Code:
u32 DumpRAM(char* DumpName, u8 **ramdata)
{
u32 filesize = 0;
u32 chunksize = 0x100000;
DWORD bytesread;
u8 *buffer = NULL;
u32 RamStart;
u32 i;
char *CopyAddr;
if (!VerifyHook()) {
MessageBox(NULL,"ProcessID no longer valid. Unable to read memory (DumpRAM, 1)", "Error", MB_OK);
return 0;
}
HMODULE hModule;
MODULEINFO ModuleInfo;
DWORD cbNeeded;
if (Settings.Hook.sType == RAM_POINTER) {
if (ReadProcessMemory(HookedProcess.hProcess, (void*)Settings.Hook.rOffset, &RamStart, 4, &bytesread) == 0) {
return 0;
}
} else { RamStart = Settings.Hook.rOffset; }
if ((Settings.Hook.AutoRam == BST_UNCHECKED) && (Settings.Hook.MaxRamSize)) {
chunksize = Settings.Hook.MaxRamSize;
} else {
EnumProcessModules(HookedProcess.hProcess, &hModule, sizeof(hModule), &cbNeeded);
GetModuleInformation(HookedProcess.hProcess, hModule, &ModuleInfo, sizeof(MODULEINFO));
RamStart = (DWORD)ModuleInfo.lpBaseOfDll;
chunksize = ModuleInfo.SizeOfImage;
}
if (*ramdata) { free(*ramdata); *ramdata = NULL; }
if (!(*ramdata = (unsigned char*)malloc(chunksize+1))) {
MessageBox(NULL, "Unable to allocate ramdata memory (DumpRAM,1).", "Error", MB_OK);
return 0;
}
if (ReadProcessMemory(HookedProcess.hProcess, (void*)RamStart, *ramdata, chunksize, &bytesread) == 0) {
sprintf(ErrTxt, "%x,%x,%x, %u", RamStart, chunksize, sizeof(buffer), GetLastError());
MessageBox(NULL,ErrTxt,"Error",0);
}
sprintf(ErrTxt, "%X", (*ramdata)[0x4D6A1c]);
MessageBox(NULL,ErrTxt,"Debug",0);
free(*ramdata); *ramdata = NULL;
return 0;
}
BOOL EnableTokenPrivilege (LPTSTR privilege)
{
HANDLE hToken;
TOKEN_PRIVILEGES token_privileges;
DWORD dwSize;
ZeroMemory (&token_privileges, sizeof (token_privileges));
token_privileges.PrivilegeCount = 1;
if ( !OpenProcessToken (GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
return FALSE;
if (!LookupPrivilegeValue ( NULL, privilege, &token_privileges.Privileges[0].Luid))
{
CloseHandle (hToken);
return FALSE;
}
token_privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges ( hToken, FALSE, &token_privileges, 0, NULL, &dwSize))
{
CloseHandle (hToken);
return FALSE;
}
CloseHandle (hToken);
return TRUE;
}
int InitHook()
{
if ( !EnableTokenPrivilege (SE_DEBUG_NAME) )
{
MessageBox(NULL, "Cannot get required privilege", "Error", MB_OK);
return 1;
}
HookedProcess.hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, HookedProcess.dwProcessId);
char txtTitle[100];
strcpy(txtTitle,PROGRAM_NAME); strcat(txtTitle," - ");
strcat(txtTitle,Settings.Hook.FileName);
SetWindowText(hwndMain,txtTitle);
return 0;
}