Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <NomadMemory.au3>
- SetPrivilege("SeDebugPrivilege", 1)
- $pid = ProcessExists("Proc.exe")
- Global $Offset[6] = [0, 0x258, 0x1f8, 0X2f0, 0X718, 0X6b8]
- $openmem = _MemoryOpen($pid) ; Open the memory
- $ModuleOffset = 0x000BE72C ; điền cái số ở dòng "xxx.dll" +0x??? tìm dc trong CE vào
- $baseAddr = _MemoryModuleGetBaseAddress($iPID, "xxx.dll") + $ModuleOffset
- $finalADDR = "0x" & Hex($baseADDR + $StaticOffset)
- $Value = _MemoryPointerRead($finalADDR, $openmem, $Offset)
- _MemoryClose($openmem)
- ConsoleWrite ( "Address = " & $Value[0] & @CRLF & "Value = " & $Value[1] & @CRLF)
- Func _memorymodulegetbaseaddress($ipid, $smodule)
- If NOT ProcessExists($ipid) Then Return SetError(1, 0, 0)
- If NOT IsString($smodule) Then Return SetError(2, 0, 0)
- Local $psapi = DllOpen("psapi.dll")
- Local $hprocess
- Local $permission = BitOR(2, 1024, 8, 16, 32)
- If $ipid > 0 Then
- Local $hprocess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $permission, "int", 0, "dword", $ipid)
- If $hprocess[0] Then
- $hprocess = $hprocess[0]
- EndIf
- EndIf
- Local $modules = DllStructCreate("ptr[1024]")
- Local $acall = DllCall($psapi, "int", "EnumProcessModules", "ptr", $hprocess, "ptr", DllStructGetPtr($modules), "dword", DllStructGetSize($modules), "dword*", 0)
- If $acall[4] > 0 Then
- Local $imodnum = $acall[4] / 4
- Local $atemp
- For $i = 1 To $imodnum
- $atemp = DllCall($psapi, "dword", "GetModuleBaseNameW", "ptr", $hprocess, "ptr", Ptr(DllStructGetData($modules, 1, $i)), "wstr", "", "dword", 260)
- If $atemp[3] = $smodule Then
- DllClose($psapi)
- Return Ptr(DllStructGetData($modules, 1, $i))
- EndIf
- Next
- EndIf
- DllClose($psapi)
- Return SetError(-1, 0, 0)
- EndFunc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement