search for a string the process help

**Anddos** · 12-05-2010

This code seems to be crashing , can anyone help why

Code:

#include <windows.h>
#include <stdio.h>



//const char findme[8] = "PRIVMSG";

int main()
{
  HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId());
  MEMORY_BASIC_INFORMATION mbi;
  SYSTEM_INFO si; 
  GetSystemInfo(&si);
  DWORD dwStart = 0;
  SIZE_T v;
  char *p;
  DWORD lpRead;
  const char* regionp;
  BYTE s = 't';
  char *memchrp;
  int memcmpr;
  const char findme[8] = "PRIVMSG";
  HANDLE Term;

 while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
  {
								
     v = VirtualQueryEx(ThisProc,
                 (void *)dwStart,
                            &mbi,
sizeof(MEMORY_BASIC_INFORMATION));

	 if(v == 0)
	 {
		printf("%s\n","breaking");
		break;
	 }
	 

	 if(mbi.State == MEM_COMMIT)
	 {
	     printf("%s\n","mem_commit");
		 p = (char *)malloc(mbi.RegionSize);

	

		 printf("Memory at %02x, size %d\n",
                  mbi.BaseAddress,
                   mbi.RegionSize);
            
		 if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
         {
			 
			 	const char* offset = regionp;
				while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
				{
			
					
					if (memcmp(offset, findme, 7) == 0) 
					{
						   printf("%s\n","found");
					       Sleep(5000);
						   break;
					}
					
					   
					   ++offset;
				}
			

		 }
	 }

	 if(dwStart + mbi.RegionSize < dwStart)
	 {
		printf("%s\n","breaking");
		 break;
	 }
	    
	 if(mbi.RegionSize != lpRead)
     {
         printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
    }
        
	 dwStart += mbi.RegionSize;

	

	Sleep(5);

  }

**Salem** · 12-05-2010

Run it in the debugger, then it will at least show you which line is causing the problem.

Oh, and you need to work on your indentation skills as well, if you want people to read your code.

**Anddos** · 12-06-2010

while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)

this is the line it crashs on

**rags_to_riches** · 12-06-2010

Yeah, and to what does regionp (and offset) point?

**adeyblue** · 12-06-2010

Just use IDebugDataSpaces::SearchVirtual Method

**Anddos** · 12-16-2010

Originally Posted by rags_to_riches

Yeah, and to what does regionp (and offset) point?

not sure

search for a string the process help

LinkBack

Thread Tools

Display

search for a string the process help

Similar Threads

Can you help me about tolower() in file

Program using classes - keeps crashing

Calculator + LinkedList

Linked List Help

Something is wrong with this menu...