metick / dmalibrary Goto Github PK

Getting error: Failed to initialize keyboard hotkeys through kernel
idk why

typedef BOOLEAN(*ExDestroyHandleProc)(PVOID HandleTable, HANDLE Handle, PVOID HandleTableEntry);
SysCall<ExDestroyHandleProc>(NULL,NULL,NULL);

ERROR

I'm looking for some assistance in using the pattern scanning for this library.

When looking at the documentation for the function is seems that it requires being used like so.
offsets::GNAMES = mem.FindSignature("48 8D 0D ?? ?? ?? ?? 8B FA 75 0F", 0x9074D30, 0xaf8c000);
But when scanning the pattern and knowing that the good address is 0x9274D40 the function returns NULL. I see in the comment you used single ? not ?? for your sigs but i've tried both with no success?

Do you have any ideas of what im doing wrong. Ofc I've already init the process

Console output

loading libraries...
Successfully loaded libraries!
inizializing...
dumping memory map to file...
Dumped memory map!
FPGA ID: 4
DEVICE ID: 8960
success!
[+] VMMDLL_ConfigGet ID = 4 VERSION = 0.0
CR3 fixed
[+] Found Base Address for DungeonCrawler.exe at 0x00007FF6301D0000
[+] Found Base Size for DungeonCrawler.exe at 0x000000000AF8C000
Process information of DungeonCrawler.exe
PID: 37316
Base Address: 0x7ff6301d0000
Base Size: 0xaf8c000
Unable to get the GNames

Code:

int main(std::string args[])
{
    if (!mem.Init("DungeonCrawler.exe", true, false))
    {
        std::cout << "Failed to initilize DMA" << std::endl;
        return 1;
    }
    offsets::GNAMES = mem.FindSignature("48 8D 0D ? ? ? ? 8B FA 75 0F", 0x9074D30, 0xAD692D0);
    if (offsets::GNAMES != NULL) {
        printf("We got something thats not null for GNames 0x%llx",offsets::GNAMES);
    }
    else {
        printf("Unable to get the GNames");
    }
}

Winver: 22631.2861
InputManager -> gafAsyncKeyStateExport.

The code to get the user_session_state doesn't seem to be working, as evidenced by the fact that it doesn't read the correct value during the second step.

The following code is a demo of the code I split when I was conducting my research.

It reads 4 pid's 4 uses seems to be the same, do you have any suggestions?

Thank you for your work.

Hi, thanks for sharing library. Is there a way to read screen size via DMA?

Thanks

Recalling mem. init failed to initialize when restarting the exe to be read

Win11 / VS 2022

1 added leechcore.lib and vmmdll.lib to libs folder from https://github.com/ufrisk/MemProcFS/tree/master/includes/lib32
build solution fails with c++ versions

2 changed project versions to c++ 20
wcstombs may be unsafe issue

3 Added 4996 to disable specific warnings

cannot open source file "DMALibrary/Memory/Memory.h"
Cannot open Include file "DMALibrary/Memory/Memory.h"

4 added DMALibrary-Master to Additional Include Directories on the Example project

unresolved external symbol ::InitKeyboard
unresolved external symbol Memory::Memory

5 Added DMALibrary to References under the Example Project

Unresolved external symbol VMMDLL_MemFree
Unresolved external symbol VMMDLL_ReadEx
... etc

I have also tried adding the DMALibrary.lib(and the others) to a lib directory in the example project. But this is where I am currently stumped, I have remade the project several times and am unable to build the example project based on the most recent version of this repo.

I ran into this issue and notice all DMA sources I've examined don't verify the VMMDLL_MemReadEx the read byte count.
The reads can definitely fail. For instance I was using the VMMDLL_FLAG_NOPAGING trying to read from a process image.
In turned out that it was failing because the memory pages were not paged in.
VMMDLL_MemReadEx returned true but was only reading part of the memory.
I only found this out by verifying pcbReadOpt actually read count during troubleshooting.

Notice here for the VMMDLL_MemRead function in the MemProcFS source:
https://github.com/ufrisk/MemProcFS/blob/master/vmm/vmmdll.c#L745
There is such a check && (dwRead == cb)

So a suggestion if you want to catch potential problems, you could add these && (dwRead == cb) type checks to calls like:
https://github.com/Metick/DMALibrary/blob/Master/DMALibrary/Memory/Memory.cpp#L663

Seems like the keyboard sometimes doesn't want to initialize and a restart normally fixes it but was curious if it's possible to fix it. I think the offsets might change sometimes which causes the issue but unsure.

In having trouble optimizing the read speed with scatter read. For example if i use scatter read for view matrix, it updates the viewpoint after 1second or so. Instead with normal reads i get it all correct and it updates correctly but obviously i get lower fps.

Could it be that i have to use -norefresh or change refresh settings ?

Or am i using scatter read wrong?
Heres the code where i get the problem:

double a;
double b;
double c;
mem.AddScatterReadRequest(ScatterHandle, cameraRotationPtr, &a, sizeof(double));
mem.AddScatterReadRequest(ScatterHandle, cameraRotationPtr + Offsets::BOffset, &b, sizeof(double));
mem.AddScatterReadRequest(ScatterHandle, cameraRotationPtr + Offsets::COffset, &c, sizeof(double));
mem.ExecuteReadScatter(ScatterHandle, ProcId);

I got BSOD everytime when tried to use call_function or just rewrite IAT/EAT function for further hooking

Thank you.