scan for ints in a process
| Anddos (5) |  |
|
basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks #include <windows.h> #include <TlHelp32.h> #include <stdio.h> int main() { HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId()); // MEMORY_BASIC_INFORMATION mbi; char Buffer[64]; DWORD Written; SYSTEM_INFO si; GetSystemInfo(&si); DWORD dwStart = 0; SIZE_T v; char *p; DWORD lpRead; const char* regionp; //BYTE s = 't'; char *memchrp; int memcmpr; HANDLE Term; int five = 5; char findme[sizeof(five)]; //4 //search for int with the value 5 memcpy(findme, &five, sizeof(five)); while(dwStart < (DWORD)si.lpMaximumApplicationAddress) { v = VirtualQueryEx(ThisProc, (void *)dwStart, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); if(v == 0) { printf("%s\n","breaking"); break; } if(mbi.State == MEM_COMMIT) { //printf("%s\n","mem_commit"); p = (char *)malloc(mbi.RegionSize); printf("Memory at %02x, size %d\n", mbi.BaseAddress, mbi.RegionSize); if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead)) { const char* offset = p; regionp = p; while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0) { if (memcmp(offset, findme, 7) == 0) { printf("%p %p\n",findme,five); Sleep(50); break; } ++offset; } } } if(dwStart + mbi.RegionSize < dwStart) { printf("%s\n","breaking"); break; } if(mbi.RegionSize != lpRead) { // printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead); } dwStart += mbi.RegionSize; Sleep(5); } return 0; } | |
|
|
|
Topic archived. No new replies allowed.