search for ints from the memory

I am trying to make a small program that will find all the int varibles loaded in the memory of my process, source code as follows

Code:

int _tmain(int argc, _TCHAR* argv[])
{
  
 GetSystemInfo(&si);
 while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
  {
	  LookForInts(dwStart);

if(dwStart + mbi.RegionSize < dwStart)
	 {
		printf("%s\n","breaking");
		 break;
	 }
	    
	 if(mbi.RegionSize != lpRead)
     {
         printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
    }
        
	 dwStart += mbi.RegionSize;

	

	Sleep(500);

  }

	return 0;
}

void LookForInts(DWORD dStart)
{
	DWORD Pid;
	GetWindowThreadProcessId(FindWindow(NULL,"Our  Program"),&Pid);
	HANDLE Process = OpenProcess(PROCESS_ALL_ACCESS ,true,Pid);
	printf("%d %d\n",Pid,dStart);

	v = VirtualQueryEx(Process,
                 (void *)dStart,
                            &mbi,
sizeof(MEMORY_BASIC_INFORMATION));

	 if(v == 0)
	 {
		printf("%s\n","breaking");
	 }
	 else
	 {
		 if(mbi.State == MEM_COMMIT)
		 {
			 printf("%s\n","MEM_COMMIT");
		
			 
			 if(!ReadProcessMemory(Process, //process handle
		           (LPVOID)&dStart, //address
				   (LPVOID)&mbi.RegionSize, 
				   mbi.RegionSize,
				   &lpRead))
			 {
				 printf("%s\n","rpm failed");
			 }
			 else
			 {
				 printf("%s\n","rpm success");
			 }


		
		 }
	 }
}

can you tell me if i am on the right track, i want to search 4 bytes in the region and then check if the value is greater than 0, so that will say its a int beng used etc

Why do you want to do this in the first place?

I may be wrong, but I don't think that just "searching" memory will work, e.g., a four byte int would appear indistinguishable from four consecutive chars.

Man, you've been at this and its various permutations (strings, ints, etc) for 6 years now (if the link expires it's Anddos' threads containing ReadProcessMemory). We all admire your perserverance, but it's probably time to give it up as a bad job.

ive just found a reply on a thread i posted ages ago , here is the code

Code:

#pragma comment(lib, "advapi32.lib")
#include <windows.h>
#include <stdio.h>

VOID DumpBuffer(const unsigned char* pBuffer, size_t sz)
{
    for (size_t i = 0; i < sz; ++i)
        printf("0x%x ", pBuffer[i]);
}

BOOL DumpProcessMemory(DWORD dwPid)
{
    HANDLE pHandle;
    SYSTEM_INFO si;
    MEMORY_BASIC_INFORMATION mbi;
    LPVOID lpMem;
    DWORD dwReturn, dwTotalRead;

    pHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
    if (pHandle == NULL)
    {
        printf("OpenProcess failed for PID: %d\n",dwPid);
        return FALSE;
    }
    GetSystemInfo(&si);
    lpMem = si.lpMinimumApplicationAddress;
    while (lpMem < si.lpMaximumApplicationAddress)
    {
        mbi.RegionSize = 0;
        dwReturn = VirtualQueryEx(pHandle, lpMem, &mbi, sizeof(mbi));
        if (dwReturn == sizeof(mbi)) {
            if ((mbi.Type == MEM_PRIVATE) && (mbi.State == MEM_COMMIT))
            {
                if (mbi.RegionSize > 0)
                {
                    const BYTE* cbBuffer =
(BYTE*)HeapAlloc(GetProcessHeap(), NULL, mbi.RegionSize);
                    if (cbBuffer == NULL)
                    {
                        printf ("HeapAlloc failed\n");
                        return FALSE;
                    }
                    ReadProcessMemory(pHandle, mbi.BaseAddress,
(LPVOID)cbBuffer, mbi.RegionSize, &dwTotalRead);
                    DumpBuffer(cbBuffer, mbi.RegionSize);
                    HeapFree(GetProcessHeap(), NULL, (LPVOID)cbBuffer);
                }
            }
            lpMem = (LPVOID)((DWORD)mbi.BaseAddress + mbi.RegionSize);
        }
        else break;
    }
    CloseHandle(pHandle);
    return TRUE;
}

INT main(INT argc, CHAR **argv)
{
    DumpProcessMemory(atoi(argv[1]));
    return 0;
}

but the problem is its crashing , does anyone know why?

I'll try and help even though I feel like I'll be trying to help you find the pot at the end of the rainbow. Perhaps your description of what you're trying to do is just extremely poor to the point of being not at all what you are trying to do.

With the debugger attached, what line of code does it show when it breaks into the debugger after it crashes and you click 'Retry'?

We might want to ask "Why?" the OP wants to do this.

Security wise, trying to read memory belonging to a different process is some serious bad juju.

@Anddos, You're email request for assistance has been acknowledged. Respond appropriately.