magenpriest3

1. #include-once
2. #region _Memory
3. ;==================================================================================
4. ; AutoIt Version:   3.1.127 (beta)
5. ; Language:   English
6. ; Platform:   All Windows
7. ; Author:         Nomad
8. ; Requirements:  These functions will only work with beta.
9. ;==================================================================================
10. ; Credits:  wOuter - These functions are based on his original _Mem() functions.
11. ;         But they are easier to comprehend and more reliable.  These
12. ;         functions are in no way a direct copy of his functions.  His
13. ;         functions only provided a foundation from which these evolved.
14. ;==================================================================================
15. ;
16. ; Functions:
17. ;
18. ;==================================================================================
19. ; Function:   _MemoryOpen($iv_Pid[, $iv_DesiredAccess[, $iv_InheritHandle]])
20. ; Description:    Opens a process and enables all possible access rights to the
21. ;               process.  The Process ID of the process is used to specify which
22. ;               process to open.  You must call this function before calling
23. ;               _MemoryClose(), _MemoryRead(), or _MemoryWrite().
24. ; Parameter(s):  $iv_Pid - The Process ID of the program you want to open.
25. ;               $iv_DesiredAccess - (optional) Set to 0x1F0FFF by default, which
26. ;                              enables all possible access rights to the
27. ;                              process specified by the Process ID.
28. ;               $iv_InheritHandle - (optional) If this value is TRUE, all processes
29. ;                              created by this process will inherit the access
30. ;                              handle.  Set to 1 (TRUE) by default.  Set to 0
31. ;                              if you want it FALSE.
32. ; Requirement(s):   None.
33. ; Return Value(s):  On Success - Returns an array containing the Dll handle and an
34. ;                         open handle to the specified process.
35. ;               On Failure - Returns 0
36. ;               @Error - 0 = No error.
37. ;                      1 = Invalid $iv_Pid.
38. ;                      2 = Failed to open Kernel32.dll.
39. ;                      3 = Failed to open the specified process.
40. ; Author(s):        Nomad
41. ; Note(s):
42. ;==================================================================================
43. Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $iv_InheritHandle = 1)
44.  
45.     If Not ProcessExists($iv_Pid) Then
46.         SetError(1)
47.         Return 0
48.     EndIf
49.  
50.     Local $ah_Handle[2] = [DllOpen('kernel32.dll')]
51.  
52.     If @Error Then
53.         SetError(2)
54.         Return 0
55.     EndIf
56.  
57.     Local $av_OpenProcess = DllCall($ah_Handle[0], 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $iv_InheritHandle, 'int', $iv_Pid)
58.  
59.     If @Error Then
60.         DllClose($ah_Handle[0])
61.         SetError(3)
62.         Return 0
63.     EndIf
64.  
65.     $ah_Handle[1] = $av_OpenProcess[0]
66.  
67.     Return $ah_Handle
68.  
69. EndFunc
70.  
71. ;==================================================================================
72. ; Function:   _MemoryRead($iv_Address, $ah_Handle[, $sv_Type])
73. ; Description:    Reads the value located in the memory address specified.
74. ; Parameter(s):  $iv_Address - The memory address you want to read from. It must
75. ;                          be in hex format (0x00000000).
76. ;               $ah_Handle - An array containing the Dll handle and the handle
77. ;                         of the open process as returned by _MemoryOpen().
78. ;               $sv_Type - (optional) The "Type" of value you intend to read.
79. ;                        This is set to 'dword'(32bit(4byte) signed integer)
80. ;                        by default.  See the help file for DllStructCreate
81. ;                        for all types.  An example: If you want to read a
82. ;                        word that is 15 characters in length, you would use
83. ;                        'char[16]' since a 'char' is 8 bits (1 byte) in size.
84. ; Return Value(s):  On Success - Returns the value located at the specified address.
85. ;               On Failure - Returns 0
86. ;               @Error - 0 = No error.
87. ;                      1 = Invalid $ah_Handle.
88. ;                      2 = $sv_Type was not a string.
89. ;                      3 = $sv_Type is an unknown data type.
90. ;                      4 = Failed to allocate the memory needed for the DllStructure.
91. ;                      5 = Error allocating memory for $sv_Type.
92. ;                      6 = Failed to read from the specified process.
93. ; Author(s):        Nomad
94. ; Note(s):      Values returned are in Decimal format, unless specified as a
95. ;               'char' type, then they are returned in ASCII format.  Also note
96. ;               that size ('char[size]') for all 'char' types should be 1
97. ;               greater than the actual size.
98. ;==================================================================================
99. Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')
100.  
101.     If Not IsArray($ah_Handle) Then
102.         SetError(1)
103.         Return 0
104.     EndIf
105.  
106.     Local $v_Buffer = DllStructCreate($sv_Type)
107.  
108.     If @Error Then
109.         SetError(@Error + 1)
110.         Return 0
111.     EndIf
112.  
113.     DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
114.  
115.     If Not @Error Then
116.         Local $v_Value = DllStructGetData($v_Buffer, 1)
117.         Return $v_Value
118.     Else
119.         SetError(6)
120.         Return 0
121.     EndIf
122.  
123. EndFunc
124.  
125. ;==================================================================================
126. ; Function:   _MemoryWrite($iv_Address, $ah_Handle, $v_Data[, $sv_Type])
127. ; Description:    Writes data to the specified memory address.
128. ; Parameter(s):  $iv_Address - The memory address which you want to write to.
129. ;                          It must be in hex format (0x00000000).
130. ;               $ah_Handle - An array containing the Dll handle and the handle
131. ;                         of the open process as returned by _MemoryOpen().
132. ;               $v_Data - The data to be written.
133. ;               $sv_Type - (optional) The "Type" of value you intend to write.
134. ;                        This is set to 'dword'(32bit(4byte) signed integer)
135. ;                        by default.  See the help file for DllStructCreate
136. ;                        for all types.  An example: If you want to write a
137. ;                        word that is 15 characters in length, you would use
138. ;                        'char[16]' since a 'char' is 8 bits (1 byte) in size.
139. ; Return Value(s):  On Success - Returns 1
140. ;               On Failure - Returns 0
141. ;               @Error - 0 = No error.
142. ;                      1 = Invalid $ah_Handle.
143. ;                      2 = $sv_Type was not a string.
144. ;                      3 = $sv_Type is an unknown data type.
145. ;                      4 = Failed to allocate the memory needed for the DllStructure.
146. ;                      5 = Error allocating memory for $sv_Type.
147. ;                      6 = $v_Data is not in the proper format to be used with the
148. ;                         "Type" selected for $sv_Type, or it is out of range.
149. ;                      7 = Failed to write to the specified process.
150. ; Author(s):        Nomad
151. ; Note(s):      Values sent must be in Decimal format, unless specified as a
152. ;               'char' type, then they must be in ASCII format.  Also note
153. ;               that size ('char[size]') for all 'char' types should be 1
154. ;               greater than the actual size.
155. ;==================================================================================
156. Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')
157.  
158.     If Not IsArray($ah_Handle) Then
159.         SetError(1)
160.         Return 0
161.     EndIf
162.  
163.     Local $v_Buffer = DllStructCreate($sv_Type)
164.  
165.     If @Error Then
166.         SetError(@Error + 1)
167.         Return 0
168.     Else
169.         DllStructSetData($v_Buffer, 1, $v_Data)
170.         If @Error Then
171.             SetError(6)
172.             Return 0
173.         EndIf
174.     EndIf
175.  
176.     DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
177.  
178.     If Not @Error Then
179.         Return 1
180.     Else
181.         SetError(7)
182.         Return 0
183.     EndIf
184.  
185. EndFunc
186.  
187. ;==================================================================================
188. ; Function:   _MemoryClose($ah_Handle)
189. ; Description:    Closes the process handle opened by using _MemoryOpen().
190. ; Parameter(s):  $ah_Handle - An array containing the Dll handle and the handle
191. ;                         of the open process as returned by _MemoryOpen().
192. ; Return Value(s):  On Success - Returns 1
193. ;               On Failure - Returns 0
194. ;               @Error - 0 = No error.
195. ;                      1 = Invalid $ah_Handle.
196. ;                      2 = Unable to close the process handle.
197. ; Author(s):        Nomad
198. ; Note(s):
199. ;==================================================================================
200. Func _MemoryClose($ah_Handle)
201.  
202.     If Not IsArray($ah_Handle) Then
203.         SetError(1)
204.         Return 0
205.     EndIf
206.  
207.     DllCall($ah_Handle[0], 'int', 'CloseHandle', 'int', $ah_Handle[1])
208.     If Not @Error Then
209.         DllClose($ah_Handle[0])
210.         Return 1
211.     Else
212.         DllClose($ah_Handle[0])
213.         SetError(2)
214.         Return 0
215.     EndIf
216.  
217. EndFunc
218.  
219. ;==================================================================================
220. ; Function:   SetPrivilege( $privilege, $bEnable )
221. ; Description:    Enables (or disables) the $privilege on the current process
222. ;                   (Probably) requires administrator privileges to run
223. ;
224. ; Author(s):        Larry (from autoitscript.com's Forum)
225. ; Notes(s):
226. ; http://www.autoitscript.com/forum/index.ph...st&p=223999
227. ;==================================================================================
228.  
229. Func SetPrivilege( $privilege, $bEnable )
230.     Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020
231.     Const $MY_TOKEN_QUERY = 0x0008
232.     Const $MY_SE_PRIVILEGE_ENABLED = 0x0002
233.     Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
234.     $nTokens = 1
235.     $LUID = DLLStructCreate("dword;int")
236.     If IsArray($privilege) Then    $nTokens = UBound($privilege)
237.     $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
238.     $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
239.     $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
240.     $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
241.             "int",BitOR($MY_TOKEN_ADJUST_PRIVILEGES,$MY_TOKEN_QUERY),"int*",0)
242.     If $SP_auxret[0] Then
243.         $hToken = $SP_auxret[3]
244.         DLLStructSetData($TOKEN_PRIVILEGES,1,1)
245.         $nTokenIndex = 1
246.         While $nTokenIndex <= $nTokens
247.             If IsArray($privilege) Then
248.                 $priv = $privilege[$nTokenIndex-1]
249.             Else
250.                 $priv = $privilege
251.             EndIf
252.             $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
253.                     "ptr",DLLStructGetPtr($LUID))
254.             If $ret[0] Then
255.                 If $bEnable Then
256.                     DLLStructSetData($TOKEN_PRIVILEGES,2,$MY_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
257.                 Else
258.                     DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
259.                 EndIf
260.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
261.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
262.                 DLLStructSetData($LUID,1,0)
263.                 DLLStructSetData($LUID,2,0)
264.             EndIf
265.             $nTokenIndex += 1
266.         WEnd
267.         $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
268.                 "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
269.                 "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
270.         $f = DLLCall("kernel32.dll","int","GetLastError")
271.     EndIf
272.     $NEWTOKEN_PRIVILEGES=0
273.     $TOKEN_PRIVILEGES=0
274.     $LUID=0
275.     If $SP_auxret[0] = 0 Then Return 0
276.     $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
277.     If Not $ret[0] And Not $SP_auxret[0] Then Return 0
278.     return $ret[0]
279. EndFunc   ;==>SetPrivilege
280.  
281. ;=================================================================================================
282. ; Function:   _MemoryPointerRead ($iv_Address, $ah_Handle, $av_Offset[, $sv_Type])
283. ; Description:    Reads a chain of pointers and returns an array containing the destination
284. ;               address and the data at the address.
285. ; Parameter(s):  $iv_Address - The static memory address you want to start at. It must be in
286. ;                          hex format (0x00000000).
287. ;               $ah_Handle - An array containing the Dll handle and the handle of the open
288. ;                         process as returned by _MemoryOpen().
289. ;               $av_Offset - An array of offsets for the pointers.  Each pointer must have an
290. ;                         offset.  If there is no offset for a pointer, enter 0 for that
291. ;                         array dimension.
292. ;               $sv_Type - (optional) The "Type" of data you intend to read at the destination
293. ;                         address.  This is set to 'dword'(32bit(4byte) signed integer) by
294. ;                         default.  See the help file for DllStructCreate for all types.
295. ; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
296. ; Return Value(s):  On Success - Returns an array containing the destination address and the value
297. ;                         located at the address.
298. ;               On Failure - Returns 0
299. ;               @Error - 0 = No error.
300. ;                      1 = $av_Offset is not an array.
301. ;                      2 = Invalid $ah_Handle.
302. ;                      3 = $sv_Type is not a string.
303. ;                      4 = $sv_Type is an unknown data type.
304. ;                      5 = Failed to allocate the memory needed for the DllStructure.
305. ;                      6 = Error allocating memory for $sv_Type.
306. ;                      7 = Failed to read from the specified process.
307. ; Author(s):        Nomad
308. ; Note(s):      Values returned are in Decimal format, unless a 'char' type is selected.
309. ;               Set $av_Offset like this:
310. ;               $av_Offset[0] = NULL (not used)
311. ;               $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
312. ;               $av_Offset[2] = Offset for pointer 2
313. ;               etc...
314. ;               (The number of array dimensions determines the number of pointers)
315. ;=================================================================================================
316. Func _MemoryPointerRead($iv_Address, $ah_Handle, $av_Offset, $sv_Type = 'dword')
317.  
318.     If IsArray($av_Offset) Then
319.         If IsArray($ah_Handle) Then
320.             Local $iv_PointerCount = UBound($av_Offset) - 1
321.         Else
322.             SetError(2)
323.             Return 0
324.         EndIf
325.     Else
326.         SetError(1)
327.         Return 0
328.     EndIf
329.  
330.     Local $iv_Data[2], $i
331.     Local $v_Buffer = DllStructCreate('dword')
332.  
333.     For $i = 0 To $iv_PointerCount
334.  
335.         If $i = $iv_PointerCount Then
336.             $v_Buffer = DllStructCreate($sv_Type)
337.             If @error Then
338.                 SetError(@error + 2)
339.                 Return 0
340.             EndIf
341.  
342.             $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
343.             DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
344.             If @error Then
345.                 SetError(7)
346.                 Return 0
347.             EndIf
348.  
349.             $iv_Data[1] = DllStructGetData($v_Buffer, 1)
350.  
351.         ElseIf $i = 0 Then
352.             DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
353.             If @error Then
354.                 SetError(7)
355.                 Return 0
356.             EndIf
357.  
358.             $iv_Data[1] = DllStructGetData($v_Buffer, 1)
359.  
360.         Else
361.             $iv_Address = '0x' & Hex($iv_Data[1] + $av_Offset[$i])
362.             DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
363.             If @error Then
364.                 SetError(7)
365.                 Return 0
366.             EndIf
367.  
368.             $iv_Data[1] = DllStructGetData($v_Buffer, 1)
369.  
370.         EndIf
371.  
372.     Next
373.  
374.     $iv_Data[0] = $iv_Address
375.  
376.     Return $iv_Data
377.  
378. EndFunc   ;==>_MemoryPointerRead
379.  
380.  
381.  
382. ;=================================================================================================
383. ; Function:         _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data[, $sv_Type])
384. ; Description:      Reads a chain of pointers and writes the data to the destination address.
385. ; Parameter(s):     $iv_Address - The static memory address you want to start at. It must be in
386. ;                                 hex format (0x00000000).
387. ;                   $ah_Handle - An array containing the Dll handle and the handle of the open
388. ;                                process as returned by _MemoryOpen().
389. ;                   $av_Offset - An array of offsets for the pointers.  Each pointer must have an
390. ;                                offset.  If there is no offset for a pointer, enter 0 for that
391. ;                                array dimension.
392. ;                   $v_Data - The data to be written.
393. ;                   $sv_Type - (optional) The "Type" of data you intend to write at the destination
394. ;                                address.  This is set to 'dword'(32bit(4byte) signed integer) by
395. ;                                default.  See the help file for DllStructCreate for all types.
396. ; Requirement(s):   The $ah_Handle returned from _MemoryOpen.
397. ; Return Value(s):  On Success - Returns the destination address.
398. ;                   On Failure - Returns 0.
399. ;                   @Error - 0 = No error.
400. ;                            1 = $av_Offset is not an array.
401. ;                            2 = Invalid $ah_Handle.
402. ;                            3 = Failed to read from the specified process.
403. ;                            4 = $sv_Type is not a string.
404. ;                            5 = $sv_Type is an unknown data type.
405. ;                            6 = Failed to allocate the memory needed for the DllStructure.
406. ;                            7 = Error allocating memory for $sv_Type.
407. ;                            8 = $v_Data is not in the proper format to be used with the
408. ;                                "Type" selected for $sv_Type, or it is out of range.
409. ;                            9 = Failed to write to the specified process.
410. ; Author(s):        Nomad
411. ; Note(s):          Data written is in Decimal format, unless a 'char' type is selected.
412. ;                   Set $av_Offset like this:
413. ;                   $av_Offset[0] = NULL (not used, doesn't matter what's entered)
414. ;                   $av_Offset[1] = Offset for pointer 1 (all offsets must be in Decimal)
415. ;                   $av_Offset[2] = Offset for pointer 2
416. ;                   etc...
417. ;                   (The number of array dimensions determines the number of pointers)
418. ;=================================================================================================
419.  
420. Func _MemoryPointerWrite ($iv_Address, $ah_Handle, $av_Offset, $v_Data, $sv_Type = 'dword')
421.  
422.     If IsArray($av_Offset) Then
423.         If IsArray($ah_Handle) Then
424.             Local $iv_PointerCount = UBound($av_Offset) - 1
425.         Else
426.             SetError(2)
427.             Return 0
428.         EndIf
429.     Else
430.         SetError(1)
431.         Return 0
432.     EndIf
433.  
434.     Local $iv_StructData, $i
435.     Local $v_Buffer = DllStructCreate('dword')
436.  
437.     For $i = 0 to $iv_PointerCount
438.         If $i = $iv_PointerCount Then
439.             $v_Buffer = DllStructCreate($sv_Type)
440.             If @Error Then
441.                 SetError(@Error + 3)
442.                 Return 0
443.             EndIf
444.  
445.             DllStructSetData($v_Buffer, 1, $v_Data)
446.             If @Error Then
447.                 SetError(8)
448.                 Return 0
449.             EndIf
450.  
451.             $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
452.             DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
453.             If @Error Then
454.                 SetError(9)
455.                 Return 0
456.             Else
457.                 Return $iv_Address
458.             EndIf
459.         ElseIf $i = 0 Then
460.             DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
461.             If @Error Then
462.                 SetError(3)
463.                 Return 0
464.             EndIf
465.  
466.             $iv_StructData = DllStructGetData($v_Buffer, 1)
467.  
468.         Else
469.             $iv_Address = '0x' & hex($iv_StructData + $av_Offset[$i])
470.             DllCall($ah_Handle[0], 'int', 'ReadProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
471.             If @Error Then
472.                 SetError(3)
473.                 Return 0
474.             EndIf
475.  
476.             $iv_StructData = DllStructGetData($v_Buffer, 1)
477.  
478.         EndIf
479.     Next
480.  
481. EndFunc
482.  
483. ;===================================================================================================
484. ; Function........:  _MemoryGetBaseAddress($ah_Handle, $iHD)
485. ;
486. ; Description.....:  Reads the 'Allocation Base' from the open process.
487. ;
488. ; Parameter(s)....:  $ah_Handle - An array containing the Dll handle and the handle of the open
489. ;                                process as returned by _MemoryOpen().
490. ;                   $iHD - Return type:
491. ;                      |0 = Hex (Default)
492. ;                      |1 = Dec
493. ;
494. ; Requirement(s)..:  A valid process ID.
495. ;
496. ; Return Value(s).:  On Success - Returns the 'allocation Base' address and sets @Error to 0.
497. ;                   On Failure - Returns 0 and sets @Error to:
498. ;                      |1 = Invalid $ah_Handle.
499. ;                      |2 = Failed to find correct allocation address.
500. ;                      |3 = Failed to read from the specified process.
501. ;
502. ; Author(s).......:  Nomad. Szhlopp.
503. ; URL.............:  http://www.autoitscript.com/forum/index.php?showtopic=78834
504. ; Note(s).........:  Go to Www.CheatEngine.org for the latest version of CheatEngine.
505. ;===================================================================================================
506. Func _MemoryGetBaseAddress($ah_Handle, $iHexDec = 0)
507.  
508.     Local $iv_Address = 0x00100000
509.     Local $v_Buffer = DllStructCreate('dword;dword;dword;dword;dword;dword;dword')
510.     Local $vData
511.     Local $vType
512.  
513.     If Not IsArray($ah_Handle) Then
514.         SetError(1)
515.         Return 0
516.     EndIf
517.  
518.     DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
519.  
520.     If Not @Error Then
521.  
522.         $vData = Hex(Int(DllStructGetData($v_Buffer, 2)))
523.         $vType = Hex(Int(DllStructGetData($v_Buffer, 3)))
524.  
525.         While $vType <> "00000080"
526.             DllCall($ah_Handle[0], 'int', 'VirtualQueryEx', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer))
527.             $vData = Hex(Int(DllStructGetData($v_Buffer, 2)))
528.             $vType = Hex(Int(DllStructGetData($v_Buffer, 3)))
529.             If Hex($iv_Address) = "01000000" Then ExitLoop
530.             $iv_Address += 65536
531.  
532.         WEnd
533.         If $vType = "00000080" Then
534.             SetError(0)
535.             If $iHexDec = 1 Then
536.                 Return Dec($vData)
537.             Else
538.                 Return $vData
539.             EndIf
540.  
541.         Else
542.             SetError(2)
543.             Return 0
544.         EndIf
545.  
546.     Else
547.         SetError(3)
548.         Return 0
549.     EndIf
550.  
551. EndFunc
552.  
553. Func _MemoryModuleGetBaseAddress($iPID, $sModule)
554.     If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
555.  
556.     If Not IsString($sModule) Then Return SetError(2, 0, 0)
557.  
558.     Local   $PSAPI = DllOpen("psapi.dll")
559.  
560.     ;Get Process Handle
561.     Local   $hProcess
562.     Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
563.  
564.     If $iPID > 0 Then
565.         Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
566.         If $hProcess[0] Then
567.             $hProcess = $hProcess[0]
568.         EndIf
569.     EndIf
570.  
571.     ;EnumProcessModules
572.     Local   $Modules = DllStructCreate("ptr[1024]")
573.     Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
574.     If $aCall[4] > 0 Then
575.         Local   $iModnum = $aCall[4] / 4
576.         Local   $aTemp
577.         For $i = 1 To $iModnum
578.             $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
579.             If $aTemp[3] = $sModule Then
580.                 DllClose($PSAPI)
581.                 Return Ptr(DllStructGetData($Modules, 1, $i))
582.             EndIf
583.         Next
584.     EndIf
585.  
586.     DllClose($PSAPI)
587.     Return SetError(-1, 0, 0)
588.  
589. EndFunc
590. #EndRegion
591.  
592. ;============================================================================================
593. ; MemReadDLL - Function
594. ;       Quick way of accessing a module offset.
595. ;============================================================================================
596. Func _MemReadDLL($dll, $offset, $ah_Handle, $sv_Type = 'dword')
597.         $StaticOffset = Dec($offset)
598.         $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
599.         $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
600.         $MemTest = _MemoryRead($finalADDR, $ah_Handle, $sv_Type)
601.         Return $MemTest
602. EndFunc   ;==>MemReadDLL
603.  
604. ;============================================================================================
605. ; MemWriteDLL - Function
606. ;       Quick way of writing to a module offset.
607. ;============================================================================================
608. Func _MemWriteDLL($dll, $offset, $value, $ah_Handle, $sv_Type = 'dword')
609.         $StaticOffset = Dec($offset)
610.         $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
611.         $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
612.         $MemTest = _MemoryWrite($finalADDR, $ah_Handle, $value, $sv_Type)
613.         Return $MemTest
614. EndFunc   ;==>MemReadDLL
615.  
616.  
617. ;============================================================================================
618. ; MemWriteDLLByteArray - Function
619. ;       Writes an array of bytes to memory
620. ;============================================================================================
621. Func _MemWriteDLLByteArray($dll, $offset, $ah_Handle, $v_Array)
622.         Local $StaticOffset = Dec($offset)
623.         Local $baseADDR = _MemoryModuleGetBaseAddress($ah_Handle, $dll)
624.         Local $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
625.         Local $MemTest = _MemoryWriteByteArray($finalADDR, $ah_Handle, $v_Array)
626.         Return $MemTest
627. EndFunc   ;==>MemReadDLL
628.  
629. ;============================================================================================
630. ; _MemoryWriteByteArray - Function
631. ;       Writes an array of bytes to memory
632. ;============================================================================================
633. Func _MemoryWriteByteArray($iv_Address, $ah_Handle, $v_Array)
634.     If Not IsArray($ah_Handle) Then
635.         SetError(1)
636.         Return 0
637.     EndIf
638.  
639.         If Not IsArray($v_Array) Then
640.                 Return 0
641.         EndIf
642.  
643.         Local $eMax = UBound($v_Array)
644.         Local $byteString = ""
645.         For $i = 0 To $eMax - 1
646.                 $byteString = $byteString & "byte;"
647.         Next
648.     Local $v_Buffer = DllStructCreate($byteString)
649.     If @Error Then
650.         Return 0
651.     Else
652.                 For $i = 1 To $eMax
653.                         DllStructSetData($v_Buffer, $i, $v_Array[$i-1])
654.                         If @Error Then
655.                                 Return 0
656.                         EndIf
657.                 Next
658.     EndIf
659.     DllCall($ah_Handle[0], 'int', 'WriteProcessMemory', 'int', $ah_Handle[1], 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
660.     If Not @Error Then
661.         Return 1
662.     Else
663.         SetError(7)
664.         Return 0
665.     EndIf
666. EndFunc