API tools faq
paste
Advertisement
Firex

AutoIt FMemory UDF

Firex
Dec 31st, 2014
319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 7.12 KB | None | 0 0
raw download clone embed print report
  1. #include-once
  2. #Region _FMemory64
  3. ;==================================================================================
  4. ; AutoIt Version:   3.3.8.1
  5. ; UDF Version:      2.02
  6. ; Language:         English
  7. ; Platform:         All Windows
  8. ; Author:           Firex
  9. ;==================================================================================
  10. ; Credits:  NoMad - These function are based on his original NoMadMemory_UDF.
  11.  
  12. Global $FMem_hMem = -1
  13. Global $FMem_hDll = -1
  14. Global $FMem_aDef[1] = [ 0 ]
  15. Global $FMem_tPointer = DllStructCreate( "int" ), _
  16.     $FMem_pPointer = DllStructGetPtr( $FMem_tPointer ), _
  17.     $FMem_iPointer = DllStructGetSize( $FMem_tPointer )
  18.  
  19. ;==================================================================================
  20. Func _FMem_Open( $iPid, $iDesiredAccess = 0x1F0FFF, $iInheritHandle = 1 )
  21.     If Not ProcessExists($iPid) Then _
  22.         Return SetError( 1, 0, 0 )
  23.  
  24.     $FMem_hDll = DllOpen('kernel32.dll')
  25.     If @Error Then _
  26.         Return SetError( 2, 0, 0 )
  27.  
  28.     Local $aOpenProcess = DllCall( $FMem_hDll, "handle", "OpenProcess", "dword", $iDesiredAccess, "bool", $iInheritHandle, "dword", $iPid )
  29.     If @Error Then
  30.         DllClose( $FMem_hDll )
  31.         Return SetError( 3 + @Error, 0 )
  32.     EndIf
  33.     $FMem_hMem = $aOpenProcess[0]
  34.     Return True
  35. EndFunc
  36.  
  37. Func _FMem_Read( $iAddress, $pStruct, $iSize ) ;Return Bool && pStruct
  38.     Local $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pStruct,"ulong_ptr",$iSize,"ulong_ptr*",0 )
  39.     If Not @Error And $aRet[0] Then _
  40.         Return True
  41.  
  42.     Return SetError( 1 + @Error, 0, 0 )
  43. EndFunc
  44.  
  45. Func _FMem_Read2( $iAddress, $sStruct, $iRet = 1 ) ;Return tBuffer[1] || tBuffer
  46.     Local $aRet, $tBuffer = DllStructCreate( $sStruct ), _
  47.         $pBuffer = DllStructGetPtr( $tBuffer ), _
  48.         $iSize = DllStructGetSize( $tBuffer )
  49.     ; ---
  50.     $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pBuffer,"ulong_ptr",$iSize,"ulong_ptr*",0 )
  51.     If Not @Error And $aRet[0] Then
  52.         If $iRet Then _
  53.             Return DllStructGetData( $tBuffer, 1 )
  54.  
  55.         Return $tBuffer
  56.     EndIf
  57.     Return SetError( 1 + @Error, 0, 0 )
  58. EndFunc
  59.  
  60. Func _FMem_ReadArray( $iAddress, $iCount, $sElemTag, $iElemSize ) ;Return aArr(iCount) || FMem_aDef(1)
  61.     If Not $iCount Then _
  62.         Return SetError( 1, 0, $FMem_aDef )
  63.  
  64.     Local $Idx, $tElem, $tBuffer, $pBuffer, $iSize, $aRet, $aArr[$iCount]
  65.     ; ---
  66.     $iSize = $iElemSize * $iCount
  67.     $tBuffer = DllStructCreate( "byte[" & $iSize & "]" )
  68.     $pBuffer = DllStructGetPtr( $tBuffer )
  69.  
  70.     $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pBuffer,"ulong_ptr",$iSize,"ulong_ptr*",0 )
  71.     If Not @Error And $aRet[0] Then
  72.         For $Idx = 0 To $iCount - 1 Step 1
  73.             $tElem = DllStructCreate( $sElemTag, $pBuffer + ( $Idx * $iElemSize ) )
  74.             $aArr[$Idx] = DllStructGetData( $tElem, 1 )
  75.         Next
  76.         ; *
  77.         Return $aArr
  78.     EndIf
  79.     Return SetError( 1 + @Error, 0, $FMem_aDef )
  80. EndFunc
  81.  
  82. Func _FMem_ReadPointer( $iAddress ) ;Return FMem_tPointer[1]
  83.     Local $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$FMem_pPointer,"ulong_ptr",$FMem_iPointer,"ulong_ptr*",0 )
  84.     If Not @Error And $aRet[0] Then _
  85.         Return DllStructGetData( $FMem_tPointer, 1 )
  86.  
  87.     Return SetError( 1 + @Error, 0, 0 )
  88. EndFunc
  89.  
  90. Func _FMem_ReadPointer2( $iAddress, $iOfs1, $iOfs2 = -1, $iOfs3 = -1, $iOfs4 = -1, $iOfs5 = -1, $iOfs6 = -1 )
  91.     Local $aOfs[6] = [$iOfs1, $iOfs2, $iOfs3, $iOfs4, $iOfs5, $iOfs6 ], $Idx
  92.     ; ---
  93.     For $Idx = 0 To @NumParams - 2 Step 1
  94.         $iAddress = _FMem_ReadPointer( $iAddress ) + $aOfs[$Idx]
  95.     Next
  96.     Return _FMem_ReadPointer( $iAddress )
  97. EndFunc
  98.  
  99. Func _FMem_Close()
  100.     If $FMem_hDll = -1 Or $FMem_hMem = -1 Then _
  101.         Return SetError(1,0,0)
  102.  
  103.     DllCall($FMem_hDll, 'int', 'CloseHandle', 'int', $FMem_hMem)
  104.     DllClose($FMem_hDll)
  105.  
  106.     $FMem_hDll = -1
  107.     $FMem_hMem = -1
  108.     ; ----
  109.     Return 1
  110. EndFunc
  111.  
  112. ;==================================================================================
  113. ; Function:         SetPrivilege( $privilege, $fEnable )
  114. ; Description:      Enables (or disables) the $privilege on the current process
  115. ;                   (Probably) requires administrator privileges to run
  116. ;
  117. ; Author(s):        Larry (from autoitscript.com's Forum)
  118. ; Notes(s):
  119. ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
  120. ;==================================================================================
  121. Func FMemStructCreate( $tagStruct, ByRef $pStruct, ByRef $iStruct )
  122.     Local $tStruct = DllStructCreate( $tagStruct )
  123.         $pStruct = DllStructGetPtr( $tStruct )
  124.         $iStruct = DllStructGetSize( $tStruct )
  125.     ; *
  126.     Return $tStruct
  127. EndFunc
  128.  
  129. Func SetPrivilege( $privilege, $fEnable )
  130.     Const $_TOKEN_ADJUST_PRIVILEGES = 0x0020
  131.     Const $_TOKEN_QUERY = 0x0008
  132.     Const $_SE_PRIVILEGE_ENABLED = 0x0002
  133.     Local $hToken, $SP_ret, $nTokens = 1
  134.  
  135.     If IsArray($privilege) Then _
  136.         $nTokens = UBound($privilege)
  137.  
  138.     Local $LUID = DLLStructCreate("dword;int")
  139.     Local $_TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
  140.     Local $_NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
  141.  
  142.     Local $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
  143.     Local $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], "int",BitOR($_TOKEN_ADJUST_PRIVILEGES,$_TOKEN_QUERY),"int_ptr",0)
  144.     If $SP_auxret[0] Then
  145.         $hToken = $SP_auxret[3]
  146.         DLLStructSetData($_TOKEN_PRIVILEGES,1,1)
  147.  
  148.         Local $nTokenIndex = 1
  149.         While $nTokenIndex <= $nTokens
  150.             If IsArray($privilege) Then
  151.                 Local $priv = $privilege[$nTokenIndex-1]
  152.             Else
  153.                 Local $priv = $privilege
  154.             EndIf
  155.             Local $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
  156.                     "ptr",DLLStructGetPtr($LUID))
  157.             If $ret[0] Then
  158.                 If $fEnable Then
  159.                     DLLStructSetData($_TOKEN_PRIVILEGES,2,$_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
  160.                 Else
  161.                     DLLStructSetData($_TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
  162.                 EndIf
  163.                 DLLStructSetData($_TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
  164.                 DLLStructSetData($_TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
  165.                 DLLStructSetData($LUID,1,0)
  166.                 DLLStructSetData($LUID,2,0)
  167.             EndIf
  168.             $nTokenIndex += 1
  169.         WEnd
  170.         Local $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
  171.                 "ptr",DllStructGetPtr($_TOKEN_PRIVILEGES),"int",DllStructGetSize($_NEWTOKEN_PRIVILEGES),   _
  172.                 "ptr",DllStructGetPtr($_NEWTOKEN_PRIVILEGES),"int_ptr",0)
  173.         Local $f = DLLCall("kernel32.dll","int","GetLastError")
  174.     EndIf
  175.     $_NEWTOKEN_PRIVILEGES=0
  176.     $_TOKEN_PRIVILEGES=0
  177.     $LUID=0
  178.     If $SP_auxret[0] = 0 Then Return 0
  179.     $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
  180.     If Not $ret[0] And Not $SP_auxret[0] Then Return 0
  181.     return $ret[0]
  182. EndFunc   ;==>SetPrivilege
  183. #EndRegion _FMemory64
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!