Hello,
Is there an MHS API reference somewhere? I'm trying to script RAMSearch and need to know what to fill the LP_MHS_API_SEARCH_PARAMS structure.
Thanx,
CMR
RAMSearch() Syntax?
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
6 posts • Page 1 of 1
RAMSearch() Syntax?
by CodeMaster.Rapture » Mon Mar 17, 2008 8:19 am
- CodeMaster.Rapture
- Hackleberry Fin
- Posts: 20
- Joined: Sun Mar 16, 2008 2:15 pm
by mezzo » Mon Mar 17, 2008 9:09 am
it's all in the helpfile
BOOL RAMSearch(
LPMHS_API_SEARCH_PARMS lpsParms)
Scans the process RAM using the type of search specified by lpsParms->dwType (LS_DATATYPE, LS_POINTER, or LS_STRING) using the search-specific options.
LS_DATATYPE:
lpsParms->TypeParms.dtParms.dwDataType can be one of MT_CHAR, MT_BYTE, MT_SHORT, MT_USHORT, MT_LONG, MT_ULONG, MT_FLOAT, or MT_DOUBLE, and this determines how lpsParms->TypeParms.dtParms.atValue and lpsParms->TypeParms.dtParms.atTo are decoded.
lpsParms->TypeParms.dtParms.dwSubType can be one of ST_EXACT, ST_NOTEQUALTO, ST_RANGE, ST_LOWERTHAN, ST_GREATERTHAN, or ST_UNKNOWN. If ST_RANGE, the lpsParms->TypeParms.dtParms.atTo value is used.
LS_POINTER:
lpsParms->TypeParms.pParms.dwSubType can be one of ST_EXACT, ST_NOTEQUALTO, ST_RANGE, ST_LOWERTHAN, ST_GREATERTHAN, or ST_UNKNOWN. If ST_RANGE, the lpsParms->TypeParms.pParms.atTo value is used.
Set lpsParms->TypeParms.pParms.lpvSaveOffset to NULL if you do not wish to save offsets from any addresses, otherwise set it to the address from which you wish to save offsets.
LS_STRING:
lpsParms->TypeParms.sParms.pcValue indicates the byte array to find (not necessarily terminated with a NULL character).
lpsParms->TypeParms.sParms.dwLength indicates the length of the byte array to find.
BOOL RAMSearch(
LPMHS_API_SEARCH_PARMS lpsParms)
Scans the process RAM using the type of search specified by lpsParms->dwType (LS_DATATYPE, LS_POINTER, or LS_STRING) using the search-specific options.
LS_DATATYPE:
lpsParms->TypeParms.dtParms.dwDataType can be one of MT_CHAR, MT_BYTE, MT_SHORT, MT_USHORT, MT_LONG, MT_ULONG, MT_FLOAT, or MT_DOUBLE, and this determines how lpsParms->TypeParms.dtParms.atValue and lpsParms->TypeParms.dtParms.atTo are decoded.
lpsParms->TypeParms.dtParms.dwSubType can be one of ST_EXACT, ST_NOTEQUALTO, ST_RANGE, ST_LOWERTHAN, ST_GREATERTHAN, or ST_UNKNOWN. If ST_RANGE, the lpsParms->TypeParms.dtParms.atTo value is used.
LS_POINTER:
lpsParms->TypeParms.pParms.dwSubType can be one of ST_EXACT, ST_NOTEQUALTO, ST_RANGE, ST_LOWERTHAN, ST_GREATERTHAN, or ST_UNKNOWN. If ST_RANGE, the lpsParms->TypeParms.pParms.atTo value is used.
Set lpsParms->TypeParms.pParms.lpvSaveOffset to NULL if you do not wish to save offsets from any addresses, otherwise set it to the address from which you wish to save offsets.
LS_STRING:
lpsParms->TypeParms.sParms.pcValue indicates the byte array to find (not necessarily terminated with a NULL character).
lpsParms->TypeParms.sParms.dwLength indicates the length of the byte array to find.
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by CodeMaster.Rapture » Mon Mar 17, 2008 11:38 am
Thank you.
Either I'm a freakin moron who can't read, or I'm missing something important. I haven't found anything in the Help files that states what all the parameters are. I need to know what is in the structure so I know what to fill it with.
This is what I got out of the help file:
Did I miss something somewhere???
Thanx,
CMR
Either I'm a freakin moron who can't read, or I'm missing something important. I haven't found anything in the Help files that states what all the parameters are. I need to know what is in the structure so I know what to fill it with.
This is what I got out of the help file:
- Code: Select all
LPMHS_API_SEARCH_PARMS lpsParms;
lpsParams->dwType = LS_POINTER;
lpsParams->TypeParms.pParms.dwSubType = ST_EXACT;
/*
Missing:
Value to be searched for
Option->Find Static Only?
Option->Enable "Same as Original: Sub Search
*/
RAMSearch(lpsParams);
Did I miss something somewhere???
Thanx,
CMR
- CodeMaster.Rapture
- Hackleberry Fin
- Posts: 20
- Joined: Sun Mar 16, 2008 2:15 pm
by L. Spiro » Mon Mar 17, 2008 11:49 am
From the help file:
All structures, unions, enumerations, and functions are listed in the help file.
The Predefined Structs & Unions and Predefined Enums topics may be of interest.
L. Spiro
- Code: Select all
union MHS_ALLTYPES {
signed char Char; // Offset: 0, Size: 1.
unsigned char Byte; // Offset: 0, Size: 1.
signed short Short; // Offset: 0, Size: 2.
unsigned short UShort; // Offset: 0, Size: 2.
signed int Int; // Offset: 0, Size: 4.
unsigned int UInt; // Offset: 0, Size: 4.
signed __int64 Int64; // Offset: 0, Size: 8.
unsigned __int64 UInt64; // Offset: 0, Size: 8.
float Float; // Offset: 0, Size: 4.
double Double; // Offset: 0, Size: 8.
}; // Size: 8.
struct DATATYPEPARMS {
unsigned int dwDataType; // Offset: 0, Size: 4.
unsigned int dwSubType; // Offset: 4, Size: 4.
int bEnableSame; // Offset: 8, Size: 4.
MHS_ALLTYPES atValue; // Offset: 12, Size: 8.
MHS_ALLTYPES atTo; // Offset: 20, Size: 8.
}; // Size: 28.
struct POINTERPARMS {
unsigned int dwSubType; // Offset: 0, Size: 4.
int bEnableSame; // Offset: 4, Size: 4.
int bStatic; // Offset: 8, Size: 4.
void * lpvSaveOffset; // Offset: 12, Size: 4.
MHS_ALLTYPES atValue; // Offset: 16, Size: 8.
MHS_ALLTYPES atTo; // Offset: 24, Size: 8.
}; // Size: 32.
struct STRINGPARMS {
const char * pcValue; // Offset: 0, Size: 4.
unsigned int dwLength; // Offset: 4, Size: 4.
int bUnicode; // Offset: 8, Size: 4.
int bOffsets; // Offset: 12, Size: 4.
unsigned char bOffFrom; // Offset: 16, Size: 1.
unsigned char bOffTo; // Offset: 17, Size: 1.
}; // Size: 18.
struct SCRIPTPARMS {
int iDataSize; // Offset: 0, Size: 4.
int iAlign; // Offset: 4, Size: 4.
const char * pcCallback; // Offset: 8, Size: 4.
const char * pcDecoder; // Offset: 12, Size: 4.
const char * pcSetup; // Offset: 16, Size: 4.
}; // Size: 20.
union TP {
DATATYPEPARMS dtParms; // Offset: 0, Size: 28.
POINTERPARMS pParms; // Offset: 0, Size: 32.
STRINGPARMS sParms; // Offset: 0, Size: 18.
SCRIPTPARMS scParms; // Offset: 0, Size: 20.
}; // Size: 32.
struct MHS_API_SEARCH_PARMS {
unsigned int dwType; // Offset: 0, Size: 4.
void * lpvStart; // Offset: 4, Size: 4.
void * lpvEnd; // Offset: 8, Size: 4.
int bAligned; // Offset: 12, Size: 4.
TP TypeParms; // Offset: 16, Size: 32.
}; // Size: 48.
All structures, unions, enumerations, and functions are listed in the help file.
The Predefined Structs & Unions and Predefined Enums topics may be of interest.
L. Spiro
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by mezzo » Mon Mar 17, 2008 4:41 pm
you do know there are excellent scripting examples of ramsearch in the helpfile, right ?
open the helpfile, select the 3e tab (search) and type the following in the searchbox:
"Programmatic in the Script"
you will receive one result; the 'search examples' page....
That page has so many good examples, you MUST read it
enjoy
open the helpfile, select the 3e tab (search) and type the following in the searchbox:
"Programmatic in the Script"
you will receive one result; the 'search examples' page....
That page has so many good examples, you MUST read it
enjoy
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
6 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests