Thread: scan for ints in a process

basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks

Code:

#include <windows.h>
#include <TlHelp32.h>
#include <stdio.h>


int main()
{
	
  HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId()); //
  MEMORY_BASIC_INFORMATION mbi;
  
 
 
    char Buffer[64];
    DWORD Written;
	SYSTEM_INFO si; 
    GetSystemInfo(&si);
    DWORD dwStart = 0;
    SIZE_T v;
    char *p;
    DWORD lpRead;
const char* regionp;
  //BYTE s = 't';
  char *memchrp;
  int memcmpr;
  HANDLE Term;

  

  int five = 5;
char findme[sizeof(five)]; //4
   //search for int with the value 5
   memcpy(findme, &five, sizeof(five));

 while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
  {
			
	   

     v = VirtualQueryEx(ThisProc,
                 (void *)dwStart,
                            &mbi,
sizeof(MEMORY_BASIC_INFORMATION));

	 if(v == 0)
	 {
		printf("%s\n","breaking");
		break;
	 }
	 

	 if(mbi.State == MEM_COMMIT)
	 {
	     //printf("%s\n","mem_commit");
		 p = (char *)malloc(mbi.RegionSize);
		 
		
	

		 printf("Memory at %02x, size %d\n",
                  mbi.BaseAddress,
                   mbi.RegionSize);

		 
            
		 if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
         {
			 	
				const char* offset = p;
				regionp = p;
				while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
				{
					   if (memcmp(offset, findme, 7) == 0) 
					   { 						                                                          printf("%p %p\n",findme,five);
					       Sleep(50);
						   break;
					   }
					   
					   ++offset;
				}
		 }
	 }

	 if(dwStart + mbi.RegionSize < dwStart)
	 {
		printf("%s\n","breaking");
		 break;
	 }
	    
	 if(mbi.RegionSize != lpRead)
     {
    //     printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
    }
        
	 dwStart += mbi.RegionSize;

	

	Sleep(5);

  }


	return 0;
}

> Join Date Nov 2002
> Posts 296
Is that the best indentation you can manage after a decade?

Is this supposed to be C or C++?

If it's C++ then you shouldn't be using printf, and <stdio.h> should be <cstdio>, also you shouldn't be using malloc/memcpy and so on, use new/delete.
If it's C then you should probably put the topic where it belongs, which would be either Windows Programming or C Programming.

Also, <windows.h> is pretty big and heavy, have you considered #define WIN32_LEAN_AND_MEAN for such a small program?

Originally Posted by Salem

> Join Date Nov 2002
> Posts 296
Is that the best indentation you can manage after a decade?

not the best but my most interesting

Originally Posted by Neo1

Is this supposed to be C or C++?

If it's C++ then you shouldn't be using printf, and <stdio.h> should be <cstdio>, also you shouldn't be using malloc/memcpy and so on, use new/delete.
If it's C then you should probably put the topic where it belongs, which would be either Windows Programming or C Programming.

Also, <windows.h> is pretty big and heavy, have you considered #define WIN32_LEAN_AND_MEAN for such a small program?

i would be greatfull if you could report the code with those suggestions

Originally Posted by Anddos

i would be greatfull if you could report the code with those suggestions

I fear this nibble at a time approach of yours isn't really working.