basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks
#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>
int main()
{
HANDLE ThisProc = OpenProcess(PRO CESS_ALL_ACCESS ,true,GetCurren tProcessId()); //
MEMORY_BASIC_IN FORMATION mbi;
char Buffer[64];
DWORD Written;
SYSTEM_INFO si;
GetSystemInfo(& si);
DWORD dwStart = 0;
SIZE_T v;
char *p;
DWORD lpRead;
const char* regionp;
//BYTE s = 't';
char *memchrp;
int memcmpr;
HANDLE Term;
int five = 5;
char findme[sizeof(five)]; //4
//search for int with the value 5
memcpy(findme, &five, sizeof(five));
while(dwStart < (DWORD)si.lpMax imumApplication Address)
{
v = VirtualQueryEx( ThisProc,
(void *)dwStart,
&mbi,
sizeof(MEMORY_B ASIC_INFORMATIO N));
if(v == 0)
{
printf("%s\n"," breaking");
break;
}
if(mbi.State == MEM_COMMIT)
{
//printf("%s\n"," mem_commit");
p = (char *)malloc(mbi.Re gionSize);
printf("Memory at %02x, size %d\n",
mbi.BaseAddress ,
mbi.RegionSize) ;
if(ReadProcessM emory(ThisProc, (void *)dwStart,p,mbi .RegionSize,&lp Read))
{
const char* offset = p;
regionp = p;
while ((offset = (const char*)memchr(of fset, findme[0], regionp+mbi.Reg ionSize-offset)) != 0)
{
if (memcmp(offset, findme, 7) == 0)
{ printf("%p %p\n",findme,fi ve);
Sleep(50);
break;
}
++offset;
}
}
}
if(dwStart + mbi.RegionSize < dwStart)
{
printf("%s\n"," breaking");
break;
}
if(mbi.RegionSi ze != lpRead)
{
// printf("Not enough bytes read %d != %d\n",mbi.Regio nSize,lpRead);
}
dwStart += mbi.RegionSize;
Sleep(5);
}
return 0;
}
#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>
int main()
{
HANDLE ThisProc = OpenProcess(PRO CESS_ALL_ACCESS ,true,GetCurren tProcessId()); //
MEMORY_BASIC_IN FORMATION mbi;
char Buffer[64];
DWORD Written;
SYSTEM_INFO si;
GetSystemInfo(& si);
DWORD dwStart = 0;
SIZE_T v;
char *p;
DWORD lpRead;
const char* regionp;
//BYTE s = 't';
char *memchrp;
int memcmpr;
HANDLE Term;
int five = 5;
char findme[sizeof(five)]; //4
//search for int with the value 5
memcpy(findme, &five, sizeof(five));
while(dwStart < (DWORD)si.lpMax imumApplication Address)
{
v = VirtualQueryEx( ThisProc,
(void *)dwStart,
&mbi,
sizeof(MEMORY_B ASIC_INFORMATIO N));
if(v == 0)
{
printf("%s\n"," breaking");
break;
}
if(mbi.State == MEM_COMMIT)
{
//printf("%s\n"," mem_commit");
p = (char *)malloc(mbi.Re gionSize);
printf("Memory at %02x, size %d\n",
mbi.BaseAddress ,
mbi.RegionSize) ;
if(ReadProcessM emory(ThisProc, (void *)dwStart,p,mbi .RegionSize,&lp Read))
{
const char* offset = p;
regionp = p;
while ((offset = (const char*)memchr(of fset, findme[0], regionp+mbi.Reg ionSize-offset)) != 0)
{
if (memcmp(offset, findme, 7) == 0)
{ printf("%p %p\n",findme,fi ve);
Sleep(50);
break;
}
++offset;
}
}
}
if(dwStart + mbi.RegionSize < dwStart)
{
printf("%s\n"," breaking");
break;
}
if(mbi.RegionSi ze != lpRead)
{
// printf("Not enough bytes read %d != %d\n",mbi.Regio nSize,lpRead);
}
dwStart += mbi.RegionSize;
Sleep(5);
}
return 0;
}
Comment