API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 10th, 2017
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.21 KB | None | 0 0
raw download clone embed print report
  1. if (A_PtrSize != 8)
  2. {
  3. MsgBox, You are not running 64-bit version of Autohotkey L, reinstall correct version. Script will now terminate.
  4. ExitApp
  5. }
  6. if not A_IsAdmin
  7. {
  8. Run *RunAs "%A_ScriptFullPath%"
  9. ExitApp
  10. }
  11.  
  12. class _ClassMemory
  13. {
  14. static baseAddress, hProcess, PID, currentProgram
  15. , insertNullTerminator := True
  16. , readStringLastError := False
  17. , isTarget64bit := False
  18. , ptrType := "UInt"
  19. , aTypeSize := { "UChar": 1, "Char": 1
  20. , "UShort": 2, "Short": 2
  21. , "UInt": 4, "Int": 4
  22. , "UFloat": 4, "Float": 4
  23. , "Int64": 8, "Double": 8}
  24. , aRights := { "PROCESS_ALL_ACCESS": 0x001F0FFF
  25. , "PROCESS_CREATE_PROCESS": 0x0080
  26. , "PROCESS_CREATE_THREAD": 0x0002
  27. , "PROCESS_DUP_HANDLE": 0x0040
  28. , "PROCESS_QUERY_INFORMATION": 0x0400
  29. , "PROCESS_QUERY_LIMITED_INFORMATION": 0x1000
  30. , "PROCESS_SET_INFORMATION": 0x0200
  31. , "PROCESS_SET_QUOTA": 0x0100
  32. , "PROCESS_SUSPEND_RESUME": 0x0800
  33. , "PROCESS_TERMINATE": 0x0001
  34. , "PROCESS_VM_OPERATION": 0x0008
  35. , "PROCESS_VM_READ": 0x0010
  36. , "PROCESS_VM_WRITE": 0x0020}
  37.  
  38. __new(program, dwDesiredAccess := "", byRef handle := "", windowMatchMode := 3)
  39. {
  40. if this.PID := handle := this.findPID(program, windowMatchMode)
  41. {
  42. if dwDesiredAccess is not integer
  43. dwDesiredAccess := this.aRights.PROCESS_QUERY_INFORMATION | this.aRights.PROCESS_VM_OPERATION | this.aRights.PROCESS_VM_READ | this.aRights.PROCESS_VM_WRITE
  44. if this.hProcess := handle := this.OpenProcess(this.PID, dwDesiredAccess)
  45. {
  46. this.readStringLastError := False
  47. this.currentProgram := program
  48. if this.isTarget64bit := this.isTargetProcess64Bit(this.PID, this.hProcess, dwDesiredAccess)
  49. this.ptrType := "Int64"
  50. else this.ptrType := "UInt"
  51. if (A_PtrSize != 4 || !this.isTarget64bit)
  52. this.BaseAddress := this.getModuleBaseAddress()
  53.  
  54. if this.BaseAddress < 0 || !this.BaseAddress
  55. this.BaseAddress := this.getProcessBaseAddress(program, windowMatchMode)
  56.  
  57. return this
  58. }
  59. }
  60. return
  61. }
  62.  
  63. __delete()
  64. {
  65. this.closeHandle(this.hProcess)
  66. return
  67. }
  68.  
  69. version()
  70. {
  71. return 2.6
  72. }
  73.  
  74. findPID(program, windowMatchMode := "3")
  75. {
  76. if windowMatchMode
  77. {
  78. mode := A_TitleMatchMode
  79. StringReplace, windowMatchMode, windowMatchMode, 0x
  80. SetTitleMatchMode, %windowMatchMode%
  81. }
  82. WinGet, pid, pid, %program%
  83. if windowMatchMode
  84. SetTitleMatchMode, %mode%
  85. return pid ? pid : 0
  86. }
  87. openProcess(PID, dwDesiredAccess)
  88. {
  89. return DllCall("OpenProcess", "UInt", dwDesiredAccess, "Int", False, "UInt", PID, "Ptr")
  90. }
  91. closeHandle(hProcess)
  92. {
  93. return DllCall("CloseHandle", "Ptr", hProcess)
  94. }
  95. read(address, type := "UInt", aOffsets*)
  96. {
  97. if !this.aTypeSize.hasKey(type)
  98. return "", ErrorLevel := -2
  99. if DllCall("ReadProcessMemory", "Ptr", this.hProcess, "Ptr", aOffsets.maxIndex() ? this.getAddressFromOffsets(address, aOffsets*) : address, type "*", result, "Ptr", this.aTypeSize[type], "Ptr",0)
  100. return result
  101. return
  102. }
  103. readRaw(address, byRef buffer, bytes := 4, aOffsets*)
  104. {
  105. VarSetCapacity(buffer, bytes)
  106. return DllCall("ReadProcessMemory", "Ptr", this.hProcess, "Ptr", aOffsets.maxIndex() ? this.getAddressFromOffsets(address, aOffsets*) : address, "Ptr", &buffer, "Ptr", bytes, "Ptr", 0)
  107. }
  108. readString(address, sizeBytes := 0, encoding := "UTF-8", aOffsets*)
  109. {
  110. bufferSize := VarSetCapacity(buffer, sizeBytes ? sizeBytes : 100, 0)
  111. this.ReadStringLastError := False
  112. if aOffsets.maxIndex()
  113. address := this.getAddressFromOffsets(address, aOffsets*)
  114. if !sizeBytes
  115. {
  116. if (encoding = "utf-16" || encoding = "cp1200")
  117. encodingSize := 2, charType := "UShort", loopCount := 2
  118. else encodingSize := 1, charType := "Char", loopCount := 4
  119. Loop
  120. {
  121. if !DllCall("ReadProcessMemory", "Ptr", this.hProcess, "Ptr", address + ((outterIndex := A_index) - 1) * 4, "Ptr", &buffer, "Ptr", 4, "Ptr", 0) || ErrorLevel
  122. return "", this.ReadStringLastError := True
  123. else loop, %loopCount%
  124. {
  125. if NumGet(buffer, (A_Index - 1) * encodingSize, charType) = 0
  126. {
  127. if (bufferSize < sizeBytes := outterIndex * 4 - (4 - A_Index * encodingSize))
  128. VarSetCapacity(buffer, sizeBytes)
  129. break, 2
  130. }
  131. }
  132. }
  133. }
  134. if DllCall("ReadProcessMemory", "Ptr", this.hProcess, "Ptr", address, "Ptr", &buffer, "Ptr", sizeBytes, "Ptr", 0)
  135. return StrGet(&buffer,, encoding)
  136. return "", this.ReadStringLastError := True
  137. }
  138. writeString(address, string, encoding := "utf-8", aOffsets*)
  139. {
  140. encodingSize := (encoding = "utf-16" || encoding = "cp1200") ? 2 : 1
  141. requiredSize := StrPut(string, encoding) * encodingSize - (this.insertNullTerminator ? 0 : encodingSize)
  142. VarSetCapacity(buffer, requiredSize)
  143. StrPut(string, &buffer, StrLen(string) + (this.insertNullTerminator ? 1 : 0), encoding)
  144. return DllCall("WriteProcessMemory", "Ptr", this.hProcess, "Ptr", aOffsets.maxIndex() ? this.getAddressFromOffsets(address, aOffsets*) : address, "Ptr", &buffer, "Ptr", requiredSize, "Ptr", 0)
  145. }
  146. write(address, value, type := "Uint", aOffsets*)
  147. {
  148. if !this.aTypeSize.hasKey(type)
  149. return "", ErrorLevel := -2
  150. return DllCall("WriteProcessMemory", "Ptr", this.hProcess, "Ptr", aOffsets.maxIndex() ? this.getAddressFromOffsets(address, aOffsets*) : address, type "*", value, "Ptr", this.aTypeSize[type], "Ptr", 0)
  151. }
  152. writeRaw(address, pBuffer, sizeBytes, aOffsets*)
  153. {
  154. return DllCall("WriteProcessMemory", "Ptr", this.hProcess, "Ptr", aOffsets.maxIndex() ? this.getAddressFromOffsets(address, aOffsets*) : address, "Ptr", pBuffer, "Ptr", sizeBytes, "Ptr", 0)
  155. }
  156. pointer(address, finalType := "UInt", offsets*)
  157. {
  158. For index, offset in offsets
  159. address := this.Read(address, this.ptrType) + offset
  160. Return this.Read(address, finalType)
  161. }
  162. getAddressFromOffsets(address, aOffsets*)
  163. {
  164. return aOffsets.Remove() + this.pointer(address, this.ptrType, aOffsets*)
  165. }
  166. getProcessBaseAddress(windowTitle, windowMatchMode := "3")
  167. {
  168. if (windowMatchMode && A_TitleMatchMode != windowMatchMode)
  169. {
  170. mode := A_TitleMatchMode
  171. StringReplace, windowMatchMode, windowMatchMode, 0x
  172. SetTitleMatchMode, %windowMatchMode%
  173. }
  174. WinGet, hWnd, ID, %WindowTitle%
  175. if mode
  176. SetTitleMatchMode, %mode%
  177. if !hWnd
  178. return
  179. return DllCall(A_PtrSize = 4
  180. ? "GetWindowLong"
  181. : "GetWindowLongPtr"
  182. , "Ptr", hWnd, "Int", -6, A_Is64bitOS ? "Int64" : "UInt")
  183. }
  184. getModuleBaseAddress(module := "", byRef aModuleInfo := "")
  185. {
  186. if (A_PtrSize = 4 && this.IsTarget64bit)
  187. return -4
  188. if (module = "")
  189. mainExeFullPath := this.GetModuleFileNameEx()
  190. if !moduleCount := this.EnumProcessModulesEx(lphModule)
  191. return -3
  192. loop % moduleCount
  193. {
  194. moduleFullPath := this.GetModuleFileNameEx(hModule := numget(lphModule, (A_index - 1) * A_PtrSize))
  195. SplitPath, moduleFullPath, fileName
  196. if (module = "" && mainExeFullPath = moduleFullPath) || (module != "" && module = filename)
  197. return this.GetModuleInformation(hModule, aModuleInfo) ? aModuleInfo.lpBaseOfDll : -5
  198. }
  199. return -1
  200. }
  201. setSeDebugPrivilege(enable := True)
  202. {
  203. h := DllCall("OpenProcess", "UInt", 0x0400, "Int", false, "UInt", DllCall("GetCurrentProcessId"), "Ptr")
  204. DllCall("Advapi32.dll\OpenProcessToken", "Ptr", h, "UInt", 32, "PtrP", t)
  205. VarSetCapacity(ti, 16, 0)
  206. NumPut(1, ti, 0, "UInt")
  207. DllCall("Advapi32.dll\LookupPrivilegeValue", "Ptr", 0, "Str", "SeDebugPrivilege", "Int64P", luid)
  208. NumPut(luid, ti, 4, "Int64")
  209. if enable
  210. NumPut(2, ti, 12, "UInt")
  211. r := DllCall("Advapi32.dll\AdjustTokenPrivileges", "Ptr", t, "Int", false, "Ptr", &ti, "UInt", 0, "Ptr", 0, "Ptr", 0)
  212. DllCall("CloseHandle", "Ptr", t)
  213. DllCall("CloseHandle", "Ptr", h)
  214. return r
  215. }
  216. isTargetProcess64Bit(PID, hProcess := "", currentHandleAccess := "")
  217. {
  218. if !A_Is64bitOS
  219. return False
  220. else if !hProcess || !(currentHandleAccess & (this.aRights.PROCESS_QUERY_INFORMATION | this.aRights.PROCESS_QUERY_LIMITED_INFORMATION))
  221. closeHandle := hProcess := this.openProcess(PID, this.aRights.PROCESS_QUERY_INFORMATION)
  222. if (hProcess && DllCall("IsWow64Process", "Ptr", hProcess, "Int*", Wow64Process))
  223. result := !Wow64Process
  224. return result, closeHandle ? this.CloseHandle(hProcess) : ""
  225. }
  226. suspend()
  227. {
  228. return DllCall("ntdll\NtSuspendProcess", "Ptr", this.hProcess)
  229. }
  230.  
  231. resume()
  232. {
  233. return DllCall("ntdll\NtResumeProcess", "Ptr", this.hProcess)
  234. }
  235.  
  236. getModules(byRef aModules, useFileNameAsKey := False)
  237. {
  238. if (A_PtrSize = 4 && this.IsTarget64bit)
  239. return -4
  240. aModules := []
  241. if !moduleCount := this.EnumProcessModulesEx(lphModule)
  242. return -3
  243. loop % moduleCount
  244. {
  245. this.GetModuleInformation(hModule := numget(lphModule, (A_index - 1) * A_PtrSize), aModuleInfo)
  246. aModuleInfo.Name := this.GetModuleFileNameEx(hModule)
  247. filePath := aModuleInfo.Name
  248. SplitPath, filePath, fileName
  249. aModuleInfo.fileName := fileName
  250. if useFileNameAsKey
  251. aModules[fileName] := aModuleInfo
  252. else aModules.insert(aModuleInfo)
  253. }
  254. return moduleCount
  255. }
  256.  
  257. getEndAddressOfLastModule(byRef aModuleInfo := "")
  258. {
  259. if !moduleCount := this.EnumProcessModulesEx(lphModule)
  260. return -3
  261. hModule := numget(lphModule, (moduleCount - 1) * A_PtrSize)
  262. if this.GetModuleInformation(hModule, aModuleInfo)
  263. return aModuleInfo.lpBaseOfDll + aModuleInfo.SizeOfImage
  264. return -5
  265. }
  266. GetModuleFileNameEx(hModule := 0)
  267. {
  268. VarSetCapacity(lpFilename, 2048 * (A_IsUnicode ? 2 : 1))
  269. DllCall("psapi\GetModuleFileNameEx"
  270. , "Ptr", this.hProcess
  271. , "Ptr", hModule
  272. , "Str", lpFilename
  273. , "Uint", 2048 / (A_IsUnicode ? 2 : 1))
  274. return lpFilename
  275. }
  276. EnumProcessModulesEx(byRef lphModule, dwFilterFlag := 0x03)
  277. {
  278. size := VarSetCapacity(lphModule, 4)
  279. loop
  280. {
  281. DllCall("psapi\EnumProcessModulesEx"
  282. , "Ptr", this.hProcess
  283. , "Ptr", &lphModule
  284. , "Uint", size
  285. , "Uint*", reqSize
  286. , "Uint", dwFilterFlag)
  287. if ErrorLevel
  288. return 0
  289. else if (size >= reqSize)
  290. break
  291. else size := VarSetCapacity(lphModule, reqSize)
  292. }
  293. return reqSize // A_PtrSize
  294. }
  295.  
  296. GetModuleInformation(hModule, byRef aModuleInfo)
  297. {
  298. VarSetCapacity(MODULEINFO, A_PtrSize * 3), aModuleInfo := []
  299. return DllCall("psapi\GetModuleInformation"
  300. , "Ptr", this.hProcess
  301. , "Ptr", hModule
  302. , "Ptr", &MODULEINFO
  303. , "UInt", A_PtrSize * 3)
  304. , aModuleInfo := { lpBaseOfDll: numget(MODULEINFO, 0, "Ptr")
  305. , SizeOfImage: numget(MODULEINFO, A_PtrSize, "UInt")
  306. , EntryPoint: numget(MODULEINFO, A_PtrSize * 2, "Ptr") }
  307. }
  308. hexStringToPattern(hexString)
  309. {
  310. AOBPattern := []
  311. hexString := RegExReplace(hexString, "(\s|0x)")
  312. StringReplace, hexString, hexString, ?, ?, UseErrorLevel
  313. wildCardCount := ErrorLevel
  314.  
  315. if !length := StrLen(hexString)
  316. return -1
  317. else if RegExMatch(hexString, "[^0-9a-fA-F?]")
  318. return -2
  319. else if Mod(wildCardCount, 2)
  320. return -3
  321. else if Mod(length, 2)
  322. return -4
  323. loop, % length/2
  324. {
  325. value := "0x" SubStr(hexString, 1 + 2 * (A_index-1), 2)
  326. AOBPattern.Insert(value + 0 = "" ? "?" : value)
  327. }
  328. return AOBPattern
  329. }
  330. stringToPattern(string, encoding := "UTF-8", insertNullTerminator := False)
  331. {
  332. if !length := StrLen(string)
  333. return -1
  334. AOBPattern := []
  335. encodingSize := (encoding = "utf-16" || encoding = "cp1200") ? 2 : 1
  336. requiredSize := StrPut(string, encoding) * encodingSize - (insertNullTerminator ? 0 : encodingSize)
  337. VarSetCapacity(buffer, requiredSize)
  338. StrPut(string, &buffer, length + (insertNullTerminator ? 1 : 0), encoding)
  339. loop, % requiredSize
  340. AOBPattern.Insert(NumGet(buffer, A_Index-1, "UChar"))
  341. return AOBPattern
  342. }
  343. modulePatternScan(module := "", aAOBPattern*)
  344. {
  345. MEM_COMMIT := 0x1000, MEM_MAPPED := 0x40000, MEM_PRIVATE := 0x20000
  346. , PAGE_NOACCESS := 0x01, PAGE_GUARD := 0x100
  347.  
  348. if (result := this.getModuleBaseAddress(module, aModuleInfo)) <= 0
  349. return "", ErrorLevel := result
  350. if !patternSize := this.getNeedleFromAOBPattern(patternMask, AOBBuffer, aAOBPattern*)
  351. return -10
  352. if (result := this.PatternScan(aModuleInfo.lpBaseOfDll, aModuleInfo.SizeOfImage, patternMask, AOBBuffer)) >= 0
  353. return result
  354. address := aModuleInfo.lpBaseOfDll
  355. endAddress := address + aModuleInfo.SizeOfImage
  356. loop
  357. {
  358. if !this.VirtualQueryEx(address, aRegion)
  359. return -9
  360. if (aRegion.State = MEM_COMMIT
  361. && !(aRegion.Protect & (PAGE_NOACCESS | PAGE_GUARD)) ; can't read these areas
  362. && aRegion.RegionSize >= patternSize
  363. && (result := this.PatternScan(address, aRegion.RegionSize, patternMask, AOBBuffer)) > 0)
  364. return result
  365. } until (address += aRegion.RegionSize) >= endAddress
  366. return 0
  367. }
  368. addressPatternScan(startAddress, sizeOfRegionBytes, aAOBPattern*)
  369. {
  370. if !this.getNeedleFromAOBPattern(patternMask, AOBBuffer, aAOBPattern*)
  371. return -10
  372. return this.PatternScan(startAddress, sizeOfRegionBytes, patternMask, AOBBuffer)
  373. }
  374. processPatternScan(startAddress := 0, endAddress := 0x7FFFFFFF, aAOBPattern*)
  375. {
  376. address := startAddress
  377. MEM_COMMIT := 0x1000, MEM_MAPPED := 0x40000, MEM_PRIVATE := 0x20000
  378. PAGE_NOACCESS := 0x01, PAGE_GUARD := 0x100
  379. if !patternSize := this.getNeedleFromAOBPattern(patternMask, AOBBuffer, aAOBPattern*)
  380. return -10
  381. while address <= endAddress
  382. {
  383. if !this.VirtualQueryEx(address, aInfo)
  384. return -1
  385. if A_Index = 1
  386. aInfo.RegionSize -= address - aInfo.BaseAddress
  387. if (aInfo.State = MEM_COMMIT)
  388. && !(aInfo.Protect & (PAGE_NOACCESS | PAGE_GUARD))
  389.  
  390. && aInfo.RegionSize >= patternSize
  391. && (result := this.PatternScan(address, aInfo.RegionSize, patternMask, AOBBuffer))
  392. {
  393. if result < 0
  394. return -2
  395. else if (result + patternSize - 1 <= endAddress)
  396. return result
  397. else return 0
  398. }
  399. address += aInfo.RegionSize
  400. }
  401. return 0
  402. }
  403. rawPatternScan(byRef buffer, sizeOfBufferBytes := "", startOffset := 0, aAOBPattern*)
  404. {
  405. if !this.getNeedleFromAOBPattern(patternMask, AOBBuffer, aAOBPattern*)
  406. return -10
  407. if (sizeOfBufferBytes + 0 = "" || sizeOfBufferBytes <= 0)
  408. sizeOfBufferBytes := VarSetCapacity(buffer)
  409. if (startOffset + 0 = "" || startOffset < 0)
  410. startOffset := 0
  411. return this.bufferScanForMaskedPattern(&buffer, sizeOfBufferBytes, patternMask, &AOBBuffer, startOffset)
  412. }
  413. getNeedleFromAOBPattern(byRef patternMask, byRef needleBuffer, aAOBPattern*)
  414. {
  415. patternMask := "", VarSetCapacity(needleBuffer, aAOBPattern.MaxIndex())
  416. for i, v in aAOBPattern
  417. patternMask .= (v + 0 = "" ? "?" : "x"), NumPut(round(v), needleBuffer, A_Index - 1, "UChar")
  418. return round(aAOBPattern.MaxIndex())
  419. }
  420. VirtualQueryEx(address, byRef aInfo)
  421. {
  422.  
  423. if (aInfo.__Class != "_ClassMemory._MEMORY_BASIC_INFORMATION")
  424. aInfo := new this._MEMORY_BASIC_INFORMATION()
  425. return aInfo.SizeOfStructure = DLLCall("VirtualQueryEx"
  426. , "Ptr", this.hProcess
  427. , "Ptr", address
  428. , "Ptr", aInfo.pStructure
  429. , "Ptr", aInfo.SizeOfStructure
  430. , "Ptr")
  431. }
  432. patternScan(startAddress, sizeOfRegionBytes, byRef patternMask, byRef needleBuffer)
  433. {
  434. if !this.readRaw(startAddress, buffer, sizeOfRegionBytes)
  435. return -1
  436. if (offset := this.bufferScanForMaskedPattern(&buffer, sizeOfRegionBytes, patternMask, &needleBuffer)) >= 0
  437. return startAddress + offset
  438. else return 0
  439. }
  440. bufferScanForMaskedPattern(hayStackAddress, sizeOfHayStackBytes, byRef patternMask, needleAddress, startOffset := 0)
  441. {
  442. static p
  443. if !p
  444. {
  445. if A_PtrSize = 4
  446. p := this.MCode("1,x86:8B44240853558B6C24182BC5568B74242489442414573BF0773E8B7C241CBB010000008B4424242BF82BD8EB038D49008B54241403D68A0C073A0A740580383F750B8D0C033BCD74174240EBE98B442424463B74241876D85F5E5D83C8FF5BC35F8BC65E5D5BC3")
  447. else
  448. p := this.MCode("1,x64:48895C2408488974241048897C2418448B5424308BF2498BD8412BF1488BF9443BD6774A4C8B5C24280F1F800000000033C90F1F400066660F1F840000000000448BC18D4101418D4AFF03C80FB60C3941380C18740743803C183F7509413BC1741F8BC8EBDA41FFC2443BD676C283C8FF488B5C2408488B742410488B7C2418C3488B5C2408488B742410488B7C2418418BC2C3")
  449. }
  450. if (needleSize := StrLen(patternMask)) + startOffset > sizeOfHayStackBytes
  451. return -1
  452. if (sizeOfHayStackBytes > 0)
  453. return DllCall(p, "Ptr", hayStackAddress, "UInt", sizeOfHayStackBytes, "Ptr", needleAddress, "UInt", needleSize, "AStr", patternMask, "UInt", startOffset, "cdecl int")
  454. return -2
  455. }
  456. MCode(mcode)
  457. {
  458. static e := {1:4, 2:1}, c := (A_PtrSize=8) ? "x64" : "x86"
  459. if !regexmatch(mcode, "^([0-9]+),(" c ":|.*?," c ":)([^,]+)", m)
  460. return
  461. if !DllCall("crypt32\CryptStringToBinary", "str", m3, "uint", 0, "uint", e[m1], "ptr", 0, "uint*", s, "ptr", 0, "ptr", 0)
  462. return
  463. p := DllCall("GlobalAlloc", "uint", 0, "ptr", s, "ptr")
  464. DllCall("VirtualProtect", "ptr", p, "ptr", s, "uint", 0x40, "uint*", op)
  465. if DllCall("crypt32\CryptStringToBinary", "str", m3, "uint", 0, "uint", e[m1], "ptr", p, "uint*", s, "ptr", 0, "ptr", 0)
  466. return p
  467. DllCall("GlobalFree", "ptr", p)
  468. return
  469. }
  470. class _MEMORY_BASIC_INFORMATION
  471. {
  472. __new()
  473. {
  474. if !this.pStructure := DllCall("GlobalAlloc", "UInt", 0, "Ptr", this.SizeOfStructure := A_PtrSize = 8 ? 48 : 28, "Ptr")
  475. return ""
  476. return this
  477. }
  478. __Delete()
  479. {
  480. DllCall("GlobalFree", "Ptr", this.pStructure)
  481. }
  482. __get(key)
  483. {
  484. static aLookUp := A_PtrSize = 8
  485. ? { "BaseAddress": {"Offset": 0, "Type": "Int64"}
  486. , "AllocationBase": {"Offset": 8, "Type": "Int64"}
  487. , "AllocationProtect": {"Offset": 16, "Type": "UInt"}
  488. , "RegionSize": {"Offset": 24, "Type": "Int64"}
  489. , "State": {"Offset": 32, "Type": "UInt"}
  490. , "Protect": {"Offset": 36, "Type": "UInt"}
  491. , "Type": {"Offset": 40, "Type": "UInt"} }
  492. : { "BaseAddress": {"Offset": 0, "Type": "UInt"}
  493. , "AllocationBase": {"Offset": 4, "Type": "UInt"}
  494. , "AllocationProtect": {"Offset": 8, "Type": "UInt"}
  495. , "RegionSize": {"Offset": 12, "Type": "UInt"}
  496. , "State": {"Offset": 16, "Type": "UInt"}
  497. , "Protect": {"Offset": 20, "Type": "UInt"}
  498. , "Type": {"Offset": 24, "Type": "UInt"} }
  499.  
  500. if aLookUp.HasKey(key)
  501. return numget(this.pStructure+0, aLookUp[key].Offset, aLookUp[key].Type)
  502. }
  503. __set(key, value)
  504. {
  505. static aLookUp := A_PtrSize = 8
  506. ? { "BaseAddress": {"Offset": 0, "Type": "Int64"}
  507. , "AllocationBase": {"Offset": 8, "Type": "Int64"}
  508. , "AllocationProtect": {"Offset": 16, "Type": "UInt"}
  509. , "RegionSize": {"Offset": 24, "Type": "Int64"}
  510. , "State": {"Offset": 32, "Type": "UInt"}
  511. , "Protect": {"Offset": 36, "Type": "UInt"}
  512. , "Type": {"Offset": 40, "Type": "UInt"} }
  513. : { "BaseAddress": {"Offset": 0, "Type": "UInt"}
  514. , "AllocationBase": {"Offset": 4, "Type": "UInt"}
  515. , "AllocationProtect": {"Offset": 8, "Type": "UInt"}
  516. , "RegionSize": {"Offset": 12, "Type": "UInt"}
  517. , "State": {"Offset": 16, "Type": "UInt"}
  518. , "Protect": {"Offset": 20, "Type": "UInt"}
  519. , "Type": {"Offset": 24, "Type": "UInt"} }
  520.  
  521. if aLookUp.HasKey(key)
  522. {
  523. NumPut(value, this.pStructure+0, aLookUp[key].Offset, aLookUp[key].Type)
  524. return value
  525. }
  526. }
  527. Ptr()
  528. {
  529. return this.pStructure
  530. }
  531. sizeOf()
  532. {
  533. return this.SizeOfStructure
  534. }
  535. }
  536.  
  537. }
  538.  
  539. ; Хуйня для работы с памятью кончилась, теперь сам скрипт.
  540.  
  541. IfNotExist, User.ini
  542. {
  543. defaultIni .= "[variables]`n"
  544. defaultIni .= "BF_Key=RButton`n"
  545. FileAppend, %defaultIni%, User.ini, UTF-16
  546. }
  547.  
  548. readFromFile()
  549.  
  550. global BF_Key
  551.  
  552. SetBatchLines, -1
  553. SetFormat, IntegerFast, dec
  554. cliexe:= "PathOfExile_x64.exe"
  555. basePtrPattern:=[0x40, 0x53, 0x48, 0x83, 0xEC, 0x50, 0x48, 0xC7, 0x44, 0x24, 0x20, 0xFE, 0xFF, 0xFF, 0xFF, 0xC7, 0x44, 0x24, 0x60, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x05]
  556. global poe := new _ClassMemory("ahk_exe " . cliexe, "", hProcessCopy)
  557. PatternIsAt:=poe.modulePatternScan(cliexe, basePtrPattern*)-poe.BaseAddress
  558. baseMgrPtr:=poe.read(poe.BaseAddress+PatternIsAt+0x1A, "UInt")+PatternIsAt+0x1E
  559. global testBase:=poe.read(poe.BaseAddress+baseMgrPtr, "Int64", 0x8, 0xf8)
  560. global testBase1:=poe.read(testBase+0x38, "Int64")
  561. global frameBase:=poe.read(poe.BaseAddress+baseMgrPtr, "Int64", 0x8, 0xf8, 0x38)
  562. global IngameState:=frameBase
  563. readPlayerStats(byRef PlayerStats){
  564. InGameData:=poe.read(IngameState+0x160, "Int64")
  565. serverData:=poe.read(IngameState+0x168, "Int64")
  566. inGameNumber:=poe.read(serverData+0x39C8, "Char")
  567. global isProperInGame:=inGameNumber*100/100
  568. if(isProperInGame > 2)
  569. {
  570. LocalPlayer:=poe.read(InGameData+0x180, "Int64")
  571. LPLifeComponent:=poe.read(LocalPlayer+0x8, "Int64", 0x18)
  572. poe.readRaw(LPLifeComponent, LifeStructure, 0xB8)
  573. FlaskBase:=poe.read(serverData,"Int64")+0x240+0x948+0xA00+0x20
  574.  
  575. BuffListStart:=poe.read(LPLifeComponent+0xD8, "Int64")
  576. BuffListEnd:=poe.read(LPLifeComponent+0xE0, "Int64")
  577. global BuffAmount:=((BuffListEnd-BuffListStart)/8)
  578. PlayerStats.BuffAmount:=((BuffListEnd-BuffListStart)/8)
  579.  
  580. Loop, %BuffAmount%
  581. {
  582. BuffBasePtr:=poe.read(BuffListStart+((A_Index-1)*8), "Int64", 8)
  583. BuffNamePtr:=poe.read(BuffBasePtr+8, "Int64", 0)
  584. BuffNameStr:=poe.readString(BuffNamePtr, length:=0, encoding := "utf-16")
  585. PlayerStats.BuffName[A_Index]:=BuffNameStr
  586. BuffCharges:=poe.read(BuffBasePtr+0x28)
  587. PlayerStats.BuffCharges[A_Index]:=BuffCharges
  588. BuffTimer:=poe.read(BuffBasePtr+0x14, "Float")
  589. PlayerStats.BuffTimer[A_Index]:=BuffTimer
  590. }
  591. curHP:=NumGet(LifeStructure, 0x54, "UInt")
  592. curCI:=NumGet(LifeStructure, 0xB4, "UInt")
  593. maxCI:=NumGet(LifeStructure, 0xB0, "UInt")
  594. resHP:=NumGet(LifeStructure, 0x60, "Uint")
  595. maxHP:=NumGet(LifeStructure, 0x50, "UInt")
  596. curMana:=NumGet(LifeStructure, 0x84, "UInt")
  597. resMana:=NumGet(LifeStructure, 0x90, "Uint")
  598. maxMana:=NumGet(LifeStructure, 0x80, "UInt")
  599. if(maxHP>0 and curHP>0)
  600. {
  601. PlayerStats.hpres:=resHP*100/100
  602. PlayerStats.hp:=(curHP*100)/100/maxHP*100
  603. PlayerStats.ci:=(curCI*100)/100/maxCI*100
  604. PlayerStats.mp:=(curMana*100)/100/maxMana*100
  605. }
  606. else
  607. {
  608. PlayerStats.hp:=0
  609. PlayerStats.ci:=0
  610. PlayerStats.mp:=0
  611. }
  612. }
  613. }
  614.  
  615. RandSleep(x,y) {
  616. Random, rand, %x%, %y%
  617. Sleep, %rand%
  618. }
  619.  
  620. dropDownTable = Q|W|E|R|T|RButton
  621.  
  622. Gui, Add, Button, x333 y2 w70 h20 gupdateEverything, Сохранить
  623. Gui Add, Tab2, vTab x4 y2 w400 h396 -wrap, Фласки|Абилки
  624. Gui, Tab, 1
  625.  
  626.  
  627. Gui, Tab, 2
  628. yset:=30
  629. Gui, Add, GroupBox, x7 y%yset% w120 h45, BladeFlurry Key
  630. yset+=15
  631. Gui, Add, ComboBox, vBF_Key x15 y%yset% w100 h120, %dropDownTable%
  632.  
  633. Menu, Tray, Add, Настройки POEShrek, showgui
  634. Gui, Show,, Settings
  635.  
  636. IfExist, User.ini
  637. {
  638. Iniread, BF_Key, User.ini, variables, BF_Key
  639. BF_Key_var := BF_Key
  640. GuiControl, ChooseString, BF_Key, %BF_Key_var%
  641. }
  642.  
  643.  
  644. ;DEBUG GUI
  645. Gui, 2:Add, GroupBox, x5 y0 w300 h300 , Статистика
  646. ypos := 25
  647. Gui, 2:Add, Text, x15 y%ypos% w155, Мана
  648. Gui, 2:Add, Edit, Disabled vMaxMANAvar x140 y%ypos% w150, nope
  649. ypos := 25
  650. Gui, 2:Add, Text, x15 y%ypos% w155, Buff Amount
  651. Gui, 2:Add, Edit, Disabled vBuffAmountvar x140 y%ypos% w150, nope
  652. ypos += 25
  653. Loop, 8
  654. {
  655. Gui, 2:Add, Text, x15 y%ypos% w155, Buff %A_Index% Название
  656. Gui, 2:Add, Edit, Disabled vBuff%A_Index%Namevar x140 y%ypos% w150, nope
  657. ypos += 25
  658. Gui, 2:Add, Text, x15 y%ypos% w155, Buff %A_Index% Заряды
  659. Gui, 2:Add, Edit, Disabled vBuff%A_Index%Chargesvar x140 y%ypos% w150, nope
  660. ypos += 25
  661. Gui, 2:Add, Text, x15 y%ypos% w155, Buff %A_Index% Время
  662. Gui, 2:Add, Edit, Disabled vBuff%A_Index%Timervar x140 y%ypos% w150, nope
  663. ypos += 25
  664. }
  665.  
  666.  
  667. ;Gui, 2:Show,,DEBUG
  668.  
  669.  
  670. PlayerStats:=Object()
  671. BF_timer:=0
  672. Loop
  673. {
  674. readPlayerStats(PlayerStats)
  675. IfWinActive, Path of Exile ahk_class POEWindowClass
  676. {
  677. PlayerHP:=PlayerStats.hp
  678. PlayerMP:=PlayerStats.mp
  679. PlayerCI:=PlayerStats.ci
  680.  
  681. loop, %BuffAmount%
  682. {
  683. BuffTimer:=PlayerStats.BuffTimer[A_Index]
  684. BuffCharges:=PlayerStats.BuffCharges[A_Index]
  685. If InStr(playerstats.BuffName[A_Index], "charged_attack")
  686. {
  687. if(BuffCharges>=6 and A_TickCount - BF_timer > 500)
  688. {
  689. if not BF_Key == "RButton"
  690. {
  691. if GetKeyState(%BF_Key%, "P")
  692. {
  693. Sendinput, {%BF_Key% Up}
  694. Sendinput, {%BF_Key% Down}
  695. }
  696. else
  697. {
  698. Sendinput, {%BF_Key% Up}
  699. }
  700. }
  701. else
  702. {
  703. if GetKeyState("RButton", "P")
  704. {
  705. Sendinput, {RButton Up}
  706. Sendinput, {RButton Down}
  707. }
  708. else
  709. {
  710. Sendinput, {RButton Up}
  711. }
  712. }
  713. BF_timer := A_TickCount
  714. }
  715. continue
  716. }
  717. }
  718. }
  719.  
  720. IfWinExist, DEBUG
  721. {
  722. MaxMANAvalue:=PlayerStats.mp
  723. GuiControl,2: , MaxMANAvar , %MaxMANAvalue%
  724. BuffAmountvalue:=%BuffAmount%
  725. GuiControl,2: , BuffAmountvar , %BuffAmountvalue%
  726.  
  727. Loop, %BuffAmount%
  728. {
  729. BuffName%A_Index%value:=PlayerStats.BuffName[A_Index]
  730. value:=BuffName%A_Index%value
  731. GuiControl,2: , Buff%A_Index%Namevar , %value%
  732. BuffCharges%A_Index%value:=PlayerStats.BuffCharges[A_Index]
  733. value:=BuffCharges%A_Index%value
  734. GuiControl,2: , Buff%A_Index%Chargesvar , %value%
  735. BuffTimer%A_Index%value:=PlayerStats.BuffTimer[A_Index]
  736. value:=BuffTimer%A_Index%value
  737. If (value=2139095040)
  738. {
  739. GuiControl,2: , Buff%A_Index%Timervar , Infinite
  740. }
  741. Else
  742. {
  743. GuiControl,2: , Buff%A_Index%Timervar , %value%
  744. }
  745. Sleep, 1
  746. }
  747.  
  748. }
  749.  
  750. Sleep, 50
  751. }
  752.  
  753. readFromFile(){
  754. global
  755. IniRead, BF_Key, User.ini, variables, BF_Key %A_Space%
  756. Return
  757. }
  758. submit(){
  759. updateEverything:
  760. global
  761. Gui, Submit
  762. IniWrite, %BF_Key%, User.ini, variables, BF_Key %A_Space%
  763. readFromFile()
  764. Gui, 1:Show,, Settings
  765. return
  766.  
  767. showgui:
  768. Gui, 1:Show,, Settings
  769. return
  770.  
  771. showgui2:
  772. Gui, 2:Show,, DEBUG
  773. return
  774. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!