Last active
January 3, 2019 18:04
-
-
Save JamesTheHacker/d49fcb0f6185295f04f4cc7d4430a47c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <Windows.h> | |
/* | |
* Small utility function to print the values from MEMORY_BASIC_INFORMATION64 struct | |
*/ | |
void PrintMemoryBasicInformation64(MEMORY_BASIC_INFORMATION64 *mbi) | |
{ | |
printf("Base Address: %p\n", mbi->BaseAddress); | |
printf("Allocation Base Address: %p\n", mbi->AllocationBase); | |
printf("Allocation Protect:%#010x\n", mbi->AllocationProtect); | |
printf("Region Size: %i\n", mbi->RegionSize); | |
printf("State: %#010x\n", mbi->State); | |
printf("Protect: %#010x\n", mbi->Protect); | |
printf("Type: %#010x\n", mbi->Type); | |
} | |
int main(int argc, char** argv) | |
{ | |
int pid = 10964; | |
DWORD_PTR addr = 0x7FF7BD730000; | |
MEMORY_BASIC_INFORMATION64 mbi; | |
char value; | |
/* | |
* Get a handle for process with specific process id | |
*/ | |
HANDLE pHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid); | |
if (pHandle == NULL) { | |
printf("Error getting handle for process %i. Failed with error: %i", pid, GetLastError()); | |
return -1; | |
} | |
/* | |
* Retrieve information on virtual address space | |
*/ | |
BOOL vqeResult = VirtualQueryEx(pHandle, addr, &mbi, sizeof(MEMORY_BASIC_INFORMATION64)); | |
if (!vqeResult) { | |
printf("Error querying virtual memory: %i", GetLastError()); | |
return -1; | |
} | |
PrintMemoryBasicInformation64(&mbi); | |
getchar(); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment