PDA

View Full Version : VBA - ReadProcessMemory - With a Base Adress + Pointers



Sodruza
10-26-2016, 10:45 AM
Hello people,


I have been working on a function where I could input a base address and pointer(s), in order to get the address of the "final" address. That function could be used to deal with the memory pretty easily through excel (I tell you why in my PS).
To be honest, I started to do it alone, but on that one Google couldn't help me. I have literally spent hours searching everywhere on the web :/ Then I started to ask this question in a forum in my native language, unfortunately nothing working has been found. This is why I am trying in an English forum, there must be more people.


Here is a working VB.net version of the function:




<DllImport("kernel32.dll", SetLastError:=True)> Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function




Public Function GetPointedAddr(ByVal BFhandle As IntPtr, ByVal BaseAddr As IntPtr, Optional ByVal Offs0 As Integer = -1, Optional ByVal Offs1 As Integer = -1, Optional ByVal Offs2 As Integer = -1, Optional ByVal Offs3 As Integer = -1, Optional ByVal Offs4 As Integer = -1) As Integer
Dim Ptr As Integer = 0
Dim TempBuf(4) As Byte

ReadProcessMemory(BFhandle, BaseAddr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs0

If Offs1 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs1

If Offs2 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs2

If Offs3 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs3

If Offs4 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs4

Return Ptr
End Function
The thing is : I can not get the read process memory to give me the "name" of the Adress instead of the value of the Address. For example if the Address is 50F4F4 and it's value is 100, I can only get 100 not the "50F4F4"...


I did not think it was a good idea to give you my non-working tries/tests on VBA, since it s more going to mix you up instead of helping. If you want the version of this function in C#, just tell me.


Thanks in advance.


PS: I have this function "GetPointedAddress" working on C# and VB.net. My goal is to be skilled in the 3 languages and not in only one them (I could focus on C#).

Leith Ross
10-26-2016, 11:34 AM
Hello Sodruza,

Not sure what you are trying to accomplish. Memory can be read and written to using the Windows API call CopyMemory. This reads/writes bytes of main memory. Pointers are not really used in VBA. There are only three: VarPtr, ObjPtr, and StrPtr. VBA handles the pointers for the user transparently.

Sodruza
10-26-2016, 11:45 AM
Not sure what you are trying to accomplish.
Imma give a quick fictional example:
Lets say that if you open one software, you want to change the value of the adress 99DA1E8050 from 0 to 100.
If you turn off and turn on the same software, the adress has changed since it's dynamic, now if you want to change the same value as before the address will be 99DA1E3098. Hopefully, thanks to a pointer scan, i know that this dynamic address is the static address which has the base adress 50F4F4 and F4 as only pointer. How can i say to VBA to write process memory in the base address 50f4f4 + pointer f4?

I know how to do it in c# and VB.net (to write in process memory with pointers). But i would like to be able to do it with vba, because i have to write down everyday some values that are in excel to an accounting software.

SamT
10-26-2016, 11:56 AM
Write a DLL in c# that can be accessed from VBA as a Reference.

Sodruza
10-26-2016, 12:01 PM
Write a DLL in c# that can be accessed from VBA as a Reference.

This sounds really smart honestly!
The only thing is that i never created any DLL.....

Leith Ross
10-26-2016, 12:09 PM
Here is the API declaration for CopyMemory. This has to be placed in a Standard VBA module in your workbook's VBA Project.

NOTE: Please be sure you understand ByVal , ByRef, and Data Typing before using this function. This API procedure has no built-in error checking. If you make a mistake, you can potentially damage your software!



Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As LongPtr)


Here is an example of copying the value into the memory location.



'Numbers are assumed to be Typed as Long Integers (4 bytes).
CopyMemory &H99DA1E8050, ByVal 100, 4


If the pointer is an offset to the base address then add the pointer to the base and use that address as the destination.

Sodruza
10-26-2016, 12:21 PM
NOTE: Please be sure you understand ByVal , ByRef, and Data Typing before using this function. This API procedure has no built-in error checking. If you make a mistake, you can potentially damage your software!


Just to make sure : if i do some tests about dealing with addresses in a game i dont give a F* about will it damage the game only ?( and not the computer). What if i reboot the ****ty game?? (im not a native english speaker and i just wanna make sure).

What is that for: [COLOR=#333333] ?

What is the difference between write process memory and your function?

And last question (i started to feel like a kid who keeps reapting "why?") if the base address is 50f4f4 and the pointer (offset) is f4,i gotta use 50F5E8?
f

Paul_Hossler
10-26-2016, 07:02 PM
For more information about the way VBA deals with pointers


http://bytecomb.com/vba-reference/


VBA Internals



Pointers

What’s in a variable (http://bytecomb.com/vba-internals-whats-in-a-variable/)
Getting Pointers (http://bytecomb.com/vba-internals-getting-pointers/)
Scalar Variables and Pointers in Depth (http://bytecomb.com/vba-scalar-variables-and-pointers-in-depth/)
String Variables and Pointers in Depth (http://bytecomb.com/vba-internals-string-variables-and-pointers-in-depth/)
Array Variables and Pointers in Depth (http://bytecomb.com/vba-internals-array-variables-and-pointers-in-depth/)
Variant Variables and Pointers in Depth (http://bytecomb.com/vba-internals-variant-variables-and-pointers-in-depth/)
Decimal Variables and Pointers In Depth (http://bytecomb.com/vba-internals-decimal-variables-and-pointers-in-depth/)




From the article



Generally speaking you don’t use pointers in VBA. There is no language-level syntax to explicitly obtain or dereference a pointer as in C or C++ (such as int* somePtr = &someInt).

Within VBA there is almost no reason at all to use pointers. The VB runtime handles all the implementation details of allocating, using, and reclaiming memory for you. But sometimes you need (or want) to reach out to the power of an API function that actually requires a pointer and you have no choice but to take that plunge. Or maybe (like me) you’re just mischevious or curious, and want to dig into all the implementation details that language and runtime designers are constantly telling us programmers to ignore.

Either way, there are in fact ways to obtain and work with pointers in VBA. You can do some powerful things with them. You can also crash your whole program if you don’t know what you’re doing. Using pointers is a big topic, so in this post I’ll just present an overview and a description of the functions used to obtain them.




I personally rarely ever had the need to get inside VBA this much, but if you're careful you can use some of this. Make sure to save your work before each test since it will be very unforgiving



Option Explicit

'http://computer-programming-forum.com/16-visual-basic/ad6dcf8ce892565e.htm
#If Win32 Then
Declare Sub FromLp Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, ByVal lp As Long, ByVal nBytes As Long)
Declare Sub ToLp Lib "kernel32" Alias "RtlMoveMemory" (ByVal lp As Long, pSrc As Any, ByVal nBytes As Long)
#Else
Declare Sub CopyMemory Lib "kernel32" Alias "hmemcpy" (pDest As Any, pSource As Any, ByVal nBytes As Long)
#End If

Sub MemTest()
Dim i As Long
Dim N As Long
Dim L(0 To 99) As Long ' 100 elements 4 bytes each
Dim hL As Long

hL = VarPtr(L(0))
MsgBox hL

'fill L array with 2,4,6,8, ....
For i = LBound(L) To UBound(L)
ToLp hL + i * Len(L(0)), 2 * (i + 1), Len(L(0))
Next I

'multiply L(3) by 10
FromLp N, hL + 3 * Len(L(0)), Len(L(0))
N = N * 10
ToLp hL + 3 * Len(L(0)), N, Len(L(0))

For i = LBound(L) To 5
MsgBox "L(" & i & ") = " & L(i)
Next i
End Sub

Sodruza
10-27-2016, 08:31 AM
since it will be very unforgiving

I have dealt with memory through C#. and the worse I did was to get the game to crash. Which is not that bad.
Is it possible to damage my computer if I use this function not correctly?

First I try the DLL trick, then i try this function for the LOLs

Paul_Hossler
10-27-2016, 09:07 AM
Is it possible to damage my computer if I use this function not correctly?

Most likely is you'll crash Excel and have to restart it

Small probability that you're crash Windows and have to restart


I'd still look a different way since VBA doesn't play well with pointers