EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 202 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: AnthonyFurey3

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Kimler hatta?
Toplam 2 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 2 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 92 kişi Paz Ağus. 28, 2016 6:58 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

Search for text in process memory

Önceki başlık Sonraki başlık Aşağa gitmek

Search for text in process memory

Mesaj tarafından EMO Bir Perş. Haz. 02, 2011 8:52 am

I need to find the adress of a unique string in the process, via cheat engine it's really easy but I need it in C++ form.



So this is where I stand at:



Code:

int main()

{

DWORD procID;

wchar_t *p = NULL;

wchar_t test[] = L"Punkte";



HWND foo = FindWindow(NULL, "Solitär");



GetWindowThreadProcessId(foo, &procID);



DWORD dwStart = 0;

SIZE_T lpRead;

SYSTEM_INFO si;

HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);

GetSystemInfo(&si);



MEMORY_BASIC_INFORMATION mbi;

unsigned char* addr = (unsigned char*)si.lpMinimumApplicationAddress;



while(1)

{

if(VirtualQueryEx(hProc, (void*)addr, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) == 0)

{

break;

}



printf("Memory at %02x, size %dn", mbi.BaseAddress, mbi.RegionSize);



addr = (unsigned char*)mbi.BaseAddress + mbi.RegionSize;

}



system("PAUSE");



return 0;

}




It just prints all the memory blocks of the game solitaire, I have a
german version so keywords are in german, I wanted to find the locations
of the text score in this process, but really have no clue how I search
for the string within the memory blocks.



It doesn't work to simply read all those blocks with ProcessMemory as
wchar_t arrays and then to look for the keyword sequence, infact none of
the read meamory blocks with ReadProcessMemory even makes any sense.



Any indeas how to solve this?


----------------------------------------------------


Here is an extremely hacked together example I
just wrote, I wouldn't recommend using it just like this though, add
error checking, handle protection flags better, and so on:



Code:

#include

#include

#include



int main( int argc, TCHAR* argv[] )

{

// String to locate..

TCHAR tszString[] = _T( "Anonymous" );



HWND hWnd = FindWindow( NULL, _T( "Minesweeper" ) );

if( hWnd == NULL ) return 0;



DWORD dwProcId = 0;

GetWindowThreadProcessId( hWnd, &dwProcId );

if( dwProcId == 0 ) return 0;



HANDLE hHandle = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ, FALSE, dwProcId );

if( hHandle == INVALID_HANDLE_VALUE ) return 0;



SYSTEM_INFO si = { 0 };

GetSystemInfo( &si );



MEMORY_BASIC_INFORMATION mbi = { 0 };



LPVOID lpStartAddr = si.lpMinimumApplicationAddress;

while( VirtualQueryEx( hHandle, lpStartAddr, &mbi, sizeof( MEMORY_BASIC_INFORMATION ) ) )

{

_tprintf( _T( "Region: 0x%08X - Size: %drn" ), mbi.BaseAddress, mbi.RegionSize );



if( ( mbi.Protect & PAGE_EXECUTE_READ ) || ( mbi.Protect & PAGE_EXECUTE_READWRITE ) ||

( mbi.Protect & PAGE_READONLY ) || ( mbi.Protect & PAGE_READWRITE ) )

{

TCHAR* btDump = new TCHAR[ mbi.RegionSize + 1 ];

ReadProcessMemory( hHandle, mbi.BaseAddress, btDump, mbi.RegionSize, NULL );



for( DWORD x = 0; x < mbi.RegionSize; x++ )

if( wmemcmp( &btDump[ x ], tszString, _tcslen( tszString ) ) == 0 )

{

_tprintf( _T( " --> Found string at: 0x%08Xrn" ),
reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >(
mbi.BaseAddress ) + ( x * sizeof( TCHAR ) ) ) );

}



delete btDump;

}



lpStartAddr = reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >( mbi.BaseAddress ) + mbi.RegionSize );

}



CloseHandle( hHandle );



return 0;

}



Change wmemcmp to memcmp if you don't want to use unicode as well.






----------------------------------------------------------


Thx a lot, came up with a slow solution of my own, this is much faster

It works perfectly for ascii strings with memcmp, but it doesn't compile
with wmemcmp, it has some problems with conversion routines it seems:



Code:

error C2664: 'wmemcmp' : cannot convert parameter 1 from 'TCHAR *' to 'const wchar_t *'

1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast



Could recode it to work with unicode, but maybe you know a simpler solution, like recasting in a correct manner?



Thx a lot for your time, you helped me out a lot!



EDIT:



So this is the unicode version, in case someone looks this up in the future:



Code:

for( DWORD x = 0; x < mbi.RegionSize; x++ )

{

const wchar_t *p1 = reinterpret_cast< const wchar_t * >(&btDump[ x ]);

const wchar_t *p2 = reinterpret_cast< const wchar_t * >(tszString);



if( wmemcmp( p1, p2, wcslen( tszString ) ) == 0 )

{

wprintf( L" --> Found string at: 0x%08Xrn",
reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >(
mbi.BaseAddress ) + ( x * sizeof( wchar_t) ) ) );

}

}

EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 106093
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön

- Similar topics

 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz