Difference between revisions of "Process Module"
m |
|||
| Line 1: | Line 1: | ||
| − | == open | + | == open == |
'''procHandle process.open(number procId)''' | '''procHandle process.open(number procId)''' | ||
| Line 5: | Line 5: | ||
| − | == close | + | == close == |
'''process.close(handle procHandle)''' | '''process.close(handle procHandle)''' | ||
| Line 11: | Line 11: | ||
| − | == read | + | == read == |
'''number|string process.read(handle procHandle, string type, number address[, number length])''' | '''number|string process.read(handle procHandle, string type, number address[, number length])''' | ||
| Line 21: | Line 21: | ||
| − | == readPtr | + | == readPtr == |
'''number|string process.readPtr(handle procHandle, string type, number address, number|table offsets[, number length])''' | '''number|string process.readPtr(handle procHandle, string type, number address, number|table offsets[, number length])''' | ||
| Line 30: | Line 30: | ||
| − | == readBatch | + | == readBatch == |
'''table process.readBatch(handle procHandle, number address, string mask)''' | '''table process.readBatch(handle procHandle, number address, string mask)''' | ||
| Line 83: | Line 83: | ||
"3i" means "read 3 integers" while "3c" means "read a string of length 3". | "3i" means "read 3 integers" while "3c" means "read a string of length 3". | ||
| − | == readChunk | + | == readChunk == |
'''chunk process.readChunk(handle procHandle, number address, number size)''' | '''chunk process.readChunk(handle procHandle, number address, number size)''' | ||
| Line 92: | Line 92: | ||
The chunk is an object that you can then use to extract the various data from. It is generally faster to read a chunk then extract from it than it is to do many single reads with process.read(). | The chunk is an object that you can then use to extract the various data from. It is generally faster to read a chunk then extract from it than it is to do many single reads with process.read(). | ||
| − | == write | + | == write == |
'''boolean process.write(handle procHandle, string type, number address, string|number data)''' | '''boolean process.write(handle procHandle, string type, number address, string|number data)''' | ||
| Line 101: | Line 101: | ||
| − | == writePtr | + | == writePtr == |
'''boolean process.writePtr(handle procHandle, string type, number address, number|table offsets, number|string data)''' | '''boolean process.writePtr(handle procHandle, string type, number address, number|table offsets, number|string data)''' | ||
| Line 110: | Line 110: | ||
| − | == findPattern | + | == findPattern == |
'''number process.findPattern(handle procHandle, number address, number length, string bitmask, string szmask)''' | '''number process.findPattern(handle procHandle, number address, number length, string bitmask, string szmask)''' | ||
| Line 120: | Line 120: | ||
| − | == findByWindow | + | == findByWindow == |
'''number process.findByWindow(number hwnd)''' | '''number process.findByWindow(number hwnd)''' | ||
| Line 127: | Line 127: | ||
| − | == findByExe | + | == findByExe == |
'''number process.findByExe(string procname)''' | '''number process.findByExe(string procname)''' | ||
| Line 133: | Line 133: | ||
| − | == getModuleAddress | + | == getModuleAddress == |
'''number process.getModuleAddress(number procId, string moduleName)''' | '''number process.getModuleAddress(number procId, string moduleName)''' | ||
| Line 140: | Line 140: | ||
| − | == getModules | + | == getModules == |
'''table process.getModuleAddress(number procId)''' | '''table process.getModuleAddress(number procId)''' | ||
| Line 147: | Line 147: | ||
| − | == attachInput | + | == attachInput == |
'''boolean process.attachInput(number hwnd)''' | '''boolean process.attachInput(number hwnd)''' | ||
| Line 153: | Line 153: | ||
| − | == detachInput | + | == detachInput == |
'''boolean process.detachInput(number hwnd)''' | '''boolean process.detachInput(number hwnd)''' | ||
| Line 160: | Line 160: | ||
| − | == is32bit | + | == is32bit == |
'''boolean process.is32bit(handle proc)''' | '''boolean process.is32bit(handle proc)''' | ||
| Line 166: | Line 166: | ||
| − | == is64bit | + | == is64bit == |
'''boolean process.is64bit(handle proc)''' | '''boolean process.is64bit(handle proc)''' | ||
Returns true if the target process is 64-bit. | Returns true if the target process is 64-bit. | ||
Revision as of 20:17, 23 January 2015
Contents
open
procHandle process.open(number procId)
Attempt to open and return a handle to a process for reading/writing. Accepts only the process's ID.
close
process.close(handle procHandle)
Closes an opened handle. If you set an open handle to nil, or if a handle goes out of scope, it will automatically close itself.
read
number|string process.read(handle procHandle, string type, number address[, number length])
Attempt to read memory from process 'procHandle' at the given address. 'type' should be "byte", "ubyte", "short", "ushort", etc. When reading a string, a maximum bytes to read should be given as 'length', otherwise do not specify length.
The type of data returned depends on the type requested. That is, requesting a byte, short, int, int64, float, or double returns a number while requesting a string returns a string. If this function should fail, it will return nil.
readPtr
number|string process.readPtr(handle procHandle, string type, number address, number|table offsets[, number length])
Exactly like process.read(), except it reads from a pointer.
'offsets' can be a number (single offset) or a table (multiple offsets). If a table is given for 'offsets', each value should be of type number.
readBatch
table process.readBatch(handle procHandle, number address, string mask)
Attempt to read memory from process 'proc' at the given address. 'mask' dictates what type(s) and how many variables should be read. Each character in 'mask' specifies the type to read or skip. A number prefixing the type can dictate the number to read (number types) or the length of a string.
| Character | Type |
| b | byte |
| B | unsigned byte |
| s | short |
| S | unsigned short |
| i | int |
| I | unsigned int |
| h | int64 |
| H | unsigned int64 |
| f | float |
| F | double |
| c | string |
| _ | (skip ahead; do not return this) |
"3i" means "read 3 integers" while "3c" means "read a string of length 3".
readChunk
chunk process.readChunk(handle procHandle, number address, number size)
See also: MemoryChunk_class
Reads a chunk of memory of a given size from a location. 'size' represents the number of bytes to read.
The chunk is an object that you can then use to extract the various data from. It is generally faster to read a chunk then extract from it than it is to do many single reads with process.read().
write
boolean process.write(handle procHandle, string type, number address, string|number data)
Attempt to write memory to process 'proc' at the given address. 'type' does not need to indicate signedness. (do not includes 'u' prefix) Strings also do not require length to be given.
Returns true on success, false on failure.
writePtr
boolean process.writePtr(handle procHandle, string type, number address, number|table offsets, number|string data)
See process.write().
'offsets' can be a number (single offset) or a table (multiple offsets). If a table is given for 'offsets', each value should be of type number.
findPattern
number process.findPattern(handle procHandle, number address, number length, string bitmask, string szmask)
Attempt to find a pattern within a process, beginning at memory address 'address', with a max scan length of 'length' (in bytes). 'bitmask' should contain an 'x' for a match, and '?' for wildcard. i.e. "xxxx?xx" 'szmask' should contain the actual data we are checking against for a match. i.e. "ABCD?FG"
Returns a number (the found address) on success and nil on failure or not found.
findByWindow
number process.findByWindow(number hwnd)
Returns the process ID that a window with handle 'hwnd' is owned by. If the function fails, it returns nil.
findByExe
number process.findByExe(string procname)
Look up a process ID by checking for its running executable. i.e. "explorer.exe"
getModuleAddress
number process.getModuleAddress(number procId, string moduleName)
Look up the address of a module within a process and return its origin address. Often this is used to lookup the location where a DLL is loaded. 'moduleName' should be the full name. i.e. "whatever.dll" If the function fails or it could not locate the module, it returns nil.
getModules
table process.getModuleAddress(number procId)
Returns a table of key/value pairs of every module found within the process specified by the process ID. Module names will be the key and the address within the program will be the value. If the function fails, it returns nil.
attachInput
boolean process.attachInput(number hwnd)
Attach our input thread to the target window. Returns true on success, false on failure.
detachInput
boolean process.detachInput(number hwnd)
Detach our input thread from the target window. Returns true on success, false on failure.
is32bit
boolean process.is32bit(handle proc)
Returns true if the target process is 32-bit.
is64bit
boolean process.is64bit(handle proc)
Returns true if the target process is 64-bit.
