Difference between revisions of "Lua:md5memory"

function md5memory(address, size) : string

Calculates and returns the MD5 checksum of a block of memory starting at the specified address. The result is returned as a lowercase hexadecimal string (32 hex characters). This is useful for integrity checks of memory regions, detecting runtime modifications, or comparing memory snapshots.

Function Parameters[edit]

Returns[edit]

A string containing the MD5 hash of the memory block in lowercase hexadecimal (e.g. 9e107d9d372bb6826bd81d3542a419d6).

Description[edit]

The function reads size raw bytes starting at address, computes the MD5 digest over those bytes, and returns the digest formatted as a 32-character lowercase hexadecimal string. If the memory region cannot be read (invalid address, insufficient permissions, or target process not available), the function may raise an error.

Usage Examples[edit]

-- Simple usage with numeric address
local hash = md5memory(0x401000, 1024)
print("MD5: " .. hash)  -- e.g. MD5: 9e107d9d372bb6826bd81d3542a419d6

-- Using a module+offset string
local hash2 = md5memory("kernel32.dll+0x1234", 256)
print("Region MD5: " .. hash2)

-- Output:
-- MD5: a754c02f5e872ca0008b37755928a914 
-- Region MD5: 215a614d8b4156943fe865bb7d5e2c8c 

Notes[edit]

• The function hashes the raw bytes read from memory; CPU endianness or text encoding does not affect the MD5 result.
• Reading large regions can be slow and may consume significant memory depending on implementation; consider hashing in chunks if available.
• MD5 is not collision-resistant; do not rely on MD5 where collision resistance is required.
• When comparing MD5 strings, normalize case (lowercase) or use a case-insensitive comparison.
• Permission or process-targeting issues can prevent reading memory; ensure the correct process/context is selected before calling the function.