Created
January 29, 2012 10:09
-
-
Save kkirsanov/1698123 to your computer and use it in GitHub Desktop.
memory scan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // testproc.cpp : Defines the entry point for the console application. | |
| // | |
| #include "stdafx.h" | |
| #include <string> | |
| #include <iostream> | |
| #include <conio.h> | |
| #include <Windows.h> | |
| #include <algorithm> | |
| #include <vector> | |
| using namespace std; | |
| const long TOTALVMRESERVE = 1000000; | |
| HWND wotWindow=0; | |
| string winName("W.o.T. Client"); | |
| //winName="s"; | |
| string nickname("kkirsanov<"); | |
| #define TOTALVMRESERVE 0x00100000 | |
| #define PAGESIZE 0x1000 | |
| BOOL CALLBACK findWot(HWND hWnd, LPARAM lParam) | |
| { | |
| char title[500]; | |
| ZeroMemory(title, sizeof(title)); | |
| GetWindowText(hWnd, title, sizeof(title)/sizeof(title[0])); | |
| string st(title); | |
| size_t found = st.find(winName); | |
| if (found!=string::npos){ | |
| //cout << st << endl; | |
| wotWindow = hWnd; | |
| return FALSE; | |
| } | |
| return TRUE; | |
| } | |
| int _tmain(int argc, _TCHAR* argv[]) | |
| { | |
| EnumWindows(findWot, 0); | |
| if (wotWindow == 0){ | |
| cout<<"No client."<<endl; | |
| Sleep(7000); | |
| return 1; | |
| } | |
| DWORD wotPID=0; | |
| GetWindowThreadProcessId(wotWindow, &wotPID); | |
| cout << "WoT PID = " << wotPID << endl; | |
| if (wotPID ==0) { | |
| Sleep(7000); | |
| return 2; | |
| } | |
| HANDLE wotPHandle=0; | |
| wotPHandle = OpenProcess(PROCESS_VM_READ , FALSE, wotPID);//PROCESS_ALL_ACCESS | |
| //wotPHandle =GetCurrentProcess(); | |
| if (wotPHandle ==0){ | |
| cout<<"Failed to gethandle. Need Admin rights."<<endl; | |
| Sleep(7000); | |
| return 3; | |
| } | |
| cout <<"Handle = " << wotPHandle<<endl; | |
| SYSTEM_INFO si; | |
| GetSystemInfo(&si); | |
| LPVOID start = (LPVOID)0x1000000;//0x94FC0D2 | |
| LPVOID end = si.lpMaximumApplicationAddress; | |
| int pageSize = si.dwPageSize; | |
| const int size=512; | |
| char a[4096]; | |
| string s(pageSize,'z'); | |
| DWORD oldProtect = 0; | |
| DWORD numRead = 0; | |
| LPVOID targetArea = 0; | |
| LPVOID i=0; | |
| /// | |
| while(start<end){ | |
| //VirtualProtectEx( wotPHandle, start, size, PAGE_EXECUTE_READWRITE, &oldProtect ); | |
| ReadProcessMemory( wotPHandle, start, &a, size, &numRead ); | |
| //VirtualProtectEx( wotPHandle, start, size, oldProtect, NULL ); //restore the original | |
| cout <<start<< " - "<< numRead<<endl; | |
| start = (LPVOID)((DWORD)start + (DWORD)pageSize); | |
| if (numRead==0) | |
| continue; | |
| s=string(a); | |
| size_t found = s.find(nickname); | |
| if (found!=string::npos){ | |
| cout <<"bingo!"<<endl; | |
| targetArea =start; | |
| break; | |
| }; | |
| } | |
| return 1; | |
| if (targetArea){ | |
| char a[size]; | |
| memset (a,' ', size); | |
| ReadProcessMemory( wotPHandle, targetArea, a, size, &numRead ); | |
| string st; | |
| for (int i=0;i<=size;i++){ | |
| if (a[i]>31 && __isascii(a[i])){ | |
| st+=a[i]; | |
| } | |
| } | |
| cout <<st<<endl; | |
| cout <<numRead<<endl; | |
| }; | |
| CloseHandle(wotPHandle); | |
| Sleep(10000); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment