ProcessModder.cpp

1. #include "ProcessModder.h"
2. #include <AclAPI.h> // For modifying process security settings
3. #include <TlHelp32.h> // For examining currently open processes
4.  
5. bool ProcessModder::openWithProcessID(DWORD processID)
6. {
7. if ( isOpen() )
8. close();
9.  
10. return Hook(processID);
11. }
12.  
13. bool ProcessModder::openWithProcessName(const char* szProcessName)
14. {
15. if ( isOpen() )
16. close();
17.  
18. DWORD processID;
19.  
20. return FindProcess(szProcessName, processID)
21. && Hook(processID);
22. }
23.  
24. bool ProcessModder::openWithWindowName(const char* szWindowName)
25. {
26. if ( isOpen() )
27. close();
28.  
29. DWORD processID;
30.  
31. HWND hWindow = FindWindow(NULL, szWindowName);
32.  
33. return GetWindowThreadProcessId(hWindow, &processID)
34. && Hook(processID);
35. }
36.  
37. bool ProcessModder::openWithProcessHandle(HANDLE hProcess)
38. {
39. if ( isOpen() )
40. close();
41.  
42. DWORD processID = GetProcessId(hProcess);
43.  
44. return processID != 0
45. && Hook(processID);
46. }
47.  
48. bool ProcessModder::isOpen()
49. {
50. DWORD lpExitCode;
51.  
52. return hookedProcess != NULL
53. && GetExitCodeProcess(hookedProcess, &lpExitCode)
54. && lpExitCode == STILL_ACTIVE;
55. }
56.  
57. void ProcessModder::close()
58. {
59. if ( isOpen() )
60. {
61. CloseHandle(hookedProcess);
62. hookedProcess = NULL;
63. }
64. }
65.  
66. template <typename valueType> // Allow writing to different data types
67. bool ProcessModder::writeMem(UINT address, valueType value)
68. {
69. return WriteProcessMemory(hookedProcess, (LPVOID)address, &value, sizeof(valueType), NULL) == TRUE;
70. }
71. template bool ProcessModder::writeMem<UINT>(UINT address, UINT value); // Explicit instantiations
72. template bool ProcessModder::writeMem<USHORT>(UINT address, USHORT value);
73. template bool ProcessModder::writeMem<BYTE>(UINT address, BYTE value);
74.  
75. template <typename valueType> // Allow reading from different data types
76. bool ProcessModder::readMem(UINT address, valueType &value)
77. {
78. if ( ReadProcessMemory(hookedProcess, (LPCVOID)address, &value, sizeof(valueType), NULL) )
79. return true;
80. else
81. {
82. value = 0; // Ensure value is initialized for safety
83. return false;
84. }
85. }
86. template bool ProcessModder::readMem<UINT>(UINT address, UINT &value); // Explicit instantiations
87. template bool ProcessModder::readMem<USHORT>(UINT address, USHORT &value);
88. template bool ProcessModder::readMem<BYTE>(UINT address, BYTE &value);
89.  
90. bool ProcessModder::Hook(DWORD processID)
91. {
92.  
93. HANDLE pHandle = OpenProcess(WRITE_DAC, false, processID); // Open process with DACL access
94. if ( pHandle == NULL )
95. return false; // Could not open process with DACL access
96.  
97. PSECURITY_DESCRIPTOR secdesc; // Placeholder (required)
98. PACL dacl = NULL; // Pointer to access information (ie: whether you can read the process's memory)
99.  
100. HANDLE pCurr = GetCurrentProcess();
101. if ( ( GetSecurityInfo(pCurr, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, // Get the security information for this process
102. NULL, NULL, &dacl, NULL, &secdesc) == ERROR_SUCCESS )
103. && ( SetSecurityInfo(pHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION,
104. NULL, NULL, dacl, NULL) == ERROR_SUCCESS ) ) // Replace the target process's security information with this process's security information
105. {
106. CloseHandle(pHandle); // Close the process handle with DACL access
107. LocalFree(secdesc); // Free the placeholder
108. hookedProcess = OpenProcess(PROCESS_ALL_ACCESS, false, processID); // Open process with full access
109. if ( hookedProcess == NULL )
110. hookedProcess = OpenProcess(PROCESS_ALL_LEGACY_ACCESS, false, processID); // Retry with access compatible with legacy operating systems
111.  
112. return hookedProcess != NULL; // Return true if successfully opened
113. }
114.  
115. CloseHandle(pHandle); // Close the process handle with DACL access
116. LocalFree(secdesc); // Free the placeholder
117. return false; // Could not replace security information
118. }
119.  
120. bool ProcessModder::FindProcess(const char* szProcessName, DWORD &processID)
121. {
122. HANDLE hProcessSnap = NULL;
123. PROCESSENTRY32 pe32 = { }; // Holds information about a process
124. pe32.dwSize = sizeof(PROCESSENTRY32);
125.  
126. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); // Get list of running processes
127. if ( hProcessSnap != INVALID_HANDLE_VALUE ) // Got list successfully
128. {
129. if ( Process32First(hProcessSnap, &pe32) ) // If you can get information about the first process
130. {
131. do // Step through processes
132. {
133. if ( strcmp(szProcessName, pe32.szExeFile) == 0 ) // If process name is the name you're searching for
134. {
135. processID = pe32.th32ProcessID; // Set returned process ID value
136. CloseHandle(hProcessSnap); // Cleanup process list
137. return true;
138. }
139. } while ( Process32Next(hProcessSnap, &pe32) ); // While there's more processes
140. }
141.  
142. CloseHandle(hProcessSnap); // Cleanup process list
143. }
144.  
145. return false;
146. }