Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include-once
- #Region _FMemory64
- ;==================================================================================
- ; AutoIt Version: 3.3.8.1
- ; UDF Version: 2.02
- ; Language: English
- ; Platform: All Windows
- ; Author: Firex
- ;==================================================================================
- ; Credits: NoMad - These function are based on his original NoMadMemory_UDF.
- Global $FMem_hMem = -1
- Global $FMem_hDll = -1
- Global $FMem_aDef[1] = [ 0 ]
- Global $FMem_tPointer = DllStructCreate( "int" ), _
- $FMem_pPointer = DllStructGetPtr( $FMem_tPointer ), _
- $FMem_iPointer = DllStructGetSize( $FMem_tPointer )
- ;==================================================================================
- Func _FMem_Open( $iPid, $iDesiredAccess = 0x1F0FFF, $iInheritHandle = 1 )
- If Not ProcessExists($iPid) Then _
- Return SetError( 1, 0, 0 )
- $FMem_hDll = DllOpen('kernel32.dll')
- If @Error Then _
- Return SetError( 2, 0, 0 )
- Local $aOpenProcess = DllCall( $FMem_hDll, "handle", "OpenProcess", "dword", $iDesiredAccess, "bool", $iInheritHandle, "dword", $iPid )
- If @Error Then
- DllClose( $FMem_hDll )
- Return SetError( 3 + @Error, 0 )
- EndIf
- $FMem_hMem = $aOpenProcess[0]
- Return True
- EndFunc
- Func _FMem_Read( $iAddress, $pStruct, $iSize ) ;Return Bool && pStruct
- Local $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pStruct,"ulong_ptr",$iSize,"ulong_ptr*",0 )
- If Not @Error And $aRet[0] Then _
- Return True
- Return SetError( 1 + @Error, 0, 0 )
- EndFunc
- Func _FMem_Read2( $iAddress, $sStruct, $iRet = 1 ) ;Return tBuffer[1] || tBuffer
- Local $aRet, $tBuffer = DllStructCreate( $sStruct ), _
- $pBuffer = DllStructGetPtr( $tBuffer ), _
- $iSize = DllStructGetSize( $tBuffer )
- ; ---
- $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pBuffer,"ulong_ptr",$iSize,"ulong_ptr*",0 )
- If Not @Error And $aRet[0] Then
- If $iRet Then _
- Return DllStructGetData( $tBuffer, 1 )
- Return $tBuffer
- EndIf
- Return SetError( 1 + @Error, 0, 0 )
- EndFunc
- Func _FMem_ReadArray( $iAddress, $iCount, $sElemTag, $iElemSize ) ;Return aArr(iCount) || FMem_aDef(1)
- If Not $iCount Then _
- Return SetError( 1, 0, $FMem_aDef )
- Local $Idx, $tElem, $tBuffer, $pBuffer, $iSize, $aRet, $aArr[$iCount]
- ; ---
- $iSize = $iElemSize * $iCount
- $tBuffer = DllStructCreate( "byte[" & $iSize & "]" )
- $pBuffer = DllStructGetPtr( $tBuffer )
- $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$pBuffer,"ulong_ptr",$iSize,"ulong_ptr*",0 )
- If Not @Error And $aRet[0] Then
- For $Idx = 0 To $iCount - 1 Step 1
- $tElem = DllStructCreate( $sElemTag, $pBuffer + ( $Idx * $iElemSize ) )
- $aArr[$Idx] = DllStructGetData( $tElem, 1 )
- Next
- ; *
- Return $aArr
- EndIf
- Return SetError( 1 + @Error, 0, $FMem_aDef )
- EndFunc
- Func _FMem_ReadPointer( $iAddress ) ;Return FMem_tPointer[1]
- Local $aRet = DllCall( $FMem_hDll,"bool","ReadProcessMemory","handle",$FMem_hMem,"ptr",$iAddress,"ptr",$FMem_pPointer,"ulong_ptr",$FMem_iPointer,"ulong_ptr*",0 )
- If Not @Error And $aRet[0] Then _
- Return DllStructGetData( $FMem_tPointer, 1 )
- Return SetError( 1 + @Error, 0, 0 )
- EndFunc
- Func _FMem_ReadPointer2( $iAddress, $iOfs1, $iOfs2 = -1, $iOfs3 = -1, $iOfs4 = -1, $iOfs5 = -1, $iOfs6 = -1 )
- Local $aOfs[6] = [$iOfs1, $iOfs2, $iOfs3, $iOfs4, $iOfs5, $iOfs6 ], $Idx
- ; ---
- For $Idx = 0 To @NumParams - 2 Step 1
- $iAddress = _FMem_ReadPointer( $iAddress ) + $aOfs[$Idx]
- Next
- Return _FMem_ReadPointer( $iAddress )
- EndFunc
- Func _FMem_Close()
- If $FMem_hDll = -1 Or $FMem_hMem = -1 Then _
- Return SetError(1,0,0)
- DllCall($FMem_hDll, 'int', 'CloseHandle', 'int', $FMem_hMem)
- DllClose($FMem_hDll)
- $FMem_hDll = -1
- $FMem_hMem = -1
- ; ----
- Return 1
- EndFunc
- ;==================================================================================
- ; Function: SetPrivilege( $privilege, $fEnable )
- ; Description: Enables (or disables) the $privilege on the current process
- ; (Probably) requires administrator privileges to run
- ;
- ; Author(s): Larry (from autoitscript.com's Forum)
- ; Notes(s):
- ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
- ;==================================================================================
- Func FMemStructCreate( $tagStruct, ByRef $pStruct, ByRef $iStruct )
- Local $tStruct = DllStructCreate( $tagStruct )
- $pStruct = DllStructGetPtr( $tStruct )
- $iStruct = DllStructGetSize( $tStruct )
- ; *
- Return $tStruct
- EndFunc
- Func SetPrivilege( $privilege, $fEnable )
- Const $_TOKEN_ADJUST_PRIVILEGES = 0x0020
- Const $_TOKEN_QUERY = 0x0008
- Const $_SE_PRIVILEGE_ENABLED = 0x0002
- Local $hToken, $SP_ret, $nTokens = 1
- If IsArray($privilege) Then _
- $nTokens = UBound($privilege)
- Local $LUID = DLLStructCreate("dword;int")
- Local $_TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
- Local $_NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
- Local $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
- Local $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], "int",BitOR($_TOKEN_ADJUST_PRIVILEGES,$_TOKEN_QUERY),"int_ptr",0)
- If $SP_auxret[0] Then
- $hToken = $SP_auxret[3]
- DLLStructSetData($_TOKEN_PRIVILEGES,1,1)
- Local $nTokenIndex = 1
- While $nTokenIndex <= $nTokens
- If IsArray($privilege) Then
- Local $priv = $privilege[$nTokenIndex-1]
- Else
- Local $priv = $privilege
- EndIf
- Local $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _
- "ptr",DLLStructGetPtr($LUID))
- If $ret[0] Then
- If $fEnable Then
- DLLStructSetData($_TOKEN_PRIVILEGES,2,$_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
- Else
- DLLStructSetData($_TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
- EndIf
- DLLStructSetData($_TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
- DLLStructSetData($_TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
- DLLStructSetData($LUID,1,0)
- DLLStructSetData($LUID,2,0)
- EndIf
- $nTokenIndex += 1
- WEnd
- Local $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _
- "ptr",DllStructGetPtr($_TOKEN_PRIVILEGES),"int",DllStructGetSize($_NEWTOKEN_PRIVILEGES), _
- "ptr",DllStructGetPtr($_NEWTOKEN_PRIVILEGES),"int_ptr",0)
- Local $f = DLLCall("kernel32.dll","int","GetLastError")
- EndIf
- $_NEWTOKEN_PRIVILEGES=0
- $_TOKEN_PRIVILEGES=0
- $LUID=0
- If $SP_auxret[0] = 0 Then Return 0
- $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
- If Not $ret[0] And Not $SP_auxret[0] Then Return 0
- return $ret[0]
- EndFunc ;==>SetPrivilege
- #EndRegion _FMemory64
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement