't let me change the RSA key :D

I know you can "unlock" memory, but no idea how with AutoIt and my DllCall experience sucks

Edited by Zisly

Share this post


Link to post
Share on other sites
Authenticity

Maybe something like this:

#include <MemoryConstants.au3>
#include <NomadMemory.au3>

$iAddress = 0x77AD88
$i_pid = WinGetProcess("Tibia")
$aReturn = _MemoryOpen($i_pid, 0x1F0FFF, 0)
    If @error Then Exit
    
$hProc = $aReturn[1]

$aRet = DllCall($aReturn[0], 'int', 'VirtualProtectEx', 'int', $hProc, 'ptr', $iAddress, _
        'ulong_ptr', 2, 'dword', $PAGE_READWRITE, 'dword*', '')

Share this post


Link to post
Share on other sites
Zisly

I modified it a bit and it works :o

THANK YOU!!!

Thanks for taking your time answering my questions :D, I really appreciate it!

Edited by Zisly

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×