Sign in to follow this  

scan for ints in a process

This topic is 2006 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks


#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>


int main()
{

HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId()); //
MEMORY_BASIC_INFORMATION mbi;



char Buffer[64];
DWORD Written;
SYSTEM_INFO si;
GetSystemInfo(&si);
DWORD dwStart = 0;
SIZE_T v;
char *p;
DWORD lpRead;
const char* regionp;
//BYTE s = 't';
char *memchrp;
int memcmpr;
HANDLE Term;



int five = 5;
char findme[sizeof(five)]; //4
//search for int with the value 5
memcpy(findme, &five, sizeof(five));

while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
{



v = VirtualQueryEx(ThisProc,
(void *)dwStart,
&mbi,
sizeof(MEMORY_BASIC_INFORMATION));

if(v == 0)
{
printf("%s\n","breaking");
break;
}


if(mbi.State == MEM_COMMIT)
{
//printf("%s\n","mem_commit");
p = (char *)malloc(mbi.RegionSize);




printf("Memory at %02x, size %d\n",
mbi.BaseAddress,
mbi.RegionSize);



if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
{

const char* offset = p;
regionp = p;
while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
{
if (memcmp(offset, findme, 7) == 0)
{ printf("%p %p\n",findme,five);
Sleep(50);
break;
}

++offset;
}
}
}

if(dwStart + mbi.RegionSize < dwStart)
{
printf("%s\n","breaking");
break;
}

if(mbi.RegionSize != lpRead)
{
// printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
}

dwStart += mbi.RegionSize;



Sleep(5);

}


return 0;
}

Share this post


Link to post
Share on other sites
[CODE]
if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead)) {
DWORD dwEnd = mbi.RegionSize - sizeof( INT ) + 1;
for ( DWORD dwOffset = 0; dwOffset < dwEnd; dwOffset += sizeof( INT ) ) {
if ( (*(INT *)&p[dwOffset]) == 5 ) {
printf("%p\n", dwOffset + dwStart );
Sleep(50);
break;
}
}
}[/CODE]

And another thing: [url="http://memoryhacking.com/forums/viewtopic.php?f=30&t=5519"][size=5][u][i][b]Never use DWORD as a replacement for pointers[/b][/i][/u][/size][/url]. I mean it.
And another another thing: You will get more help faster if you post in [url="http://www.gamedev.net/forum/31-for-beginners/"]the appropriate section[/url] next time.


L. Spiro Edited by L. Spiro

Share this post


Link to post
Share on other sites

This topic is 2006 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this