#region _Memory
Func _MEMORYOPEN($IV_PID, $IV_DESIREDACCESS = 2035711, $IV_INHERITHANDLE = 1)
If Not ProcessExists($IV_PID) Then
SetError(1)
Return 0
EndIf
Local $AH_HANDLE[2] = [DllOpen("kernel32.dll")]
If @error Then
SetError(2)
Return 0
EndIf
Local $AV_OPENPROCESS = DllCall($AH_HANDLE[0], "int", "OpenProcess", "int", $IV_DESIREDACCESS, "int", $IV_INHERITHANDLE, "int", $IV_PID)
If @error Then
DllClose($AH_HANDLE[0])
SetError(3)
Return 0
EndIf
$AH_HANDLE[1] = $AV_OPENPROCESS[0]
Return $AH_HANDLE
EndFunc
Func _MEMORYREAD($IV_ADDRESS, $AH_HANDLE, $SV_TYPE = "dword")
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
Local $V_BUFFER = DllStructCreate($SV_TYPE)
If @error Then
SetError(@error + 1)
Return 0
EndIf
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If Not @error Then
Local $V_VALUE = DllStructGetData($V_BUFFER, 1)
Return $V_VALUE
Else
SetError(6)
Return 0
EndIf
EndFunc
Func _MEMORYWRITE($IV_ADDRESS, $AH_HANDLE, $V_DATA, $SV_TYPE = "dword")
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
Local $V_BUFFER = DllStructCreate($SV_TYPE)
If @error Then
SetError(@error + 1)
Return 0
Else
DllStructSetData($V_BUFFER, 1, $V_DATA)
If @error Then
SetError(6)
Return 0
EndIf
EndIf
DllCall($AH_HANDLE[0], "int", "WriteProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If Not @error Then
Return 1
Else
SetError(7)
Return 0
EndIf
EndFunc
Func _MEMORYCLOSE($AH_HANDLE)
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
DllCall($AH_HANDLE[0], "int", "CloseHandle", "int", $AH_HANDLE[1])
If Not @error Then
DllClose($AH_HANDLE[0])
Return 1
Else
DllClose($AH_HANDLE[0])
SetError(2)
Return 0
EndIf
EndFunc
Func SETPRIVILEGE($PRIVILEGE, $BENABLE)
Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
Const $TOKEN_QUERY = 0x0008
Const $SE_PRIVILEGE_ENABLED = 0x0002
Local $HTOKEN, $SP_AUXRET, $SP_RET, $HCURRPROCESS, $NTOKENS, $NTOKENINDEX, $PRIV
$NTOKENS = 1
$LUID = DllStructCreate("dword;int")
If IsArray($PRIVILEGE) Then $NTOKENS = UBound($PRIVILEGE)
$TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $NTOKENS) & "]")
$NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $NTOKENS) & "]")
$HCURRPROCESS = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")
$SP_AUXRET = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $HCURRPROCESS[0], "int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int*", 0)
If $SP_AUXRET[0] Then
$HTOKEN = $SP_AUXRET[3]
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
$NTOKENINDEX = 1
While $NTOKENINDEX <= $NTOKENS
If IsArray($PRIVILEGE) Then
$PRIV = $PRIVILEGE[$NTOKENINDEX - 1]
Else
$PRIV = $PRIVILEGE
EndIf
$RET = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $PRIV, "ptr", DllStructGetPtr($LUID))
If $RET[0] Then
If $BENABLE Then
DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $NTOKENINDEX))
Else
DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $NTOKENINDEX))
EndIf
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($NTOKENINDEX - 1)) + 1)
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($NTOKENINDEX - 1)) + 2)
DllStructSetData($LUID, 1, 0)
DllStructSetData($LUID, 2, 0)
EndIf
$NTOKENINDEX += 1
WEnd
$RET = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $HTOKEN, "int", 0, "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0)
$F = DllCall("kernel32.dll", "int", "GetLastError")
EndIf
$NEWTOKEN_PRIVILEGES = 0
$TOKEN_PRIVILEGES = 0
$LUID = 0
If $SP_AUXRET[0] = 0 Then Return 0
$SP_AUXRET = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $HTOKEN)
If Not $RET[0] And Not $SP_AUXRET[0] Then Return 0
Return $RET[0]
EndFunc
Func _MEMORYPOINTERREAD($IV_ADDRESS, $AH_HANDLE, $AV_OFFSET, $SV_TYPE = "dword")
If IsArray($AV_OFFSET) Then
If IsArray($AH_HANDLE) Then
Local $IV_POINTERCOUNT = UBound($AV_OFFSET) - 1
Else
SetError(2)
Return 0
EndIf
Else
SetError(1)
Return 0
EndIf
Local $IV_DATA[2], $I
Local $V_BUFFER = DllStructCreate("dword")
For $I = 0 To $IV_POINTERCOUNT
If $I = $IV_POINTERCOUNT Then
$V_BUFFER = DllStructCreate($SV_TYPE)
If @error Then
SetError(@error + 2)
Return 0
EndIf
$IV_ADDRESS = "0x" & Hex($IV_DATA[1] + $AV_OFFSET[$I])
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(7)
Return 0
EndIf
$IV_DATA[1] = DllStructGetData($V_BUFFER, 1)
ElseIf $I = 0 Then
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(7)
Return 0
EndIf
$IV_DATA[1] = DllStructGetData($V_BUFFER, 1)
Else
$IV_ADDRESS = "0x" & Hex($IV_DATA[1] + $AV_OFFSET[$I])
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(7)
Return 0
EndIf
$IV_DATA[1] = DllStructGetData($V_BUFFER, 1)
EndIf
Next
$IV_DATA[0] = $IV_ADDRESS
Return $IV_DATA
EndFunc
Func _MEMORYPOINTERWRITE($IV_ADDRESS, $AH_HANDLE, $AV_OFFSET, $V_DATA, $SV_TYPE = "dword")
If IsArray($AV_OFFSET) Then
If IsArray($AH_HANDLE) Then
Local $IV_POINTERCOUNT = UBound($AV_OFFSET) - 1
Else
SetError(2)
Return 0
EndIf
Else
SetError(1)
Return 0
EndIf
Local $IV_STRUCTDATA, $I
Local $V_BUFFER = DllStructCreate("dword")
For $I = 0 To $IV_POINTERCOUNT
If $I = $IV_POINTERCOUNT Then
$V_BUFFER = DllStructCreate($SV_TYPE)
If @error Then
SetError(@error + 3)
Return 0
EndIf
DllStructSetData($V_BUFFER, 1, $V_DATA)
If @error Then
SetError(8)
Return 0
EndIf
$IV_ADDRESS = "0x" & Hex($IV_STRUCTDATA + $AV_OFFSET[$I])
DllCall($AH_HANDLE[0], "int", "WriteProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(9)
Return 0
Else
Return $IV_ADDRESS
EndIf
ElseIf $I = 0 Then
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(3)
Return 0
EndIf
$IV_STRUCTDATA = DllStructGetData($V_BUFFER, 1)
Else
$IV_ADDRESS = "0x" & Hex($IV_STRUCTDATA + $AV_OFFSET[$I])
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If @error Then
SetError(3)
Return 0
EndIf
$IV_STRUCTDATA = DllStructGetData($V_BUFFER, 1)
EndIf
Next
EndFunc
Func _MEMORYGETBASEADDRESS($AH_HANDLE, $IHEXDEC = 0)
Local $IV_ADDRESS = 1048576
Local $V_BUFFER = DllStructCreate("dword;dword;dword;dword;dword;dword;dword")
Local $VDATA
Local $VTYPE
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
DllCall($AH_HANDLE[0], "int", "VirtualQueryEx", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER))
If Not @error Then
$VDATA = Hex(DllStructGetData($V_BUFFER, 2))
$VTYPE = Hex(DllStructGetData($V_BUFFER, 3))
While $VTYPE <> "00000080"
DllCall($AH_HANDLE[0], "int", "VirtualQueryEx", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER))
$VDATA = Hex(DllStructGetData($V_BUFFER, 2))
$VTYPE = Hex(DllStructGetData($V_BUFFER, 3))
If Hex($IV_ADDRESS) = "01000000" Then ExitLoop
$IV_ADDRESS += 65536
WEnd
If $VTYPE = "00000080" Then
SetError(0)
If $IHEXDEC = 1 Then
Return Dec($VDATA)
Else
Return $VDATA
EndIf
Else
SetError(2)
Return 0
EndIf
Else
SetError(3)
Return 0
EndIf
EndFunc
Func _MEMORYMODULEGETBASEADDRESS($IPID, $SMODULE)
If Not ProcessExists($IPID) Then Return SetError(1, 0, 0)
If Not IsString($SMODULE) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
Local $HPROCESS
Local $PERMISSION = BitOR(2, 1024, 8, 16, 32)
If $IPID > 0 Then
Local $HPROCESS = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $IPID)
If $HPROCESS[0] Then
$HPROCESS = $HPROCESS[0]
EndIf
EndIf
Local $MODULES = DllStructCreate("ptr[1024]")
Local $ACALL = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $HPROCESS, "ptr", DllStructGetPtr($MODULES), "dword", DllStructGetSize($MODULES), "dword*", 0)
If $ACALL[4] > 0 Then
Local $IMODNUM = $ACALL[4] / 4
Local $ATEMP
For $I = 1 To $IMODNUM
$ATEMP = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $HPROCESS, "ptr", PTR(DllStructGetData($MODULES, 1, $I)), "wstr", "", "dword", 260)
If $ATEMP[3] = $SMODULE Then
DllClose($PSAPI)
Return PTR(DllStructGetData($MODULES, 1, $I))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
#endregion _Memory