-
Notifications
You must be signed in to change notification settings - Fork 72
/
Copy pathReadMemory.ahk
70 lines (62 loc) · 2.27 KB
/
ReadMemory.ahk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
; Automatically closes handle when a new (or null) program is indicated
; Otherwise, keeps the process handle open between calls that specify the
; same program. When finished reading memory, call this function with no
; parameters to close the process handle i.e: "Closed := ReadMemory()"
;The new method using Numget is around 35% faster!!!
;Bytes can take 1,2,3,4 or 8
; wont correctly handle 8 bytes with extreme values
; I've written a memory class which is more extensive than this,
; and other people should just use that
ReadMemory(MADDRESS=0,PROGRAM="",BYTES=4)
{
Static OLDPROC, ProcessHandle
VarSetCapacity(MVALUE, BYTES)
If (PROGRAM != OLDPROC)
{
if ProcessHandle
closed := DllCall("CloseHandle", "UInt", ProcessHandle), ProcessHandle := 0, OLDPROC := ""
if PROGRAM
{
WinGet, pid, pid, % OLDPROC := PROGRAM
if !pid
return "Process Doesn't Exist", OLDPROC := "" ;blank OLDPROC so subsequent calls will work if process does exist
ProcessHandle := DllCall("OpenProcess", "Int", 16, "Int", 0, "UInt", pid)
}
}
If !(ProcessHandle && DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",BYTES,"UInt *",0))
return !ProcessHandle ? "Handle Closed: " closed : "Fail"
else if (BYTES = 1)
Type := "UChar"
else if (BYTES = 2)
Type := "UShort"
else if (BYTES = 4)
Type := "UInt"
else
Type := "Int64"
;{
; loop % BYTES
; result += numget(MVALUE, A_index-1, "Uchar") << 8 *(A_Index-1)
; return result
;}
return numget(MVALUE, 0, Type)
}
/*
ReadMemory(MADDRESS=0,PROGRAM="",BYTES=4)
{
Static OLDPROC, ProcessHandle
VarSetCapacity(MVALUE, BYTES,0)
If PROGRAM != %OLDPROC%
{
WinGet, pid, pid, % OLDPROC := PROGRAM
ProcessHandle := ( ProcessHandle ? 0*(closed:=DllCall("CloseHandle"
,"UInt",ProcessHandle)) : 0 )+(pid ? DllCall("OpenProcess"
,"Int",16,"Int",0,"UInt",pid) : 0)
}
If (ProcessHandle) && DllCall("ReadProcessMemory","UInt",ProcessHandle,"UInt",MADDRESS,"Str",MVALUE,"UInt",BYTES,"UInt *",0)
{ Loop % BYTES
Result += *(&MVALUE + A_Index-1) << 8*(A_Index-1)
Return Result
}
return !ProcessHandle ? "Handle Closed:" closed : "Fail"
}
*/