API tools faq
paste
Advertisement
vovan333

Untitled

vovan333
Dec 3rd, 2017
605
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ (WinAPI) 3.48 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2.  
  3. class Memory
  4. {
  5. public:
  6.     Memory(HANDLE hProc);
  7.     ~Memory();
  8.  
  9.     DWORD_PTR GetModule(std::wstring modulename);
  10.     DWORD_PTR ResolveRelativePtr(DWORD_PTR Address, DWORD_PTR ofs);
  11.     BOOL DataCompare(BYTE* pData, BYTE* bMask, char * szMask);
  12.     DWORD64 FindPatternEx(HANDLE hProcess, std::wstring modulename, BYTE *bMask, char *szMask, DWORD64 dwAddress);
  13.    
  14.     template<typename TYPE>
  15.     TYPE Read(DWORD_PTR address) {
  16.         TYPE buffer;
  17.         if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, sizeof(buffer), 0) != 0)
  18.             return buffer;
  19.     }
  20.  
  21.     template<typename TYPE>
  22.     TYPE Read(DWORD_PTR address, SIZE_T length) {
  23.         TYPE buffer;
  24.         if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, length, 0) != 0)
  25.             return buffer;
  26.     }
  27.  
  28.     bool ReadData(DWORD address, SIZE_T length, char buffer[])
  29.     {
  30.         if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, length, 0) == 0)
  31.             return false;
  32.         else
  33.             return true;
  34.     }
  35.  
  36.     bool ReadData(DWORD address, SIZE_T length, wchar_t* buffer[])
  37.     {
  38.         if (ReadProcessMemory(hProcess, (LPVOID)address, &buffer, length, 0) == 0)
  39.             return false;
  40.         else
  41.             return true;
  42.     }
  43.  
  44.     template<typename TYPE>
  45.     void Write(DWORD address, TYPE dataToWrite) {
  46.         TYPE buffer = dataToWrite;
  47.         if (!WriteProcessMemory(hProcess, (LPVOID)address, &buffer, sizeof(buffer), 0))
  48.             std::cout << "WPM No Work: " << GetLastError() << std::endl;
  49.     }
  50.  
  51. private:
  52.     HANDLE hProcess;
  53.     MODULEINFO modinfo;
  54. };
  55.  
  56. DWORD_PTR Memory::ResolveRelativePtr(DWORD_PTR Address, DWORD_PTR ofs)
  57. {
  58.     if (Address)
  59.     {
  60.         Address += ofs;
  61.         DWORD tRead;
  62.         ReadProcessMemory(hProcess, (void*)(Address + 3), &tRead, sizeof(tRead), NULL); // .text:000000014000AE54                 mov     rcx, cs:142384108h
  63.         if (tRead) return (DWORD_PTR)(Address + tRead + sizeof(DWORD) + 3);
  64.     }
  65.     return NULL;
  66. }
  67.  
  68. BOOL Memory::DataCompare(BYTE* pData, BYTE* bMask, char * szMask)
  69. {
  70.     for (; *szMask; ++szMask, ++pData, ++bMask)
  71.         if (*szMask == 'x' && *pData != *bMask)
  72.             return FALSE;
  73.  
  74.     return (*szMask == NULL);
  75. }
  76.  
  77. DWORD64 Memory::FindPatternEx(HANDLE hProcess, std::wstring modulename, BYTE *bMask, char *szMask, DWORD64 dwAddress)
  78. {
  79.     GetModuleInformation(hProcess, GetModuleHandle(modulename.c_str()), &modinfo, sizeof(MODULEINFO)); // Get module information such as size of PE
  80.  
  81.     DWORD64 dwReturn = 0;
  82.     DWORD64 dwDataLength = strlen(szMask);
  83.     BYTE *pData = new BYTE[dwDataLength + 1];
  84.     SIZE_T dwRead;
  85.  
  86.     for (DWORD64 i = 0; i < modinfo.SizeOfImage; i++)
  87.     {
  88.         DWORD64 dwCurAddr = dwAddress + i;
  89.         bool bSuccess;
  90.         bSuccess = ReadProcessMemory(hProcess, (LPCVOID)dwCurAddr, pData, dwDataLength, &dwRead);
  91.  
  92.         if (!bSuccess || dwRead == 0)
  93.         {
  94.             continue;
  95.         }
  96.  
  97.         if (DataCompare(pData, bMask, szMask))
  98.         {
  99.             dwReturn = dwAddress + i;
  100.             break;
  101.         }
  102.     }
  103.  
  104.     delete[] pData;
  105.     return dwReturn;
  106. }
  107.  
  108. DWORD_PTR Memory::GetModule(std::wstring modulename)
  109. {
  110.     HMODULE *hModules = NULL;
  111.     wchar_t szBuf[50];
  112.     DWORD cModules = 0;
  113.  
  114.     EnumProcessModules(hProcess, hModules, 0, &cModules);
  115.     hModules = new HMODULE[cModules / sizeof(HMODULE)];
  116.  
  117.     if (EnumProcessModules(hProcess, hModules, cModules / sizeof(HMODULE), &cModules)) {
  118.         for (int i = 0; i < cModules / sizeof(HMODULE); i++) {
  119.             if (GetModuleBaseName(hProcess, hModules[i], szBuf, sizeof(szBuf))) {
  120.                 if (modulename.compare(szBuf) == 0)
  121.                 {
  122.                     return (DWORD_PTR)hModules[i];
  123.                 }
  124.             }
  125.         }
  126.     }
  127.  
  128.     return 0;
  129. }
  130.  
  131. Memory::Memory(HANDLE hProc)
  132. {
  133.     hProcess = hProc;
  134. }
  135.  
  136. //TODO: Clean up later.
  137. Memory::~Memory()
  138. {
  139. }
  140.  
  141. Memory* mem;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!