Created
February 28, 2020 23:28
-
-
Save ek0/ceee915506fd2c19c1f91c74deee722b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void DumpPages(void* address) | |
| { | |
| MEMORY_BASIC_INFORMATION mem_info; | |
| FILE* desc = nullptr; | |
| FILE* bin = nullptr; | |
| char module_name[MAX_PATH] = { 0 }; | |
| char desc_filename_buffer[MAX_PATH] = { 0 }; | |
| char bin_filename_buffer[MAX_PATH] = { 0 }; | |
| char buffer[0x1000] = { 0 }; | |
| snprintf(desc_filename_buffer, MAX_PATH, "desc_%#016" PRIx64 ".txt", address); | |
| snprintf(bin_filename_buffer, MAX_PATH, "bin_%016" PRIx64 ".txt", address); | |
| fopen_s(&desc, desc_filename_buffer, "w"); | |
| fopen_s(&bin, bin_filename_buffer, "wb"); | |
| // Getting information on the page region. | |
| VirtualQuery(address, &mem_info, sizeof(MEMORY_BASIC_INFORMATION)); // fuck errors | |
| snprintf(buffer, 0x1000, "Base Address of process: %p\nAddress: %p\nPage address: %p\nAllocBase: %p\nRegion size: %#llx\nProtection: %x\nAlloc Protect: %x\n", | |
| GetModuleHandle(NULL), | |
| address, | |
| mem_info.BaseAddress, | |
| mem_info.AllocationBase, | |
| mem_info.RegionSize, | |
| mem_info.Protect, | |
| mem_info.AllocationProtect); | |
| fwrite(buffer, strlen(buffer), 1, desc); | |
| fwrite(mem_info.AllocationBase, mem_info.RegionSize, 1, bin); | |
| fclose(desc); | |
| fclose(bin); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment