Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- void rpmInt(DWORD Pid,char* ExeName,HANDLE Console,char *wBuffer,DWORD Written)
- {
- HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,Pid); //
- if(ThisProc == INVALID_HANDLE_VALUE)
- {
- wsprintf(wBuffer,"%s\n","Invalid Handle");
- WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
- }
- else
- {
- wsprintf(wBuffer,"%s\n","Valid Handle");
- WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
- }
- MEMORY_BASIC_INFORMATION mbi;
- char Buffer[64];
- SYSTEM_INFO si;
- GetSystemInfo(&si);
- DWORD dwStart;
- SIZE_T v;
- char *p;
- DWORD lpRead;
- const char* regionp;
- //BYTE s = 't';
- char *memchrp;
- int memcmpr;
- //const char findme[8] = "PRIVMSG";
- HANDLE Term;
- int s = 5;
- int five = 5;
- char findme[sizeof(five)]; //4
- //search for int with the value 5
- memcpy(findme, &five, sizeof(five));
- while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
- {
- v = VirtualQueryEx(ThisProc,
- (void *)dwStart,
- &mbi,
- sizeof(MEMORY_BASIC_INFORMATION));
- if(v == 0)
- {
- wsprintf(wBuffer,"%s\n","breaking");
- WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
- break;
- }
- if(mbi.State == MEM_COMMIT)
- {
- wsprintf(wBuffer,"%s\n","memcommit");
- WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
- p = (char *)malloc(mbi.RegionSize);
- wsprintf(wBuffer,"Memory at %02x, size %d\n",mbi.BaseAddress,mbi.RegionSize);
- WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
- if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
- {
- const char* offset = p;
- regionp = p;
- while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
- {
- if(&five > mbi.BaseAddress && &five <= ((int*)mbi.BaseAddress)+mbi.RegionSize)
- {
- MessageBox(NULL,"close","",0);
- if (memcmp(offset, findme, 4) == 0)
- {
- MessageBox(NULL,"found","",0);
- wsprintf(Buffer,"%p %p\n",findme,five);
- WriteConsole(Console,Buffer,strlen(Buffer),&Written,0);
- Sleep(5);
- break;
- }
- }
- ++offset;
- }
- }
- }
- if(dwStart + mbi.RegionSize < dwStart)
- {
- // printf("%s\n","breaking");
- break;
- }
- if(mbi.RegionSize != lpRead)
- {
- // printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
- }
- dwStart += mbi.RegionSize;
- Sleep(5);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement