Like Tree5Likes
  • 5 Post By adeyblue

scan for ints in a process

This is a discussion on scan for ints in a process within the C++ Programming forums, part of the General Programming Boards category; basically what i want todo is scan this process for all the ints with the value 5, i am close ...

  1. #1
    Registered User
    Join Date
    Nov 2002
    Posts
    303

    scan for ints in a process

    basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks

    Code:
    #include <windows.h>
    #include <TlHelp32.h>
    #include <stdio.h>
    
    
    int main()
    {
    	
      HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId()); //
      MEMORY_BASIC_INFORMATION mbi;
      
     
     
        char Buffer[64];
        DWORD Written;
    	SYSTEM_INFO si; 
        GetSystemInfo(&si);
        DWORD dwStart = 0;
        SIZE_T v;
        char *p;
        DWORD lpRead;
    const char* regionp;
      //BYTE s = 't';
      char *memchrp;
      int memcmpr;
      HANDLE Term;
    
      
    
      int five = 5;
    char findme[sizeof(five)]; //4
       //search for int with the value 5
       memcpy(findme, &five, sizeof(five));
    
     while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
      {
    			
    	   
    
         v = VirtualQueryEx(ThisProc,
                     (void *)dwStart,
                                &mbi,
    sizeof(MEMORY_BASIC_INFORMATION));
    
    	 if(v == 0)
    	 {
    		printf("%s\n","breaking");
    		break;
    	 }
    	 
    
    	 if(mbi.State == MEM_COMMIT)
    	 {
    	     //printf("%s\n","mem_commit");
    		 p = (char *)malloc(mbi.RegionSize);
    		 
    		
    	
    
    		 printf("Memory at %02x, size %d\n",
                      mbi.BaseAddress,
                       mbi.RegionSize);
    
    		 
                
    		 if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
             {
    			 	
    				const char* offset = p;
    				regionp = p;
    				while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
    				{
    					   if (memcmp(offset, findme, 7) == 0) 
    					   { 						                                                          printf("%p %p\n",findme,five);
    					       Sleep(50);
    						   break;
    					   }
    					   
    					   ++offset;
    				}
    		 }
    	 }
    
    	 if(dwStart + mbi.RegionSize < dwStart)
    	 {
    		printf("%s\n","breaking");
    		 break;
    	 }
    	    
    	 if(mbi.RegionSize != lpRead)
         {
        //     printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
        }
            
    	 dwStart += mbi.RegionSize;
    
    	
    
    	Sleep(5);
    
      }
    
    
    	return 0;
    }
    Last edited by Anddos; 06-13-2012 at 07:49 AM.

  2. #2
    Registered User
    Join Date
    Oct 2006
    Posts
    2,149
    this looks suspiciously like a hacking attempt.

  3. #3
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,344
    > Join Date Nov 2002
    > Posts 296
    Is that the best indentation you can manage after a decade?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  4. #4
    Internet Superhero
    Join Date
    Sep 2006
    Location
    Denmark
    Posts
    934
    Is this supposed to be C or C++?

    If it's C++ then you shouldn't be using printf, and <stdio.h> should be <cstdio>, also you shouldn't be using malloc/memcpy and so on, use new/delete.
    If it's C then you should probably put the topic where it belongs, which would be either Windows Programming or C Programming.

    Also, <windows.h> is pretty big and heavy, have you considered #define WIN32_LEAN_AND_MEAN for such a small program?
    How I need a drink, alcoholic in nature, after the heavy lectures involving quantum mechanics.

  5. #5
    Registered User
    Join Date
    Nov 2002
    Posts
    303
    Quote Originally Posted by Salem View Post
    > Join Date Nov 2002
    > Posts 296
    Is that the best indentation you can manage after a decade?
    not the best but my most interesting

  6. #6
    Registered User
    Join Date
    Nov 2002
    Posts
    303
    Quote Originally Posted by Neo1 View Post
    Is this supposed to be C or C++?

    If it's C++ then you shouldn't be using printf, and <stdio.h> should be <cstdio>, also you shouldn't be using malloc/memcpy and so on, use new/delete.
    If it's C then you should probably put the topic where it belongs, which would be either Windows Programming or C Programming.

    Also, <windows.h> is pretty big and heavy, have you considered #define WIN32_LEAN_AND_MEAN for such a small program?
    i would be greatfull if you could report the code with those suggestions

  7. #7
    'Allo, 'Allo, Allo
    Join Date
    Apr 2008
    Posts
    611
    Quote Originally Posted by Anddos View Post
    i would be greatfull if you could report the code with those suggestions
    I fear this nibble at a time approach of yours isn't really working.
    Last edited by adeyblue; 06-13-2012 at 09:09 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. how to scan a var in enum
    By med linux in forum C Programming
    Replies: 17
    Last Post: 03-24-2011, 04:26 PM
  2. how to get process info ( to extract process thread id )
    By umen242 in forum C++ Programming
    Replies: 4
    Last Post: 02-12-2009, 12:08 PM
  3. Process sending file descriptors to another process
    By Yasir_Malik in forum C Programming
    Replies: 4
    Last Post: 04-07-2005, 07:36 PM
  4. while (scan != 'y' or 'n) or if(scan != 'y' or 'n)
    By Blizzarddog in forum C++ Programming
    Replies: 6
    Last Post: 10-23-2002, 01:16 PM
  5. Child Process & Parent Process Data :: Win32
    By kuphryn in forum Windows Programming
    Replies: 5
    Last Post: 09-11-2002, 12:19 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21