Thread: why does this memory scanner crash?

not sure why but this is crashing, its just scanning the current process for the char[],

Code:

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>



//const char findme[8] = "PRIVMSG";

int _tmain(int argc, _TCHAR* argv[])
{
  HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,GetCurrentProcessId());
  MEMORY_BASIC_INFORMATION mbi;
  SYSTEM_INFO si; 
  GetSystemInfo(&si);
  DWORD dwStart = 0;
  SIZE_T v;
  char *p;
  DWORD lpRead;
  const char* regionp;
  BYTE s = 't';
  char *memchrp;
  int memcmpr;
  const char findme[8] = "PRIVMSG";
  HANDLE Term;

 while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
  {
								
     v = VirtualQueryEx(ThisProc,
                 (void *)dwStart,
                            &mbi,
sizeof(MEMORY_BASIC_INFORMATION));

	 if(v == 0)
	 {
		printf("%s\n","breaking");
		break;
	 }
	 

	 if(mbi.State == MEM_COMMIT)
	 {
	     printf("%s\n","mem_commit");
		 p = (char *)malloc(mbi.RegionSize);

	

		 printf("Memory at %02x, size %d\n",
                  mbi.BaseAddress,
                   mbi.RegionSize);
            
		 if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
         {
			 	const char* offset = regionp;
				while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
				{
					   if (memcmp(offset, findme, 7) == 0) 
					   {
						   printf("%s\n","found");
					       Sleep(5000);
						   break;
					   }
					   
					   ++offset;
				}
		 }
	 }

	 if(dwStart + mbi.RegionSize < dwStart)
	 {
		printf("%s\n","breaking");
		 break;
	 }
	    
	 if(mbi.RegionSize != lpRead)
     {
         printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
    }
        
	 dwStart += mbi.RegionSize;

	

	Sleep(5);

  }

	return 0;
}

thanks if you can help

You're not checking the return value of OpenProcess, which may have failed. Also regionp is used without being initialized.

Originally Posted by oogabooga

You're not checking the return value of OpenProcess, which may have failed. Also regionp is used without being initialized.

i know the process is a valid handle, what should i intialize regionp to mate

FYI, wrong section. For Windows programming, you should post in the Windows section. Furthermore, this is C, so if it were not for the fact that it is Windows programming, this should have gone into the C section.
Putting things in the right section helps attract more people specialized to the subject and avoids annoying people who don't deal with the subject.