Giriş yap
En iyi yollayıcılar
| Hello EMO |
| |||
| EMO |
| |||
| eMoStyLe |
| |||
| BesimBICER |
| |||
| GameKinG |
| |||
| Crysis |
| |||
| ~>!.DεvιLρяιεsт.!<~ |
| |||
| MeTaL |
| |||
| TrueCrime |
| |||
| djhayal3t |
|
Istatistikler
Toplam 203 kayıtlı kullanıcımız varSon kaydolan kullanıcımız: crayzboy76
Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Arama
akısı
Sosyal yer imi
Sosyal bookmarking sitesinde Emo, Emo nedir, Emo resimleri, Emo Kıyafetleri, Emo Sözleri, Emo Oyunları, EmoTurkey, Emo Nickler, Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları, Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik adresi saklayın ve paylaşın
Sosyal bookmarking sitesinde EMO Style ForumPro - Hos Geldiniz adresi saklayın ve paylaşın
Kimler hatta?
Toplam 8 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 8 Misafir Yok
Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
Reklam
Search for text in process memory
1 sayfadaki 1 sayfası
Search for text in process memory
tarafından EMO Perş. Haz. 02, 2011 8:52 am
I need to find the adress of a unique string in the process, via cheat engine it's really easy but I need it in C++ form.
So this is where I stand at:
It just prints all the memory blocks of the game solitaire, I have a
german version so keywords are in german, I wanted to find the locations
of the text score in this process, but really have no clue how I search
for the string within the memory blocks.
It doesn't work to simply read all those blocks with ProcessMemory as
wchar_t arrays and then to look for the keyword sequence, infact none of
the read meamory blocks with ReadProcessMemory even makes any sense.
Any indeas how to solve this?
----------------------------------------------------
Here is an extremely hacked together example I
just wrote, I wouldn't recommend using it just like this though, add
error checking, handle protection flags better, and so on:
Change wmemcmp to memcmp if you don't want to use unicode as well.
----------------------------------------------------------
Thx a lot, came up with a slow solution of my own, this is much faster
It works perfectly for ascii strings with memcmp, but it doesn't compile
with wmemcmp, it has some problems with conversion routines it seems:
Could recode it to work with unicode, but maybe you know a simpler solution, like recasting in a correct manner?
Thx a lot for your time, you helped me out a lot!
EDIT:
So this is the unicode version, in case someone looks this up in the future:
So this is where I stand at:
| Code: |
int main() { DWORD procID; wchar_t *p = NULL; wchar_t test[] = L"Punkte"; HWND foo = FindWindow(NULL, "Solitär"); GetWindowThreadProcessId(foo, &procID); DWORD dwStart = 0; SIZE_T lpRead; SYSTEM_INFO si; HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID); GetSystemInfo(&si); MEMORY_BASIC_INFORMATION mbi; unsigned char* addr = (unsigned char*)si.lpMinimumApplicationAddress; while(1) { if(VirtualQueryEx(hProc, (void*)addr, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) == 0) { break; } printf("Memory at %02x, size %dn", mbi.BaseAddress, mbi.RegionSize); addr = (unsigned char*)mbi.BaseAddress + mbi.RegionSize; } system("PAUSE"); return 0; } |
It just prints all the memory blocks of the game solitaire, I have a
german version so keywords are in german, I wanted to find the locations
of the text score in this process, but really have no clue how I search
for the string within the memory blocks.
It doesn't work to simply read all those blocks with ProcessMemory as
wchar_t arrays and then to look for the keyword sequence, infact none of
the read meamory blocks with ReadProcessMemory even makes any sense.
Any indeas how to solve this?
----------------------------------------------------
Here is an extremely hacked together example I
just wrote, I wouldn't recommend using it just like this though, add
error checking, handle protection flags better, and so on:
| Code: |
#include #include #include int main( int argc, TCHAR* argv[] ) { // String to locate.. TCHAR tszString[] = _T( "Anonymous" ); HWND hWnd = FindWindow( NULL, _T( "Minesweeper" ) ); if( hWnd == NULL ) return 0; DWORD dwProcId = 0; GetWindowThreadProcessId( hWnd, &dwProcId ); if( dwProcId == 0 ) return 0; HANDLE hHandle = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ, FALSE, dwProcId ); if( hHandle == INVALID_HANDLE_VALUE ) return 0; SYSTEM_INFO si = { 0 }; GetSystemInfo( &si ); MEMORY_BASIC_INFORMATION mbi = { 0 }; LPVOID lpStartAddr = si.lpMinimumApplicationAddress; while( VirtualQueryEx( hHandle, lpStartAddr, &mbi, sizeof( MEMORY_BASIC_INFORMATION ) ) ) { _tprintf( _T( "Region: 0x%08X - Size: %drn" ), mbi.BaseAddress, mbi.RegionSize ); if( ( mbi.Protect & PAGE_EXECUTE_READ ) || ( mbi.Protect & PAGE_EXECUTE_READWRITE ) || ( mbi.Protect & PAGE_READONLY ) || ( mbi.Protect & PAGE_READWRITE ) ) { TCHAR* btDump = new TCHAR[ mbi.RegionSize + 1 ]; ReadProcessMemory( hHandle, mbi.BaseAddress, btDump, mbi.RegionSize, NULL ); for( DWORD x = 0; x < mbi.RegionSize; x++ ) if( wmemcmp( &btDump[ x ], tszString, _tcslen( tszString ) ) == 0 ) { _tprintf( _T( " --> Found string at: 0x%08Xrn" ), reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >( mbi.BaseAddress ) + ( x * sizeof( TCHAR ) ) ) ); } delete btDump; } lpStartAddr = reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >( mbi.BaseAddress ) + mbi.RegionSize ); } CloseHandle( hHandle ); return 0; } |
Change wmemcmp to memcmp if you don't want to use unicode as well.
----------------------------------------------------------
Thx a lot, came up with a slow solution of my own, this is much faster
It works perfectly for ascii strings with memcmp, but it doesn't compile
with wmemcmp, it has some problems with conversion routines it seems:
| Code: |
error C2664: 'wmemcmp' : cannot convert parameter 1 from 'TCHAR *' to 'const wchar_t *' 1> Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast |
Could recode it to work with unicode, but maybe you know a simpler solution, like recasting in a correct manner?
Thx a lot for your time, you helped me out a lot!
EDIT:
So this is the unicode version, in case someone looks this up in the future:
| Code: |
for( DWORD x = 0; x < mbi.RegionSize; x++ ) { const wchar_t *p1 = reinterpret_cast< const wchar_t * >(&btDump[ x ]); const wchar_t *p2 = reinterpret_cast< const wchar_t * >(tszString); if( wmemcmp( p1, p2, wcslen( tszString ) ) == 0 ) { wprintf( L" --> Found string at: 0x%08Xrn", reinterpret_cast< LPVOID >( reinterpret_cast< DWORD_PTR >( mbi.BaseAddress ) + ( x * sizeof( wchar_t) ) ) ); } } |
EMO- EMO Team
- Cinsiyet :
Burçlar :
Mesaj Sayısı : 184
Puan : 247393
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 34
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO
Similar topics» How to get process id
» Waiting for Process
» Scanning Injected Process Memory
» Injecting into a running process!
» [C++] Suspend / Resume Process
» Waiting for Process
» Scanning Injected Process Memory
» Injecting into a running process!
» [C++] Suspend / Resume Process
1 sayfadaki 1 sayfası
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz
» goldenchase.net maden yaparak para kazanma
» etichal hacker görsel egitim seti
» KO TBL Source C#
» x86 Registers
» [Tutorial] Pegando Address, Pointers de WYD
» [Tutorial] Pegando Address, Pointers de CS Metodo²
» [Tutorial] Aprendendo basico deASM OLLYDBG
» Basic C# DLL injector