Pointer with _MemMove

[Qousio]

Hello. What I'm trying to do is move the value of a pointer into an autoit variable. I have tried several methods, this seems to be a working one, but its not... working...

Here is what I'm currently trying (Just a test)

#Include <Memory.au3>
Global $str, $a, $ptr, $var
$str = "ptr var1"
$a = DllStructCreate($str)
if @error Then
    MsgBox(0,"","Error in DllStructCreate " & @error);
    exit
endif
DllStructSetData($a,"var1",1)
$ptr = DllStructGetPtr ($a)
_MemMoveMemory(0x0009828C, $ptr, 32)
$a = $var
MsgBox(0,"DllStruct","Struct Size: " & DllStructGetSize($a) & @CRLF & _
        "Struct pointer: " & DllStructGetPtr($a) & @CRLF & _
        "Data:" & @CRLF & _
        "Var value " & $var & @CRLF & _
        DllStructGetData($a,1))

When I launch the script I get an error and autoit crashes... Any ideas?

Edited April 23, 2009 by Qousio

[monoceres]

So, uhm, where does this little cute number come from: 0x0009828C?

[Qousio]

So, uhm, where does this little cute number come from: 0x0009828C?

I have made an assembler script that allocates memory and sets the value of address 00097F7A to 100. Then I have created a pointer with 312 offset, thus the pointer that points to address 00097F7A is 0009828C. I have tried inserting 0009828C but autoit says its a wrong number, so I changed it to 0x0009828C.

[martin]

Hello. What I'm trying to do is move the value of a pointer into an autoit variable. I have tried several methods, this seems to be a working one, but its not... working...

Here is what I'm currently trying (Just a test)

#Include <Memory.au3>
Global $str, $a, $ptr, $var
$str = "ptr var1"
$a = DllStructCreate($str)
if @error Then
    MsgBox(0,"","Error in DllStructCreate " & @error);
    exit
endif
DllStructSetData($a,"var1",1)
$ptr = DllStructGetPtr ($a)
_MemMoveMemory(0x0009828C, $ptr, 32)
$a = $var
MsgBox(0,"DllStruct","Struct Size: " & DllStructGetSize($a) & @CRLF & _
        "Struct pointer: " & DllStructGetPtr($a) & @CRLF & _
        "Data:" & @CRLF & _
        "Var value " & $var & @CRLF & _
        DllStructGetData($a,1))

When I launch the script I get an error and autoit crashes... Any ideas?

I'm not sure what the line

$a = $var

is for but it is definetly wrong. $var will be created as a null string untill it is set with some value. Maybe you are confusing $var with "var1" in your struct?

Perhaps this will work

#Include <Memory.au3>
 Global $str, $a, $ptr, $var
 $str = "ptr var1"
 $a = DllStructCreate($str)
 if @error Then
     MsgBox(0,"","Error in DllStructCreate " & @error);
     exit
 endif
 DllStructSetData($a,"var1",1)
 $ptr = DllStructGetPtr ($a)
 _MemMoveMemory(0x0009828C, $ptr, 32)
;$a = $var
 MsgBox(0,"DllStruct","Struct Size: " & DllStructGetSize($a) & @CRLF & _
         "Struct pointer: " & DllStructGetPtr($a) & @CRLF & _
         "Data:" & @CRLF & _
         "Var1 value =" &  DllStructGetData($a,1))

Edited April 24, 2009 by martin

[Qousio]

I'm not sure what the line

$a = $var

is for but it is definetly wrong. $var will be created as a null string untill it is set with some value. Maybe you are confusing $var with "var1" in your struct?

Perhaps this will work

Ok, I can launch the script now. The reason I did $a=$var is because I wanted to put the value of $a to the variable $var. But, it seems that I should put DllStructGetData into $var.

So the working script is:

#Include <Memory.au3>
Global $str, $a, $ptr, $var, $data
$var = 1
$str = "ptr var1"
$a = DllStructCreate($str)
if @error Then
    MsgBox(0,"","Error in DllStructCreate " & @error);
    exit
endif
DllStructSetData($a,"var1",1)
$ptr = DllStructGetPtr($a)
_MemMoveMemory(0x0009828C, $ptr, 1)
$data = DllStructGetData($a,1)
$var = $Data 
MsgBox(0,"DllStruct","Struct Size: " & DllStructGetSize($a) & @CRLF & _
        "Struct pointer: " & DllStructGetPtr($a) & @CRLF & _
        "Data:" & @CRLF & _
        "Var value " & $var & @CRLF & _
        DllStructGetData($a,1))

It works perfectly fine, but When I tried a different pointer it crashes again ;; any ideas?

Edited April 24, 2009 by Qousio

[trancexx]

Invalid pointer.

... I would love to see the rest of the script. Is that possible?

[Qousio]

Invalid pointer.

... I would love to see the rest of the script. Is that possible?

Right now im just trying to make this work... I do have the second part of the script ready, basically its a bunch of GDI+ drawings...

#Edit: Ok now I'm really confused The script works, but the result is -Wrong- I'm putting the value of pointer 00460f68 to $ptr which is the pointer of my DllStruct. Using _MemMoveMemory(0x460F68, $ptr, 1)

But the value I get is 75, it should be 77.... Any suggestions?

#Edit2: I increased the length of _MemMove to 6 bytes, now I get 0x8B561875.

What the hell... ? O_o

Edited April 24, 2009 by Qousio

[trancexx]

#Edit2: I increased the length of _MemMove to 6 bytes, now I get 0x8B561875.

What the hell... ? O_o

And if the number is 2 you get 1875?

[Qousio]

And if the number is 2 you get 1875?

Correct. What does this mean? I screwed up somewhere ?

[trancexx]

Correct. What does this mean? I screwed up somewhere ?

No, actually it means that all works as it should.

Your problem is contained in monoceres' post.

... but since you are not showing the code, no help could be provided.

[Qousio]

No, actually it means that all works as it should.

Your problem is contained in monoceres' post.

... but since you are not showing the code, no help could be provided.

That IS the code o_O... and which post should i be looking for?

If you mean the post in THIS thread, then it makes no sense. The first pointer which I used and which works is the one that I have created with an asm script. The second pointer which I'm using right now is from a game. I am 100% confident the pointer is correct because I can alter the value of this pointer and it will be reflected in game.

For example, this is an asm script I have created a long time ago:

expandcollapse popup

[ENABLE] 
alloc(newmem,2048) 
label(returnhere) 
label(returnhere1) 
label(robot) 
label(resource) 
  
newmem: 
  
robot: 
mov ecx, 0 
add [esi+20],ecx 
mov eax,[ebp+00000798] 
jmp returnhere1 
  
  
resource: 
mov edx, 1000 
add [ecx+eax*4+4c],edx 
mov edx,[ecx+eax*4+4c] 
jmp returnhere 
  
  
01C049E1: 
jmp robot 
nop 
nop 
nop 
nop 
returnhere1: 
  
01BCB7A8: 
jmp resource 
nop 
nop 
nop 
returnhere: 
  
[DISABLE] 
01C049E1: 
add [esi+20],ecx 
mov eax,[ebp+00000798] 
  
01BCB7A8: 
add [ecx+eax*4+4c],edx 
mov edx,[ecx+eax*4+4c] 
  
dealloc(newmem)

This: 01C049E1 and this: 01BCB7A8 are valid pointers. I can find and alter there values, but when I use them in my autoit script it won't return the correct value.

Edited April 24, 2009 by Qousio

[ProgAndy]

What are you exactly doing?

-Run the assembler Script

-run AutoIt-Script

- trying to read memory from assembler-script?

--> different processes have different virtual memory. You can't read the memory of another process with _MemMoveMemory.

Also, after a process has closed all it's memory is freed.

To read the memory from a running process, you have to use NomadMemory.au3.

[Qousio]

What are you exactly doing?

-Run the assembler Script

-run AutoIt-Script

- trying to read memory from assembler-script?

--> different processes have different virtual memory. You can't read the memory of another process with _MemMoveMemory.

Also, after a process has closed all it's memory is freed.

To read the memory from a running process, you have to use NomadMemory.au3.

Thank you thank you than you thank you! NomadMemory.au3 is what I need I didnt know how _MemMoveMemory works, so this is why my script wasn't working

Gosh I feel so stupid now ;; I knew that theres supposed to be a debugger that grants rights to modify/check programms memory I guess I'm so used to OllyDbg that I forgot about it when using autoit

Edited April 24, 2009 by Qousio

[Richard Robertson]

_MemMoveMemory is like a low level copy operation. The process only has access to its own memory space, as mentioned above.