C# Application Values Extractor

MastersWRC · Post by **MastersWRC** » March 26th, 2015, 8:56 pm

Guys, I'd like to introduce you a really simple tool, that most of you need so bad

.
WHY MAY I NEED THIS TOOL?
If you want to use Rainmeter as a "monitor" for a win32 application but there are no plugins for your app available, my solution is exactly what you need

. For example, you want to show FPS meter of FRAPS on separate monitor using Rainmeter. Unfortunately, FRAPS will not export the FPS value for you and there are no plugins for FRAPS available. Or you have an application with really

interface. You are sure you can enhance it with Rainmeter but once again, there are no plugins for this app and you are not able to export the values. If you need something, that will take data from the application and give this data to Rainmeter, here you are=)

HOW DOES IT WORK?
Basically my tool monitors the exact "pointer" offsets in RAM and redirects them in SysReg. Yes, that simple. It has no interface, it is really short but it does its' job well. Same as AIDA64 exports its' values to SysReg.

HOW DO I START?
All you need is:
1)Net.Framework 3.5 or 4 or later
2)CheatEngine/ArtMoney/OllyDBG/IDA Pro etc.
3)Searching for pointers in RAM ability

Optionally: Notepad++(extremely handy for our needs).

LET'S BEGIN!
No matter how scary it looks for you, this is really simple! Just follow the instructions and you'll be OK. I promise!
Copy/paste the code of my tool below in Notepad++ (simple notepad is absolutely OK)

Code: Select all

using System;
using System.IO;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using Microsoft.Win32;


class Program
{

const int PROCESS_WM_READ = 0x0010;
[DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, 
      int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
	  
	  
static void Main()
{
    try
    {
        		
          		
            while (true)
            {
                Throttle();
				Thread.Sleep(100);
				}
        
    }
    catch (Exception e)
    {
        Debug.WriteLine(e.Message);
    }
}
	 
	   
	 
    static void Throttle()
 {
  
        Process process = Process.GetProcessesByName("diagnost")[0]; 
        IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id); 

        int bytesRead = 0;
        byte[] buffer = new byte[8]; 
      
	  ReadProcessMemory((int)processHandle, 0x0021A998, buffer, buffer.Length, ref bytesRead);
  
		const string userRoot = "HKEY_CURRENT_USER\\Software\\Rainmeter\\RainRegExp";
        const string subkey = "DASH";
        const string keyName = userRoot + "\\" + subkey;
        string[] strings = {Encoding.Unicode.GetString(buffer)};
        Registry.SetValue(keyName, "Throttle", strings);
		
           }		
}

Now take a look at the infinite loop at lines 28-32:

Code: Select all

   
while (true)
{
Throttle();
Thread.Sleep(100);
}

"while (true)" is an infinite loop. Don't bother. What you need is "Throttle();" Replace "Throttle" with whatever word you like. If you want to retrieve FPS value - rename it "FPS();". If you want to retrieve quantity of gold in game, rename it "Gold();" or "Bucks();" or "123qwerty();".

Next line "Thread.Sleep(100)" slows down the tool to prevent CPU excessive load by adding simple pause for the process. The value "(100)" measures exact pause in milliseconds. If you want to refresh the process super-duper-fast, leave it as "100", but if this refresh rate is not that important, I suggest to make it around 350-600ms. So if we are trying to retrieve amount of Gold from the game with 750ms refresh rate. Our code will look like:

Code: Select all

   
while (true)
{
Gold();
Thread.Sleep(750);
}

Let's move on. Line 43:

Code: Select all

static void Throttle()

Here is the line that starts monitoring for you. You should replace "Throttle" with exact same word, you have used before(Gold, Bucks, 123qwerty etc.)

Now we have to set what address the tool should monitor for you. Google "pointers scan", there are tonns of tutorials on how to get CONSTANT offset of the value you are looking for. The pointer should look like this: "6F71C7B8". When you will receive the pointer, you will be able to paste it in my tool.
Lines 46-52:

Code: Select all

Process process = Process.GetProcessesByName("diagnost")[0]; 
        IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id); 
int bytesRead = 0;
        byte[] buffer = new byte[8]; 
      
	  ReadProcessMemory((int)processHandle, 0x6F71C7B8, buffer, buffer.Length, ref bytesRead);

Just insert the process' name (diagnost, game, notepad whatever), size to

byte[] buffer = new byte[8];

and the offset there and you are 90% complete!!
Line 58:

Code: Select all

        Registry.SetValue(keyName, "Throttle", strings);

This line creates string "Throttle" in registry hive: HKEY_CURRENT_USER\Software\Rainmeter\RainRegExp\Dash\ with YOUR VALUE!!!. 99% is already made.

Save the document as "*.cs" and locate "csc.exe" file in \Windows\Microsoft.NET\Framework\v#.#\ folder. Drag&Drop your previously saved "*.cs" file on the "csc.exe" and you will compile your own extracting tool! If everything was made right, you will receive "*.exe" file in the same folder that contains your "*.cs" source. Run your app, run your tool, use your

Code: Select all

[MeasureThrottle]
Measure=Registry
RegHKey=HKEY_CURRENT_USER
RegKey=Software\Rainmeter\RainRegExp\DASH
RegValue=Throttle

and you are done!! The tool will infinitely output the value to a registry for you with a specific refresh rate. Around 5Mb in RAM and 0,6% of CPU usage.

P.S.

If some C++ developer will have several hours free, it will be absolutely cool of him to make an interface for this tool.