Code:
#pragma comment(lib, "advapi32.lib")
#include <windows.h>
#include <stdio.h>
VOID DumpBuffer(const unsigned char* pBuffer, size_t sz)
{
for (size_t i = 0; i < sz; ++i)
printf("0x%x ", pBuffer[i]);
}
BOOL DumpProcessMemory(DWORD dwPid)
{
HANDLE pHandle;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
LPVOID lpMem;
DWORD dwReturn, dwTotalRead;
pHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
if (pHandle == NULL)
{
printf("OpenProcess failed for PID: %d\n",dwPid);
return FALSE;
}
GetSystemInfo(&si);
lpMem = si.lpMinimumApplicationAddress;
while (lpMem < si.lpMaximumApplicationAddress)
{
mbi.RegionSize = 0;
dwReturn = VirtualQueryEx(pHandle, lpMem, &mbi, sizeof(mbi));
if (dwReturn == sizeof(mbi)) {
if ((mbi.Type == MEM_PRIVATE) && (mbi.State == MEM_COMMIT))
{
if (mbi.RegionSize > 0)
{
const BYTE* cbBuffer = (BYTE*)HeapAlloc(GetProcessHeap(), NULL, mbi.RegionSize);
if (cbBuffer == NULL)
{
printf ("HeapAlloc failed\n");
return FALSE;
}
ReadProcessMemory(pHandle, mbi.BaseAddress, (LPVOID)cbBuffer, mbi.RegionSize, &dwTotalRead);
DumpBuffer(cbBuffer, mbi.RegionSize);
HeapFree(GetProcessHeap(), NULL, (LPVOID)cbBuffer);
}
}
lpMem = (LPVOID)((DWORD)mbi.BaseAddress + mbi.RegionSize);
}
else break;
}
CloseHandle(pHandle);
return TRUE;
}
INT main(INT argc, CHAR **argv)
{
DumpProcessMemory(atoi(argv[1]));
return 0;
}