Here's my search function:
DWORD CALLBACK FindValue(LPVOID lpParam){ MEMORY_BASIC_INFORMATION m; int nMatches = 0; LPSEARCHINFO s = (LPSEARCHINFO)lpParam; DWORD br, dwRegionSize, tmp; char lpTxt[100]; unsigned char *lpSearchBuffer; VirtualQueryEx(s->hProcess, (void *)0x00400000, &m, sizeof m); dwRegionSize = m.RegionSize; for(int i=(int)m.BaseAddress;i<0x80000000;i+=m.RegionSize) { VirtualQueryEx(s->hProcess, (void *)i, &m, sizeof m); if(m.Protect != PAGE_NOACCESS) { lpSearchBuffer = new unsigned char[m.RegionSize]; ReadProcessMemory(s->hProcess, m.BaseAddress, lpSearchBuffer, m.RegionSize, &br); if(br) { tmp = br - s->nSize; for(DWORD j=0;j<=tmp;j++) { if(!memcmp(lpSearchBuffer+j, &s->dwValue, s->nSize)) { nMatches++; sprintf(lpTxt, "%x", i+j); SendDlgItemMessage(s->hWnd, IDC_MATCHES, LB_ADDSTRING, 0, (LPARAM)lpTxt); } } } delete [] lpSearchBuffer; } SendDlgItemMessage(s->hWnd, IDC_PROGRESS1, PBM_STEPIT, 0, 0); } sprintf(lpTxt, "Found %d matches.", nMatches); MessageBox(s->hWnd, lpTxt, "Search finished!", MB_ICONINFORMATION); return 0;}
Does anyone have a clue on what I'm doing wrong? It's probably something simple and obvious, but I've stared at this code for about an hour without finding it.
EDIT: Changed code tag to source tag
You have just read a controversial statement by Valderman. Thank you for your tolerance.
[edited by - Valderman on December 24, 2002 2:59:29 PM]