rob-- / memoryjs Goto Github PK
View Code? Open in Web Editor NEWRead and write process memory in Node.js (Windows API functions exposed via Node bindings)
License: MIT License
Read and write process memory in Node.js (Windows API functions exposed via Node bindings)
License: MIT License
Hello, I'd like to help with the implementation of DLL injection. Here is the process:
What step 3 would look like:
CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA"), remoteString, NULL, NULL);
Its actually a really simple progress, should not be hard to implement. I'd love to fork and do it myself, but I have no idea how to work the node bindings.
It should also be possible to read/write a buffer which can be used to read say, an objects struct from memory at once then parse through it in js.
Maybe something like this?
process.read(buf, address, callback)
// Writing buffer, can get like this.
size_t packetLen = Buffer::Length(args[1]);
char* packet = Buffer::Data(args[1]);
// Reading buffer.
char * buffer = new char[size];
ReadProcessMemory(hProcess, (LPVOID)dwAddress, &buffer, size, NULL);
info.GetReturnValue().Set(Nan::NewBuffer(buffer, size).ToLocalChecked());
Maybe this would be helpful?
https://community.risingstack.com/using-buffers-node-js-c-plus-plus/
https://github.com/Zysen/node-winprocess/blob/master/winprocess.cc#L229-L240
Hello,
I built memoryjs with npm run build64 but when i try to read memory with address that is bigger than 0xFFFFFFFF, it read wrong address.
For example, if i try to read address 0x141EA3612, it will return value of address 0x41EA3612 instead of 0x141EA3612 one.
My attached process is built with a 64bit architecture.
Do you have some idea to fix this ? Thanks
Hey. I'm trying to readMemory from address, which I've select from CheatEngine. In CE I see value 101, but shen I try to read this in JS I get 3.
What problems can i have?
P.S. Trying to access cs 1.6 data)
Could you by chance just add a byte type to write/read memory and do all the buffer handling behind the scenes? Been having tons of trouble.
Hello!
I've found your project on npm
and I think it's the only memory editing module for node in there. Seen that your last update was 7 months ago.
Are you still working on this or is it dead?
Are you still planning on adding the pattern scanning
feature from your TODO list?
Cheers,
Pupix
[email protected] install C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
node-gyp rebuild
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" rebuild )
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs\build\memoryj
s.vcxproj(20,3): error MSB4019: The imported project "C:\Microsoft.Cpp.Default.p
rops" was not found. Confirm that the path in the declaration is correc
t, and that the file exists on disk.
gyp ERR! build error
gyp ERR! stack Error: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:262:23)
gyp ERR! stack at ChildProcess.emit (events.js:203:13)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Windows_NT 10.0.18362
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
gyp ERR! node -v v12.7.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
ne is installed. You must install peer dependencies yourself.
npm WARN [email protected] No repository field.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\TheUnChosenOne\AppData\Roaming\npm-cache_logs\2020-03-15T18_25_34_195Z-debug.log
PS C:\Users\TheUnChosenOne\Desktop\DreamDebuger> npm install memoryjs
[email protected] install C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
node-gyp rebuild
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" rebuild )
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs\build\memoryj
s.vcxproj(20,3): error MSB4019: The imported project "C:\Microsoft.Cpp.Default.p
rops" was not found. Confirm that the path in the declaration is correc
t, and that the file exists on disk.
gyp ERR! build error
gyp ERR! stack Error: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:262:23)
gyp ERR! stack at ChildProcess.emit (events.js:203:13)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Windows_NT 10.0.18362
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
gyp ERR! node -v v12.7.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
npm WARN rollback Rolling back [email protected] failed (this is probably harmless): EPERM: operation not permitted, lstat 'C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\eslint-plugin-import\node_modules'
ne is installed. You must install peer dependencies yourself.
npm WARN [email protected] No repository field.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\TheUnChosenOne\AppData\Roaming\npm-cache_logs\2020-03-15T18_26_27_375Z-debug.log
PS C:\Users\TheUnChosenOne\Desktop\DreamDebuger> npm install memoryjs
[email protected] install C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
node-gyp rebuild
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" rebuild )
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs\build\memoryj
s.vcxproj(20,3): error MSB4019: The imported project "C:\Microsoft.Cpp.Default.p
rops" was not found. Confirm that the path in the declaration is correc
t, and that the file exists on disk.
gyp ERR! build error
gyp ERR! stack Error: C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:262:23)
gyp ERR! stack at ChildProcess.emit (events.js:203:13)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Windows_NT 10.0.18362
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\TheUnChosenOne\Desktop\DreamDebuger\node_modules\memoryjs
gyp ERR! node -v v12.7.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
npm WARN [email protected] requires a peer of eslint@^4.9.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] No repository field.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
dont know what i am doing worng
Once my electron app is built, do my users need to have node-gyp?
I'm not sure where else to ask this, but if I were to use this to READ (but NOT write) memory of a Steam online multiplayer game, would I get banned? Can VAC "know" if I'm reading a game's memory?
I am not cheating by the way.
I'm a little new to all of this, so please excuse my ignorance if I'm doing something wrong. I have a game that I'm going to call "game.exe" and the offset to the local player, and then a list of offsets that I want to obtain data for.
Here's what reading from this data looks like in C++
float GetHealth() {
auto address = *(DWORD*)(BASE_ADDRESS + LOCAL_PLAYER_OFFSET);
return *(float*)(address + OFFSET_HEALTH);
}
Here is what I'm trying the memoryjs
mjs.readMemory(process.handle, (baseAddress + localPlayerAddress) + healthOffset, mjs.FLOAT, (err, value) => {
// ...
})
Printing these values out to hex shows up like this:
Base address: 1150000
Local player offset: 2f457fc
Health offset: 2280e0
Base + Local Player 40957fc
Health address: 42bd8dc
This is of-course being printed with .toString(16)
Not really sure what I'm doing wrong, as it grabs the correct value in C++ but not in memoryjs (I'm probably doing something wrong).
While I am trying to run memoryjs in electron i get this error.
https://pasteboard.co/J5O7ZC3.png
Hi,
is there any way to set a maximum character count when reading strings? or maybe there is a workaround for this issue?
I'm trying to use memory.js to read the in game data, such as location, of Red Dead Redemption 2, to display it in Discord. My only issue is that the same memory addresses stop working at random after a while.
I checked with Cheat Engine to make sure the addresses haven't changed between gaming sessions and from what I've seen they haven't. The addresses I use still display the same values.
Memory.js gives me the following error:
TypeError: unable to read string (no null-terminator found after 1 million chars)
at Object.readMemory (C:\bots\node_modules\memoryjs\index.js:104:23)
at test (C:\bots\index.js:42:32)
At line 42 in my code is the ReadMemory function:
memoryjs.readMemory(handle, address, memoryjs.STRING)
Now it only supports Windows. Is it possible to support other operating systems? Or can you list some reading materials about process memory reading? Thanks all the same.
Just a feature request,
Can we open a process by id, specifying it by detecting if the argument is a string or int?
Rather than Process process
could the library store the handle for re-use and support multiple processes?
A js object could be returned exposing methods which use that process handle, or similar to how SetTimeout works in js that you get a number you can put in to the functions as an arg.
Handle can just be passed as is as if it were an unsigned integer or by using a map of PID to handle.
I know I have done this in the past with node-ffi but a native module seems nicer to use.
Any thoughts?
Could you please add some more simple examples. Like how to find numbers address in 'calc.exe'.
const memoryjs = require('memoryjs');
const processName = "calc.exe";
/*
And then what ? How to find '5' in process ? How to get adress of this value and change it ?
*/
X:\Dokumente\p410n3.JS\node_modules\memoryjs\index.js:64
memoryjs.readMemory(handle, address, dataType.toLowerCase(), callback);
^
TypeError: fourth argument must be a function
at Object.readMemory (X:\Dokumente\p410n3.JS\node_modules\memoryjs\index.js:
64:14)
at Object.<anonymous> (X:\Dokumente\p410n3.JS\node_modules\memoryjs\example1
.js:86:61)
at Module._compile (module.js:652:30)
at Object.Module._extensions..js (module.js:663:10)
at Module.load (module.js:565:32)
at tryModuleLoad (module.js:505:12)
at Function.Module._load (module.js:497:3)
at Function.Module.runMain (module.js:693:10)
at startup (bootstrap_node.js:191:16)
at bootstrap_node.js:612:3
I need writeMemory with value 144 (NOP) in address 0x74542B with 8 bytes of size in GTA San Andreas.
I trying use long datatype to this but it does not happen as expected.
memoryjs.writeMemory(processObject.handle, 0x74542B, 144, 'long')
What is the right datatype or how do I make size be 8 bytes??
Hi. Firstly, excellent library here, thank you so much for your work on it.
I've been retrieving the first module for a process, in both robot-js and memoryjs and I noticed the base address seems to be different in both. I'm not sure if it's something I'm doing wrong, or if it's an issue with offset values, or maybe the data type is too small in the C code. You can see the precision is greater in robotjs, but even the lower precision values seem different too.
The szExePath matches in both, but the modBaseAddr
varies.
In memoryjs:
require("memoryjs").getModules(targetProcess.th32ProcessID)[0].modBaseAddr
Value: 1407975424
In robotjs:
targetProcess.getModules()[0].getBase()
Value: 140695946657792
I tried changing some of the types to long
in the C code, but I'm a JS dev and am useless with C :D
Thanks!
I need to read a pointer from memory, and there is nothing available to specify the address is a pointer
for example, in Frida, I would do something like
var mem = Memory.readFloat(ptr(addr));
but I don't seem to have ptr()
available in this library.
Hi guys, would like to ask how i'm going to freeze address value like ce? i'd try in looping but i got detected. thanks
First of all this library is amazing, ive been having tons of fun with it since Yesterday.
But while trying out writing bytearrays i noticed that it seems to be not possible to allocate new memory with this library. If you could allocate new memory in a process, then you could write way more Advanced assemly to inject into the game, since jumping to the new memory Location would give you tons of space to inject assemly.
Would it be possible to implement memory allocation in the library?
For patching values in memory at runtime of already compiled exe's with a GUI I wanted to use node webkit. (Server manager to spawn processes and keep em alive already done in an old version)
Here are my build notes if it might help others wanting to use this in NW or perhaps the newer Electron.
We need to install nw-gyp and configure target to the appropriate version of node webkit and architecture.
If you are not sure what version of Node Webkit you have.
You can run this in the debug console.
console.log("nw " + process.versions.nw + " " + process.arch + " node " + process.versions.node)
Note: I am using Python 2.7.12 for compiling.
https://www.python.org/downloads/release/python-2712/
I run the command from a Visual Studio 2017 command prompt window and have already changed directory to the memoryjs directory.
Note: I have nw version 0.15.4 and x64.
Change yours as needed below.
npm install -g nw-gyp
nw-gyp clean configure build --arch=x64 --target=0.15.4
If you get gyp info ok
you should be good to go.
Hello can you explain how to read memory ? I ve an adress and i know this value from this adress and value is always integer but function returning always 0. Here is my code.
const memoryjs = require('memoryjs');
const processObject = memoryjs.openProcess('client_ogl.exe');
console.log(processObject);
const manaValue = memoryjs.readMemory(processObject, '15562EE4', 'int');
console.log('mana ' + manaValue);
Hey mate, really like this but i have problems with the string format and errors.
If i use string as type it just dies and even if i set a data type which not exists it also just dies i never get an error. (using async callback if i just use it static it thwrows one for unknown data type but not for string)
Everything else works nice Win10 x64.
I read in the other issue you dont have much time for this anymore but i would love to get a fix for this cause i am at the moment dont have the skills to debug it myself.
Thanks
memory.h 23:
char* readBuffer(HANDLE hProcess, DWORD64 address, SIZE_T size) {
char* buffer = new char[size];
ReadProcessMemory(hProcess, (LPVOID)address, buffer, size, NULL);
return buffer;
}
Random crash
Hi. I trying to install memoryjs with npm install Rob--/memory's
and getting error
c:\users\sergey\desktop\offset-dumper\node_modules\memoryjs\lib\functions.h(39): error C2039: call: not a member "functions" (file: ..\lib\functions.cc) [C:\Users\Sergey\Desktop\offset-dumper\node_module s\memoryjs\build\memoryjs.vcxproj]
There is no problem when installing from npm, only from GitHub.
make: Entering directory '/media/akshaya/New Volume/ctonode/node_modules/memoryjs/build'
CXX(target) Release/obj.target/memoryjs/lib/memoryjs.o
../lib/memoryjs.cc:3:21: fatal error: windows.h: No such file or directory
#include <windows.h>
^
compilation terminated.
memoryjs.target.mk:103: recipe for target 'Release/obj.target/memoryjs/lib/memoryjs.o' failed
make: *** [Release/obj.target/memoryjs/lib/memoryjs.o] Error 1
make: Leaving directory '/media/akshaya/New Volume/ctonode/node_modules/memoryjs/build'
Trying to get the hang of this before moving on to doing what I originally set out to, but can't even get a simple test to work. I've got a notepad window open with the text "Hello World!" and I'm trying to find it with this code:
const memoryjs = require('memoryjs');
const processes = memoryjs.getProcesses();
var p;
for (let i = 0; i < processes.length; i++) {
if (processes[i].szExeFile == 'notepad.exe') {
p = memoryjs.openProcess(processes[i].th32ProcessID);
}
}
}
addr = memoryjs.findPattern(p.handle, 'notepad.exe', /^H/, memoryjs.STRING, 0, 0);
txt = memoryjs.readMemory(p.handle, addr, memoryjs.STRING);
console.log(txt); // outputs 'MZ', but should output 'Hello World!'
MZ is apparently the magic byte identifying a DOS executable, so I have a feeling it's getting this string from the actual notepad.exe file in memory. Not what I want.
MemoryJS can't find engine.dll or client.dll
All modules:
csgo.exe
ntdll.dll
wow64.dll
wow64win.dll
wow64cpu.dll
P.s even if I use example.js
when i call "readBuffer"
maybe call once or 5-8times
electron turn to whtie page and devtools only left “DevTools was disconnected from the page……”
Does this work in Mac?
I'm trying to install it and getting this errors:
$ npm install memoryjs
> [email protected] install /Users/myuser/myproject/node_modules/memoryjs
> node-gyp rebuild
gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
gyp WARN download NVM_NODEJS_ORG_MIRROR is deprecated and will be removed in node-gyp v4, please use NODEJS_ORG_MIRROR
CXX(target) Release/obj.target/memoryjs/lib/memoryjs.o
../lib/memoryjs.cc:2:10: fatal error: 'windows.h' file not found
#include <windows.h>
^~~~~~~~~~~
1 error generated.
make: *** [Release/obj.target/memoryjs/lib/memoryjs.o] Error 1
gyp ERR! build error
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:258:23)
gyp ERR! stack at emitTwo (events.js:125:13)
gyp ERR! stack at ChildProcess.emit (events.js:213:7)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:197:12)
gyp ERR! System Darwin 17.6.0
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/myuser/myproject/node_modules/memoryjs
gyp ERR! node -v v8.1.3
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok
npm WARN enoent ENOENT: no such file or directory, open '/Users/myuser/myproject/package.json'
npm WARN dev-csgo No description
npm WARN dev-csgo No repository field.
npm WARN dev-csgo No README data
npm WARN dev-csgo No license field.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/myuser/.npm/_logs/2018-06-26T20_13_58_457Z-debug.log
$
If you want to write .code sections of memory you need to set the memory protections.
And possibly a flush instruction cache.
A way I have done this in the past is to make a SetProtection method.
DWORD SetProtection(void* m_address, DWORD m_size, DWORD protection = PAGE_EXECUTE_READWRITE);
DWORD SetProtection(void* m_address, DWORD m_size, DWORD protection)
{
DWORD dwOldProtect;
VirtualProtect(m_address, m_size, protection, &dwOldProtect);
return dwOldProtect;
}
Then you can call it prior to writing over some memory, storing the return value, then use that return value to return the memory protections back to how they were.
void MemCpyProtected(void* m_address, const void* bytes, DWORD size)
{
DWORD d = SetProtection(m_address, size);
memcpy(m_address, bytes, size);
SetProtection(m_address, size, d);
}
Ik title isnt kinda good probably..
So i managed to read the pointer and the value of the address it points to but i got stuck at some other stuff.
So i need to read: "ac_client.exe"+0010F4F8
which as far as i know it should be: modBaseAddr + 0x0010F4F8
and then i add the offset to the address i get with this but i get the wrong value at the end.
So i succesfully compiled memoryjs in node environment, but i would like to use it in browser enviro mnent and i get this error:
https://pasteboard.co/J5O0LRB.png
It seems to be problem with that thing browser didn't support require()
import. I tried bundle file with browserify but it didnt works also tried requireJS but same result or i'm doing something wrong.
You should consider adding functionality to calling functions by address. The equivalent in C would be
int ( __cdecl *addValues )( int a, int b ) = ( int ( __cdecl* )( int, int ) )0xDEADBEEF;
Once I had the following situation. I ran a code where 2 pattern searches in normal mode are done. The first was correctly done, but the resulting address of the second search gave me just the base address of the module.
My code looks like this:
let pattern = Buffer.from('some string value').toString('hex').replace(/..\B/g, '$& ');
let address = memoryjs.findPattern(processObject.handle, module.szModule, pattern, memoryjs.NORMAL, 0, 0);
pattern = Buffer.alloc(4);
pattern.writeUInt32LE(address);
pattern = pattern.toString('hex').replace(/..\B/g, '$& ');
// doesn't work with memoryjs version > 3.0.2
address = memoryjs.findPattern(processObject.handle, module.szModule, pattern, memoryjs.NORMAL, 0, 0);
After some testing I found out, that for some reason I cannot explain yet, using a variable for the pattern string leads to the problem. The changes to lib/memoryjs.cc were made after version 3.0.2.
So this will have problems...
const char* pattern = std::string(*signature).c_str();
...
address = Pattern.findPattern(handle, moduleEntries[i], pattern, sigType, patternOffset, addressOffset);
...and this will work fine.
address = Pattern.findPattern(handle, moduleEntries[i], std::string(*signature).c_str(), sigType, patternOffset, addressOffset);
Alright, so I've tried multiple times to write a string back to memory, the string is the same length just the original text but reversed to make it a noticeable change.
This is the code I'm using to read the address and I know it is working perfectly to get me the value of the address.
let processName = "game.exe";
memory.openProcess(processName, (error, processObject) => {
console.log(`Game PID: ${processObject.th32ProcessID}`);
let exe = memory.findModule(processName, processObject.th32ProcessID);
console.log(`Module PID: ${exe.th32ProcessID}`);
let addr = `0x${(exe.modBaseAddr + 0x2829BFC).toString(16)}`;
console.log(`Username Address: ${addr}`);
let processMemory = memory.readMemory(processObject.handle, addr, 'string');
console.log(`Current Value: ${processMemory}`);
});
I was going through some trouble at first reading until I changed the handle in the readMemory spot to the one from the original process instead of the module.
I've tried writting like this with both handles and none of them seem to have any effect of the memory.
setTimeout(() => {
console.log(`Attempting to change the value now.`);
setTimeout(() => {
memory.writeMemory(processObject.handle, addr, updatedUsername, 'string');
}, 100);
setTimeout(() => {
let processMemorynew = memory.readMemory(processObject.handle, addr, 'string');
console.log(`This is the value now: ${processMemorynew}`);
}, 500);
}, 1000);
The value never changes, I originally thought this was a permissions issue with windows but even in the Administrator CMD nothing seems to happen. I've also tried using setProtection before the writeMemory on the same address and it still seems to have no effect.
memory.setProtection(processObject.handle, addr, updatedUsername.length, memory.PAGE_EXECUTE_READWRITE);
If anyone happens to know what I can do to fix this or if I'm doing anything wrong. I'm able to change all the memory values I'm trying to change with this in other memory editors perfectly fine.
(Note: I would like to add this is a 64-bit process and I'm not sure if this matters or not with how it's done on the C++ side of it.)
I saw in the last reports some issues or more some difficutlies in understanding how to use pointers in memoryjs.
Im also struggling with pointers in memoryjs, so is this framework already dead?
Here the pointer:
https://imgur.com/3eXW7LL
`
const memoryjs = require('memoryjs');
let offset_life = 0x01FC50F8;
const memRead = async() => {
memoryjs.openProcess("SildMerlin_x64Steam.exe", async(error, processObject) => {
if(error){
console.log('1ERR:' + error)
return;
}else{
console.log(processObject)
}
memoryjs.findModule(processObject.szExeFile, processObject.th32ProcessID, async (error, processModule) => {
if (error) {
console.log('2ERR:' + error)
return;
} else {
console.log(processModule)
}
let life = memoryjs.readMemory(processObject.handle, (processModule.modBaseAddr + offset_life), 'int');
console.log(life);
});
});
}
memRead();
`
i would really like to know why the pointer cannot be found, btw in CE and C++ its not a problem, please enlight me
const memoryjs = require('memoryjs')
memoryjs.openProcess('notepad++.exe', (error, process) => {
if (error) { console.log(error) }
memoryjs.findPattern(process.handle, 'notepad++.exe', '65 6C 6C ? 20 57 6F 72 6C 64 21', memoryjs.NORMAL, 0, 0, (error, offset) => {
console.log(offset)
})
});
No matter what process name I use, or pattern, the above code will always output this:
18446744073709552000
Which is of course incorrect. And looking at notepad++.exe
's memory using Cheat Engine I can see Hello World!
is definitely in the its memory, infact in three different locations, and not in utf16
format (it doesn't have 00
between each character).
But using the address found via Cheat Engine to read the text I typed in notepad++.exe
works correctly:
memoryjs.readMemory(process.handle, 0x1A338732FB0, 'string', (error, data) => {
console.log(data)
})
Will output:
Hello World!
Could we get some declaration files for typescript?
Hello!
As the title says im new to this and i have an issue.
I would like to ask how do i get the address of the specific value in the memory?
Hi, do you have a date for the DLL injection feature ?
So i tried getting modules with no success.
If i get "hl2.exe" (cs:s) and i try to get modules with its th32ProcessID i get wrong modules (i need client.dll):
[ { modBaseAddr: 4194304,
modBaseSize: 114688,
szExePath: 'C:\\Games\\Counter-Strike Source\\hl2.exe',
szModule: 'hl2.exe',
th32ModuleID: 9764 },
{ modBaseAddr: 140734740627456,
modBaseSize: 1970176,
szExePath: 'C:\\Windows\\SYSTEM32\\ntdll.dll',
szModule: 'ntdll.dll',
th32ModuleID: 9764 },
{ modBaseAddr: 2009464832,
modBaseSize: 335872,
szExePath: 'C:\\Windows\\System32\\wow64.dll',
szModule: 'wow64.dll',
th32ModuleID: 9764 },
{ modBaseAddr: 2009923584,
modBaseSize: 491520,
szExePath: 'C:\\Windows\\System32\\wow64win.dll',
szModule: 'wow64win.dll',
th32ModuleID: 9764 },
{ modBaseAddr: 2009858048,
modBaseSize: 40960,
szExePath: 'C:\\Windows\\System32\\wow64cpu.dll',
szModule: 'wow64cpu.dll',
th32ModuleID: 9764 } ]
I also tried running npm run build32
in memoryjs root but it crashes if i try to run it:
\node_modules\memoryjs\build\Release\memoryjs.node is not a valid Win32 application.
I've got a bunch of addresses from cheat engine. I can read ints just fine
memoryjs.readMemory(0xCA11F4, memoryjs.INT)
But i have never been able to read a string. memoryjs.STRING memoryjs.STR
Is this a bug?
Doing this async and printing the error gives nothing either
Using node version 6~
Update after trying some more stuff
Installed node version 6.9.1 32bit according to the instructions, since my application i want to read is 32bit. with nvm
npm run build32 inside project/node_modules/memoryjs
Now im getting this error
module.js:597
return process.dlopen(module, path._makeLong(filename));
^
Error: %1 is not a valid Win32 application.
My application is surely 32bit. As seen in task manager -> details -> platform
Help would be greatly appreciated, memoryjs seems awesome.
Can't seem to figure it out .
Yo! Really good library so far apart from one problem. Async findpattern is not working properly, it doesn't execute the callback, even if I change the arguments to 6 in index.js (if (arguments.length === 6)) - compile it new, it still does not work. No idea how to fix it since I'm not a cpp programmer, but the callback does not execute. Also when using the sync method, I noticed that when I used the build in types for example memoryjs.READ | memoryjs.SUBTRACT the wrong offset returns. However, when I use hexadecimals (0x1 | 0x2) it gives the correct offset.
Regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.