I need scan full memory area in other process. Something like AOB scanner / pattern scan memory etc. but on full memory. My program work only in base area, from baseAdress to end base - i need scan full memory. If i set my custom values and i got no results.
What is wrong?
My code: (on line 160 & 161 i try set start/end values)
#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
#include <string>
#include <tchar.h>
//internal patch
void Patch(void* dst, void*src, unsigned int size);
//external
void PatchEx(HANDLE hProcess, void* dst, void* src, unsigned int size);
//Internal Nop
void Nop(HANDLE hProcess, void* dest, unsigned int size);
//External
void NopEx(HANDLE hProcess, void* dst, unsigned int size);
//Internal Pattern Scan
void * PatternScan(char* base, size_t size, char* pattern, char*mask);
//External Wrapper
void * PatternScanEx(HANDLE hPRocess, uintptr_t begin, uintptr_t end, char* pattern, char* mask);
//Module wrapper for external pattern scan
void * PatternScanExModule(HANDLE hProcess, const TCHAR *exeName, const TCHAR *module, char* pattern, char* mask);
//Get Process ID From an executable name using toolhelp32Snapshot
DWORD GetProcID(const TCHAR *exeName);
//Get ModuleEntry from module name, using toolhelp32snapshot
MODULEENTRY32 GetModule(DWORD dwProcID, const TCHAR *moduleName);
int main()
{
//Get Process ID by enumerating the processes using tlhelp32snapshot
DWORD processID = GetProcID("notepad.exe");
std::cout << "Process id: " << processID << std::endl;
//Get handle by OpenProcess
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, processID);
//PatternScan
void * notepadAddress = PatternScanExModule(hProcess, "notepad.exe", "notepad.exe", "\x73\x00\x65\x00\x63\x00\x72\x00\x65\x00\x74", "xxxxxxxxxxx");
std::cout << "Result: " << notepadAddress << std::endl;
system("pause");
return 0;
}
//internal patch
void Patch(void* dst, void* src, unsigned int size)
{
DWORD oldprotect;
VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
memcpy(dst, src, size);
VirtualProtect(dst, size, oldprotect, &oldprotect);
}
//external
void PatchEx(HANDLE hProcess, void* dst, void* src, unsigned int size)
{
DWORD oldprotect;
VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
WriteProcessMemory(hProcess, dst, src, size, NULL);
VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);
}
//Internal Nop
void Nop(HANDLE hProcess, void* dst, unsigned int size)
{
DWORD oldprotect;
VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
memset(dst, 0x90, size);
VirtualProtect(dst, size, oldprotect, &oldprotect);
}
//External
void NopEx(HANDLE hProcess, void* dst, unsigned int size)
{
byte* nopArray = new byte[size];
memset(nopArray, 0x90, size);
DWORD oldprotect;
VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
WriteProcessMemory(hProcess, dst, nopArray, size, NULL);
VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);
delete[] nopArray;
}
//Internal Pattern Scan
void * PatternScan(char* base, size_t size, char* pattern, char* mask)
{
size_t patternLength = strlen(mask);
for (unsigned int i = 0; i < size - patternLength; i++)
{
bool found = true;
for (unsigned int j = 0; j < patternLength; j++)
{
if (mask[j] != '?' && pattern[j] != *(base + i + j))
{
found = false;
break;
}
}
if (found)
{
return (void*)(base + i);
}
}
return nullptr;
}
//External Wrapper
void * PatternScanEx(HANDLE hProcess, uintptr_t begin, uintptr_t end, char* pattern, char* mask)
{
uintptr_t currentChunk = begin;
SIZE_T bytesRead;
while (currentChunk < end)
{
char buffer[4096];
DWORD oldprotect;
VirtualProtectEx(hProcess, (void*)currentChunk, sizeof(buffer), PAGE_EXECUTE_READWRITE, &oldprotect);
ReadProcessMemory(hProcess, (void*)currentChunk, &buffer, sizeof(buffer), &bytesRead);
VirtualProtectEx(hProcess, (void*)currentChunk, sizeof(buffer), oldprotect, &oldprotect);
if (bytesRead == 0)
{
return nullptr;
}
void* internalAddress = PatternScan((char*)&buffer, bytesRead, pattern, mask);
if (internalAddress != nullptr)
{
//calculate from internal to external
uintptr_t offsetFromBuffer = (uintptr_t)internalAddress - (uintptr_t)&buffer;
return (void*)(currentChunk + offsetFromBuffer);
}
else
{
//advance to next chunk
currentChunk = currentChunk + bytesRead;
}
}
return nullptr;
}
//Module wrapper for external pattern scan
void * PatternScanExModule(HANDLE hProcess, const TCHAR *exeName, const TCHAR *module, char* pattern, char* mask)
{
DWORD processID = GetProcID(exeName);
MODULEENTRY32 modEntry = GetModule(processID, module);
if (!modEntry.th32ModuleID)
{
return nullptr;
}
uintptr_t begin = (uintptr_t)modEntry.modBaseAddr;
uintptr_t end = begin + modEntry.modBaseSize;
//uintptr_t begin = 0x0;
//uintptr_t end = 0x7FFFFFFF;
std::cout << "Begin: " << std::hex << begin << std::endl;
std::cout << "End: " << std::hex << end << std::endl;
return PatternScanEx(hProcess, begin, end, pattern, mask);
}
//Get Process ID From an executable name using toolhelp32Snapshot
DWORD GetProcID(const TCHAR *exeName)
{
PROCESSENTRY32 procEntry = { 0 };
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (!hSnapshot)
{
return 0;
}
procEntry.dwSize = sizeof(procEntry);
if (!Process32First(hSnapshot, &procEntry))
{
return 0;
}
do
{
if (_tcsicmp(procEntry.szExeFile, _T(exeName)) == 0)
{
CloseHandle(hSnapshot);
return procEntry.th32ProcessID;
}
} while (Process32Next(hSnapshot, &procEntry));
CloseHandle(hSnapshot);
return 0;
}
//Get ModuleEntry from module name, using toolhelp32snapshot
MODULEENTRY32 GetModule(DWORD dwProcID, const TCHAR *moduleName)
{
MODULEENTRY32 modEntry = { 0 };
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcID);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 curr = { 0 };
curr.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hSnapshot, &curr))
{
do
{
if (_tcsicmp(curr.szModule, _T(moduleName)) == 0)
{
modEntry = curr;
break;
}
} while (Module32Next(hSnapshot, &curr));
}
CloseHandle(hSnapshot);
}
return modEntry;
}
Program is compiled on mingw 64bit.
Aucun commentaire:
Enregistrer un commentaire