Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate

ReadMemory function


  • Please log in to reply
109 replies to this topic
ytsu12
  • Members
  • 8 posts
  • Last active: Dec 04 2015 03:54 AM
  • Joined: 01 Jan 2015

I am using the following code but I keep getting the error "Handle Closed:" I am on ( Windows 8.1 x64 )!

Numpad1:: Hotkey, *~$Left, Toggle

ReadMemory(MADDRESS=0,PROGRAM="")
{
	Static OLDPROC, ProcessHandle
	VarSetCapacity(MVALUE,4,0)
	If PROGRAM != %OLDPROC%
	{
		WinGet, pid, pid, % OLDPROC := PROGRAM
		ProcessHandle := ( ProcessHandle ? 0*(closed:=DllCall("CloseHandle"
		,"UInt",ProcessHandle)) : 0 )+(pid ? DllCall("OpenProcess"
		,"Int",16,"Int",0,"UInt",pid) : 0)
	}
	If (ProcessHandle) && DllCall("ReadProcessMemory","UInt"
	,ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",4,"UInt *",0)
	return *(&MVALUE+3)<<24 | *(&MVALUE+2)<<16 | *(&MVALUE+1)<<8 | *(&MVALUE)
	return !ProcessHandle ? "Handle Closed: " closed : "Fail"
}

Program := "csgo.exe"
Address := 0xA6DA14
Offset := 0x23F8

*~$Left::
{
Value := ReadMemory( Address+Offset , Program )
MsgBox %value%
}


newbieme
  • Members
  • 100 posts
  • Last active: Aug 07 2015 11:22 AM
  • Joined: 26 Mar 2014

Hi,

 

Is it possible to read out all adresses from a process which (for example) starts with: PlayerDetails ... and ends with: EndofDetails

 

Thank you



Tannex
  • Members
  • 59 posts
  • Last active: Nov 13 2015 03:26 PM
  • Joined: 29 Apr 2013

What if the address i need to read contains a float and not integer?



RHCP
  • Members
  • 1228 posts
  • Last active: Apr 08 2017 06:17 PM
  • Joined: 29 May 2006

What if the address i need to read contains a float and not integer?

 

 

Use one of the functions or classes which supports floats.

 

Otherwise edit the ReadProcessMemory DLLCall() so that the lpBuffer parameter is a pointer to a float. 

e.g

DllCall("ReadProcessMemory", "Ptr",  hProcess, "Ptr", address, "Float*", result, "UInt", 4, "Ptr",0)

Which is equivalent to this:

VarSetCapacity(buffer, 4)
DllCall("ReadProcessMemory", "Ptr",  hProcess, "Ptr", address, "Ptr", &buffer, "UInt", 4, "Ptr",0)
restult := NumGet(buffer, 0, "Float")


Wyvern010
  • Members
  • 24 posts
  • Last active: Jul 11 2016 11:17 PM
  • Joined: 30 Mar 2015

i have a problem with the ReadMemory Function.

 

it returns only 8 numbers/Characters, where i need 9.

 

Example: 

 

0BBCE9410 only shows as BBCE9410 wich is not a problem becouse the first number is 0?

But it is with 151B1D500 wich returns as 51B1D500. so im missing the first character wich is 1.

so when i try to read 51B1D500 it failes cus it doesnt point to anything.

How can i change to function so it shows the whole adress? including the first character?

 

Fixed it by changing BYTE=4 to BYTE=5

 

ReadMemory(MADDRESS=0,PROGRAM="",MVALUE=" ",BYTE=5)

 

the function i use is:

ReadMemory(MADDRESS=0,PROGRAM="",MVALUE=" ",BYTE=4)
{
	Static OLDPROC, ProcessHandle
	if MVALUE := " " 
	VarSetCapacity(MVALUE,8,0)
	If PROGRAM != %OLDPROC%
	{
		WinGet, pid, pid, % OLDPROC := PROGRAM
		ProcessHandle := ( ProcessHandle ? 0*(closed:=DllCall("CloseHandle"
		,"UInt",ProcessHandle)) : 0 )+(pid ? DllCall("OpenProcess"
		,"Int",16,"Int",0,"UInt",pid) : 0)
	}
	If (ProcessHandle) && DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"str",MVALUE,"UInt",BYTE,"UInt *",0)
	return *(&MVALUE+3)<<24 | *(&MVALUE+2)<<16 | *(&MVALUE+1)<<8 | *(&MVALUE)
	return !ProcessHandle ? "Handle Closed: " closed : "-2" ;changed to -2 myself
}