 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
 Posted: Fri Mar 25, 2005 9:56 pm Post subject: ReadProcessMemory / WriteProcessMemory |
 |
|
Hi Chris,
I'd like to have the ReadProcessMemory and WriteProcessMemory Functions
from winapi in AHK. The commands should look like this:
| Code: | ReadProcessMemory, Address, Byte, WinTitle
WriteProcessMemory, Address, Var, WinTitle |
ReadProcessMemory should store the numeric value of the byte at "Address" in "WinTitle"'s memory space into "Byte".
WriteProcessMemory should write the value in "Var" to "Address" of "WinTitle"'s memory space.
Both functions should set ErrorLevel to FAIL if there was a problem.
For example we could use them to read the name of the track currently
played by Winamp in a reliable way. Take a look at the following code:
| Code: | ; Get the index of the currently played track from winamp.
; 0x0400 = WM_USER 0x7D = IPC_GETLISTPOS
; Answer is stored in ErrorLevel.
SendMessage, 0x0400, 0, 0x7D, , ahk_class Winamp v1.x
; Error checking - i.e. Winamp is not running
if ErrorLevel = FAIL
{
Exit
}
; Now tell Winamp to give us a pointer to the string of the track
; whose index we have to provide. The pointer is valid inside winamp's
; memory space.
; 0xD4 = IPC_GETPLAYLISTTITLE
; Answer is again stored in ErrorLevel.
SendMessage, 0x0400, %ErrorLevel%, 0xD4, , ahk_class Winamp v1.x
; Error checking - i.e. Winamp is not running
if ErrorLevel = FAIL
{
Exit
}
; Store the address in a new var.
lpszTitle = %ErrorLevel%
; Now we have the pointer stored in lpszTitle. To proceed we have to
; use ReadProcessMemory and read starting at the returned address.
; We have to read byte after byte until we encounter a "00" byte (string ends).
; clear the variable that will hold the track's name
teststr =
Loop
{
ReadProcessMemory, %lpszTitle%, char, ahk_class Winamp v1.x
; Error checking - i.e. no permission for reading from the process's memory
if ErrorLevel = FAIL
{
Exit
}
; now char holds the numeric value of the byte read from the given address
; If the value of the byte read is zero we are at the end of the string.
; So quit the loop!
if char = 0
{
break
}
; Transform the obtained byte's value to a character
Transform, char, Chr, %char%
; Append the character to our teststr variable that will hold the whole title string
teststr = %teststr%%char%
; Increment address by one to obtain next byte
lpszTitle++
}
; Display our track's title
MsgBox, %teststr% |
It would be great. This would make AHK more powerful for advanced users!
I think this is no problem for you to implement in AHK. These functions
internally need 4 API calls: OpenProcess, CloseHandle, ReadProcessMemory, WriteProcessMemory 
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
 |
Serenity
Joined: 08 Nov 2004
Posts: 1019
|
| Posted: Fri Mar 25, 2005 11:41 pm Post subject: |
|
|
You've given a really detailed and specific example but I am not sure how this can be applied to other things. Would you give some other examples of how this can be used?
_________________
"Anything worth doing is worth doing slowly." - Mae West
 |
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Sat Mar 26, 2005 1:27 pm Post subject: |
|
|
You could generate score statistics of your favourite game by reading
your score from the game's memory.
You can read everything from any program even if it doesn't give you an
interface to do it. Obtaining information from alien processes has no limits.
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
Serenity
Joined: 08 Nov 2004
Posts: 1019
|
| Posted: Sat Mar 26, 2005 1:45 pm Post subject: |
|
|
Thanks Ultra, this sounds like it could be really useful and powerful. I'm wondering how you find what to put in- for the example you gave, the memory address was returned in the errorlevel after posting a message IPC_GETPLAYLISTTITLE, a command that sounds specific to Winamp. How would you go about finding similar messages for other applications? Also, it sounds like you could change quite a bit about an application if you could overwrite its memory addresses during run time.
_________________
"Anything worth doing is worth doing slowly." - Mae West
|
|
| Back to top |
|
|
Chris
Site Admin
Joined: 02 Mar 2004
Posts: 10467
|
| Posted: Sat Mar 26, 2005 2:21 pm Post subject: |
|
|
| Thanks Ultra. I'll see if this can be added sometime after the next version comes out (unless someone else wants to write the code sooner). It seems fairly simple but my top priority now is getting function calling done so that this next version can be released (hopefully within the next 5 days). |
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Sat Mar 26, 2005 4:20 pm Post subject: |
|
|
| Serenity wrote: | | I'm wondering how you find what to put in- for the example you gave, the memory address was returned in the errorlevel after posting a message IPC_GETPLAYLISTTITLE, a command that sounds specific to Winamp. |
Yup, its a winamp specific message. It is documented in the winamp sdk.
| Serenity wrote: | | How would you go about finding similar messages for other applications? |
If you know what you are looking for (e.g. you have a string displayed in a
program) then you can search for it in the process's memory and then look
for a pointer to its buffer. Another way is to debug the program in question
with a debugger (such as OllyDbg). There you can easily locate the addresses
where pointers to buffers are stored.
| Serenity wrote: | | Also, it sounds like you could change quite a bit about an application if you could overwrite its memory addresses during run time. |
Yup, everything is possible. You could inject new functions or modify existing ones 
But all this is very difficult without basic knowledge of ASM.
| Chris wrote: | | Thanks Ultra. I'll see if this can be added sometime after the next version comes out. |
Great
| Chris wrote: | (unless someone else wants to write the code sooner)
|
Is that a broad hint? 
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Sat Mar 26, 2005 7:17 pm Post subject: |
|
|
Okay, I added my ReadProcessMemory and WriteProcessMemory commands
to the source code of AHK. It works perfectly. I changed the order of the arguments
a bit to match the other AHK commands in their syntax.
It is now like this:
| Code: | ReadProcessMemory, OutputVar, Address [, WinTitle, WinText, ExcludeTitle, ExcludeText]
WriteProcessMemory, Byte, Address [, WinTitle, WinText, ExcludeTitle, ExcludeText] |
Both commands also have the ability to use the "Last Found Window" by omitting
the last four parameters (exactly the same as in SendMessage).
Both commands set ErrorLevel to "FAIL" if there was a problem when accessing memory.
The argument "Byte" of WriteProcessMemory can be one character
(unicode or ansi, it doesn't matter) or a numeric value between 0 and 255
(0x00 - 0xFF). If you pass a string longer than 1 characters ErrorLevel will
be set to 1.
I tried my Winamp example above with it. It works perfectly! I only had
to add "AutoTrim, Off", otherwise all spaces I tried to append were deleted.
Ah, Chris, how should I tell you what I changed in your sourcecode?
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
compuboy_r
Joined: 04 May 2004
Posts: 68
|
| Posted: Wed Apr 06, 2005 8:48 pm Post subject: |
|
|
@ULTRA
Can i have that custom compiled Autohotkey with Read Process/Write Process.
Actually i have made ControlAmp1.4 (in AHK) and had to use a own codded VC++ utlility do certain thigns related to this
Latest version can be found at
http://compuboy.cjb.net (Self Hosted so might be down)
Would like to have this.
Compuboy
_________________
 |
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Sun Apr 10, 2005 4:54 pm Post subject: |
|
|
k, no problem. Be careful with what you do with the commands. It is no problem
to kill an app by reading/writing memory to/from its memory space.
My compiled version is also based on the old version of AHK so you don't
have the new fancy stuff.
I don't know if it's okay. I have uploaded a zip with only the exe and the
working winamp example in it.
You can download it here.
Syntax is:
| Code: |
ReadProcessMemory, OutputVar, Address [, WinTitle, WinText, ExcludeTitle, ExcludeText]
WriteProcessMemory, Byte, Address [, WinTitle, WinText, ExcludeTitle, ExcludeText]
|
(Just like all the other commands)
Btw, last exam on tuesday 
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
compuboy_r
Joined: 04 May 2004
Posts: 68
|
| Posted: Mon Apr 11, 2005 3:30 am Post subject: |
|
|
Thanks for the exe but can i get the compiler for the script also
Hey Chris, This is working like cream. Why dont u have it in the Autohotkey itself.
Regards
_________________
|
|
| Back to top |
|
|
Chris
Site Admin
Joined: 02 Mar 2004
Posts: 10467
|
| Posted: Mon Apr 11, 2005 1:25 pm Post subject: |
|
|
| Because these functions would be so rarely used (probably by fewer than 1 out of 100 users), it seemed best to wait until the command APICall/DllCall is available. Once that has been added, a function can be created that does the same thing as Read/WriteProcessMemory. This would also improve flexibililty since you would be calling the Windows API directly and could decide how many bytes you want, when you want to close the process handle, etc. |
|
| Back to top |
|
|
Rajat
Joined: 28 Mar 2004
Posts: 1718
|
| Posted: Mon Apr 11, 2005 3:19 pm Post subject: |
|
|
| Chris wrote: | | wait until the command APICall/DllCall is available. Once that has been added, a function can be created that does the same thing as Read/WriteProcessMemory. |
next major step, eh? (i can hardly wait)... also, using functions for this is a very good idea!
_________________
 |
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Tue Apr 12, 2005 2:25 pm Post subject: |
|
|
| Chris wrote: | | Because these functions would be so rarely used (probably by fewer than 1 out of 100 users), it seemed best to wait until the command APICall/DllCall is available. Once that has been added, a function can be created that does the same thing as Read/WriteProcessMemory. This would also improve flexibililty since you would be calling the Windows API directly and could decide how many bytes you want, when you want to close the process handle, etc. |
Yes, and I will be the one to code it
I had my last exam today and I will definitely start on this one today afternoon
Edit: here is the sc file for the ahk2exe program. Put the .bin in the directory
where the "Ahk2Exe.exe" is.
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
Rajat
Joined: 28 Mar 2004
Posts: 1718
|
| Posted: Tue Apr 12, 2005 3:01 pm Post subject: |
|
|
| ULTRA wrote: | Yes, and I will be the one to code it
I had my last exam today and I will definitely start on this one today afternoon |
hey ULTRA, do u mean the memory function or the dll/api call command itself?
_________________
|
|
| Back to top |
|
|
ULTRA
Joined: 15 Feb 2005
Posts: 18
Location: Ludwigsburg, Germany
|
| Posted: Tue Apr 12, 2005 3:31 pm Post subject: |
|
|
I mean the dll function calling.
_________________
In a world without walls and fences who needs windows and gates? |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
