Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

ReadProcessMemory / WriteProcessMemory


  • Please log in to reply
33 replies to this topic
Rajat
  • Members
  • 1904 posts
  • Last active: Jul 17 2015 07:45 AM
  • Joined: 28 Mar 2004

I mean the dll function calling.

that's great! :)

MIA

CleanNews.in : Bite sized latest news headlines from India with zero bloat


Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
Based on Ultra's work with DllCall, here is an updated script to read the currently playing track directly from Winamp's memory via ReadProcessMemory. It might not be that useful, but serves as a good example of how to open processes and read memory:
; Get the index of the currently playing track from winamp.



AutoTrim, Off



WinGet, hwndWinAMP, ID, ahk_class Winamp v1.x

if hwndWinAMP =

{

	MsgBox Winamp does not appear to be running.

	Exit

}



; 0x0400 = WM_USER  0x7D = IPC_GETLISTPOS

SendMessage, 0x0400, 0, 0x7D, , ahk_id %hwndWinAMP%

if ErrorLevel = FAIL

{

	MsgBox SendMessage failed.

	Exit

}



; Otherwise, the answer is stored in ErrorLevel.

; Now tell Winamp to give us a pointer to the string of the track

; whose index we have to provide. The pointer is valid inside winamp's

; memory space.  0xD4 = IPC_GETPLAYLISTTITLE. Answer is again stored

; in ErrorLevel.

SendMessage, 0x0400, %ErrorLevel%, 0xD4, , ahk_class Winamp v1.x

if ErrorLevel = FAIL

{

	MsgBox SendMessage failed.

	Exit

}



; Store the address in a new var.

lpszTitle = %ErrorLevel%



; Get the Process ID of WinAMP.  It will be stored in the output-parameter PID.

DllCall("GetWindowThreadProcessId", "int", hwndWinAMP, "UInt *", PID, "UInt")

if (ErrorLevel or !PID)

{

	MsgBox GetWindowThreadProcessId failed.

	Exit

}



; Open the process so we can to stuff with it.

; The call will return a process handle.

ProcessHandle := DllCall("OpenProcess", "int", 24, "char", 0, "UInt", PID, "UInt")

if (ErrorLevel or !ProcessHandle)

{

	MsgBox OpenProcess failed.

	Exit

}



; Now we have the pointer stored in lpszTitle. To proceed we have to

; use ReadProcessMemory and read starting at the returned address.

; We have to read byte after byte until we encounter a "00" byte (string ends).



; clear the variable that will hold the track's name

teststr =

Loop

{

	; Read from WinAMP's memory. Value will be copied into the string buffer, which

	; must contain exactly one character because ReadProcessMemory won't terminate

	; the string, only overwrite its contents.

	Output := "x"  ; Put exactly one character in as a placeholder.

	tempVar := DllCall("ReadProcessMemory", "UInt", ProcessHandle, "UInt", lpszTitle, "str", Output, "Uint", 1, "Uint *", 0)

	; Error checking - i.e. no permission for reading from the process's memory

	if (ErrorLevel or !tempVar)

	{

		DllCall("CloseHandle", "int", ProcessHandle)

		MsgBox ReadProcessMemory failed.

		Exit

	}



	; If the value of the byte read is zero we are at the end of the string.

	; So quit the loop!

	if Output =

		break



	; Append the character to our teststr variable that will hold the whole title string

	teststr = %teststr%%Output%



	; Increment address by one to obtain next byte

	lpszTitle++

}



DllCall("CloseHandle", "int", ProcessHandle)  ; ErrorLevel and return value are not checked.



; Display our track's title

MsgBox The track title is:`n%teststr%


ULTRA
  • Members
  • 19 posts
  • Last active: Mar 11 2012 09:39 PM
  • Joined: 15 Feb 2005
It's working great!

; now Output holds the numeric value of the byte read from the given address


This line should be removed :)
In a world without walls and fences who needs windows and gates?

Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
Thanks; I've removed that comment.

kobyashi
  • Members
  • 7 posts
  • Last active: Jun 03 2005 12:26 AM
  • Joined: 09 May 2005
Will there be support for string parameters as output variables in the *call and SendMessage commands in the next version?

Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
You can already get strings back from DllCall, either the return value or an "output argument" (asterisk variable).

For SendMessage, I will ensure it's on the to-do list. In the meantime, you might be able to do what you need by having DllCall execute SendMessage. If you find out anything interesting, please post it.

elf
  • Members
  • 1 posts
  • Last active: Jun 19 2005 03:06 PM
  • Joined: 07 Jun 2005

Okay, I added my ReadProcessMemory and WriteProcessMemory commands to the source code of AHK. It works perfectly. I changed the order of the arguments a bit to match the other AHK commands in their syntax.

hi Ultra, your idea is very usefull. I used other macro b4. beside read/write, it also has memory sreach , memory analyze(changed, InCreased, Decreased,count, index) . cos, some games and progames may have protection or dynamic memory. it need to sreach on each time calls.

T
  • Guests
  • Last active:
  • Joined: --
Chris, It is great! Thank you!

Jungle
  • Members
  • 16 posts
  • Last active: Apr 01 2006 01:30 PM
  • Joined: 13 Jan 2006
Hello.
I'm a newbie. So sorry if you find my question stupid.

When i have a title (in Winamp) with spaces (e.g. "Artist - The Title"), Output contains a space after reading memory, but after

teststr = %teststr%%Output%


teststr doesn't contain space. So, in the end i have "Artist-TheTitle" in the teststr. What's wrong?

Thanks.

P.S. AutoHotKey 1.0.40.11

BoBo
  • Guests
  • Last active:
  • Joined: --
AutoTrim, Off


Micha
  • Members
  • 539 posts
  • Last active: Dec 31 2011 01:43 PM
  • Joined: 15 Nov 2005
Hi,
by the way, what about VirtualAllocEx and VirtualFreeEx

FYI:
I've used that calls for TreeCtrl-support. Before sending a message to the treectrl, you have to allocate memory in the foreign process and delete it when finished.

I do NOT need the dll, but if all calls (alloc, read, write, free) are supported in one dll, you can do great things with it.

Ciao
Micha

Denzera
  • Guests
  • Last active:
  • Joined: --
I just wanted to add another voice of support for adding the memory-management functions into AHK. There may be only 1 in 10 users who can make real use of this, but those users could then do ANYTHING, and everyone else can benefit from their scripts.

I know the latest bugfix version was done merely a week ago, so development is still going on. I'm hopeful this makes it into a release shortly.

ParanoidX
  • Members
  • 148 posts
  • Last active: Jan 14 2007 02:00 AM
  • Joined: 16 Dec 2005
I was digging this info for a while(phew~!) and using this in conjunction with WS_CLIPCHILDREN I can display a checklist assign to hotkey of the cheats I want to activate in some games displayed within the game :D

btw.. anyone knows/leads on how to display text on DX9 layer?

thx again, very useful stuff!!

incith
  • Members
  • 130 posts
  • Last active: Apr 03 2010 03:08 AM
  • Joined: 01 Oct 2005
I recently made use of this code and turned it into a Function() for sending the song into a game, but then the game is now blocking the memory from being read. -_-

So I'm doing it like this now, and posting it here for anyone else that might use it.
; this code requires winamp option "Scrolling Title Text" to be disabled
DetectHiddenWindows, On    ; in case minimized to systray
WinGetTitle, CurrentTrack, ahk_class Winamp v1.x
DetectHiddenWindows, Off
If CurrentTrack
{
  ; remove the playlist position ('1234. ')
  Loop
  {
    StringMid, ModTrack, CurrentTrack, 1, 1
    If ModTrack in 1,2,3,4,5,6,7,8,9,0, ,.
      StringTrimLeft, CurrentTrack, CurrentTrack, 1
    Else
      break
  }
  ; remove ending ' - Winamp [Stopped]' text etc
  StringGetPos, WinampStatus, CurrentTrack, - Winamp
  StringMid, WinampStatus, CurrentTrack, %WinampStatus%, StrLen(CurrentTrack)
  StringReplace, CurrentTrack, CurrentTrack, %WinampStatus%
}
Else
  CurrentTrack := "Winamp is currently not running."

MsgBox, %CurrentTrack%

Edit: Slightly modified code. June'06

AHKnow*
  • Guests
  • Last active:
  • Joined: --

I just wanted to add another voice of support for adding the memory-management functions into AHK. There may be only 1 in 10 users who can make real use of this, but those users could then do ANYTHING, and everyone else can benefit from their scripts.

I know the latest bugfix version was done merely a week ago, so development is still going on. I'm hopeful this makes it into a release shortly.


I thought Ultra had a great idea and making it easier to use would be nice.