Sign in to follow this  
Anddos

scan for ints in a process

Recommended Posts

basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks


#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>


int main()
{

HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId()); //
MEMORY_BASIC_INFORMATION mbi;



char Buffer[64];
DWORD Written;
SYSTEM_INFO si;
GetSystemInfo(&si);
DWORD dwStart = 0;
SIZE_T v;
char *p;
DWORD lpRead;
const char* regionp;
//BYTE s = 't';
char *memchrp;
int memcmpr;
HANDLE Term;



int five = 5;
char findme[sizeof(five)]; //4
//search for int with the value 5
memcpy(findme, &five, sizeof(five));

while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
{



v = VirtualQueryEx(ThisProc,
(void *)dwStart,
&mbi,
sizeof(MEMORY_BASIC_INFORMATION));

if(v == 0)
{
printf("%s\n","breaking");
break;
}


if(mbi.State == MEM_COMMIT)
{
//printf("%s\n","mem_commit");
p = (char *)malloc(mbi.RegionSize);




printf("Memory at %02x, size %d\n",
mbi.BaseAddress,
mbi.RegionSize);



if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
{

const char* offset = p;
regionp = p;
while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
{
if (memcmp(offset, findme, 7) == 0)
{ printf("%p %p\n",findme,five);
Sleep(50);
break;
}

++offset;
}
}
}

if(dwStart + mbi.RegionSize < dwStart)
{
printf("%s\n","breaking");
break;
}

if(mbi.RegionSize != lpRead)
{
// printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
}

dwStart += mbi.RegionSize;



Sleep(5);

}


return 0;
}

Share this post


Link to post
Share on other sites
[CODE]
if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead)) {
DWORD dwEnd = mbi.RegionSize - sizeof( INT ) + 1;
for ( DWORD dwOffset = 0; dwOffset < dwEnd; dwOffset += sizeof( INT ) ) {
if ( (*(INT *)&p[dwOffset]) == 5 ) {
printf("%p\n", dwOffset + dwStart );
Sleep(50);
break;
}
}
}[/CODE]

And another thing: [url="http://memoryhacking.com/forums/viewtopic.php?f=30&t=5519"][size=5][u][i][b]Never use DWORD as a replacement for pointers[/b][/i][/u][/size][/url]. I mean it.
And another another thing: You will get more help faster if you post in [url="http://www.gamedev.net/forum/31-for-beginners/"]the appropriate section[/url] next time.


L. Spiro Edited by L. Spiro

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this