#include "ProcMem.h"using namespace std;ProcMem::ProcMem(){ //Cons

1. #include "ProcMem.h"
2.  
3.  
4. using namespace std;
5.  
6.  
7. ProcMem::ProcMem(){
8. //Constructor For Class, Do Not Remove!
9. }
10.  
11.  
12. __int32 ProcMem::GetLength(char *chArray){
13.  
14.  
15. //Loop Through *chArray To Get Amount Of Bytes
16. for(__int32 iLength = 1; iLength < MAX_PATH; iLength++)
17. if (chArray[iLength] == '*')
18. return iLength;
19.  
20.  
21. cout << "\nLENGTH: Failed To Read Length Of Array\n";
22. return 0;
23. }
24.  
25.  
26. bool ProcMem::Locate(int iAry[], int iSize, int iVal){
27.  
28.  
29. for(int i = 0; i != iSize; i++)
30. if(iVal == iAry[i])
31. return true;
32.  
33.  
34. return false;
35. }
36.  
37.  
38. void ProcMem::Patch(DWORD dwAddress, char *Patch_Bts, char *Default_Bts){
39.  
40. //Variables
41. __int32 iSize = GetLength(Default_Bts);
42.  
43.  
44. //Loop Through Addresses Writing Bytes
45. if (!bPOn)
46. for(__int32 i = 0; i < iSize; i++)
47. Write<BYTE>(dwAddress + i, Patch_Bts[i]);
48. else
49. for(__int32 i = 0; i < iSize; i++)
50. Write<BYTE>(dwAddress + i, Default_Bts[i]);
51.  
52.  
53. bPOn = !bPOn;
54. }
55.  
56.  
57. void ProcMem::GetProcess(char* ProcessName){
58.  
59.  
60. //Variables
61. HANDLE hPID = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); //Snapshot To View All Active Processes
62. PROCESSENTRY32 pEntry;
63. pEntry.dwSize = sizeof(pEntry); //Declare Structure Size And Populate It
64.  
65.  
66. //Loop Through All Running Processes To Find Process
67. do
68. if(!strcmp(pEntry.szExeFile, ProcessName))
69. {
70. //Store Process ID
71. dwPID = pEntry.th32ProcessID;
72. CloseHandle(hPID);
73.  
74.  
75. //Give Our Handle All Access Rights
76. hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
77. return;
78. }
79. while(Process32Next(hPID, &pEntry));
80.  
81.  
82. cout << "\nPROCESS: Process Not Found\n";
83. system("pause");
84. exit(0);
85. }
86.  
87.  
88. void ProcMem::Inject(DWORD dwAddress, char *Inj_Bts, char *Def_Bts, BOOL Type){
89.  
90. //Variables
91. __int32 i_ISize = GetLength(Inj_Bts);
92. __int32 i_DSize = GetLength(Def_Bts);
93.  
94.  
95. if(!bIOn)
96. {
97. //NOP All Bytes In The Array Past The 5th Byte
98. if(i_DSize >= 5)
99. for (__int32 i = 6; i < i_DSize; i++)//maybe change 6 to 5
100. Write<BYTE>(dwAddress + i, 0x90);
101. else {cout << "\nINJECTION: Default Bytes Must Be More Than 5\n"; return;}
102.  
103.  
104. //Create Codecave
105. dwCaveAddress = (DWORD)VirtualAllocEx(hProcess, NULL, i_ISize + 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
106.  
107.  
108. //Calculate Jmp/Return Distances In Bytes To Write
109. DWORD dwRetJmp = (dwAddress + i_DSize) - dwCaveAddress - 5; //(NextInstruction - CaveAddress - 5) - is correct equation.
110. DWORD dwBaseJmp = dwCaveAddress - dwAddress - 5; //Base Jmp
111.  
112.  
113. //Loop Through Each Address Writing Inj_Bts Inside The Codecave
114. for (__int32 i = 0; i <= i_ISize; i++)
115. Write<BYTE>(dwCaveAddress+i, Inj_Bts[i]);
116.  
117. //Write The Return Distance In Bytes (E9 = Jmp | E8 = Call) To The Original Address
118. Write<BYTE>(dwCaveAddress + i_ISize, Type ? 0xE9 : 0xE8);
119. Write<DWORD>(dwCaveAddress + i_ISize + 1, dwRetJmp);
120.  
121. //Write The Jump From The Original Address To The Codecave
122. Write<BYTE>(dwAddress, Type ? 0xE9 : 0xE8);
123. Write<DWORD>(dwAddress + 1, dwBaseJmp);
124. }
125.  
126.  
127. if(bIOn)
128. {
129. //Restore Original Bytes
130. for(__int32 i = 0; i < i_DSize; i++)
131. Write<BYTE>(dwAddress + i, Def_Bts[i]);
132.  
133.  
134. //Clean Up! (DeAllocate CodeCave)
135. VirtualFreeEx(hProcess, (LPVOID)dwCaveAddress, i_ISize + 5, MEM_DECOMMIT);
136. }
137. bIOn = !bIOn; //Set bIOn To Opposite So When Called Again It Executs The Off Statement (Bottom)
138. }
139.  
140.  
141. DWORD ProcMem::AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *Bytes){
142.  
143.  
144. //VARIABLES
145. __int32 iBytesToRead(0);
146. __int32 length = GetLength(Bytes);
147.  
148.  
149. //Increase Start Address Till It Reaches The End Address
150. for(;dwAddress < dwEnd; dwAddress++)
151. if(Read<BYTE>(dwAddress) == Bytes[iBytesToRead] || Bytes[iBytesToRead] == '?')
152. iBytesToRead++;
153. else if(iBytesToRead >= length)
154. return dwAddress - iBytesToRead;
155. else iBytesToRead = 0;
156.  
157.  
158. cout << "\nAOB_SCAN: Failed To Find Byte Pattern\n";
159. return 0;
160. }
161.  
162.  
163. DWORD ProcMem::Module(LPSTR ModuleName){
164.  
165. //Variables
166. HANDLE hModule = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); //Take A Module Snapshot Of The Process (Grab All Loaded Modules)
167. MODULEENTRY32 mEntry; //Declare Module Entry Structure
168. mEntry.dwSize = sizeof(mEntry); //Declare Structure Size And Populate It With Loaded Modules
169.  
170. //Scan For Module By Name
171. do
172. if(!strcmp(mEntry.szModule, ModuleName))
173. {
174. CloseHandle(hModule);
175. return (DWORD)mEntry.modBaseAddr;
176. }
177. while(Module32Next(hModule, &mEntry));
178.  
179. cout << "\nMODULE: Process Platform Invalid\n";
180. return 0;
181. }
182.  
183.  
184. ProcMem::~ProcMem(){
185.  
186.  
187. //Clean Up! (Close Handle - Not Needed Anymore)
188. CloseHandle(hProcess);
189. }
190.  
191.  
192.  
193. NOT ACTUAL CODING
194. NOT ACTUAL CODING
195. NOT ACTUAL CODING
196.  
197.  
198.  
199. #ifndef PROCMEM_H //If Not Defined
200. #define PROCMEM_H //Define Now
201. #define WIN32_LEAN_AND_MEAN //Excludes Headers We Wont Use (Increase Compile Time)
202.  
203.  
204. #include <iostream> //Constains Input/Output Functions (cin/cout etc..)
205. #include <windows.h> //Standard Windows Header
206. #include <TlHelp32.h> //Contains Read/Write Functions
207. #include <string> //Support For Strings
208.  
209.  
210. class ProcMem;
211. class ProcMem{
212.  
213.  
214. public:
215.  
216.  
217. //FUNCTION PROTOTYPES
218. ProcMem();
219. ~ProcMem();
220. __int32 GetLength(char *chArray);
221. bool Locate(int iAry[], int iSize, int iVal);
222. void Patch(DWORD dwAddress, char *Patch_Bts, char *Default_Bts);
223. void GetProcess(char* ProcessName);
224. void Inject(DWORD dwAddress, char *Inj_Bts, char *Def_Bts, BOOL Type);
225. DWORD AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *Bytes);
226. DWORD Module(LPSTR ModuleName);
227.  
228.  
229. #pragma region TEMPLATE MEMORY FUNCTIONS
230.  
231.  
232. //REMOVE READ/WRITE PROTECTION
233. template <class cData>
234. void Protection(DWORD dwAddress)
235. {
236. if(!bProt)
237. VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), PAGE_EXECUTE_READWRITE, &dwProtection); //Remove Read/Write Protection By Giving It New Permissions
238. else
239. VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), dwProtection, &dwProtection); //Restore The Old Permissions After You Have Red The dwAddress
240.  
241. bProt = !bProt;
242. }
243.  
244.  
245. //READ MEMORY
246. template <class cData>
247. cData Read(DWORD dwAddress)
248. {
249. cData cRead; //Generic Variable To Store Data
250. ReadProcessMemory(hProcess, (LPVOID)dwAddress, &cRead, sizeof(cData), NULL); //Win API - Reads Data At Specified Location
251. return cRead; //Returns Value At Specified dwAddress
252. }
253.  
254. //READ MEMORY - Pointer
255. template <class cData>
256. cData Read(DWORD dwAddress, char *Offset, BOOL Type)
257. {
258. //Variables
259. __int32 iSize = GetLength(Offset) -1; //Size Of *Array Of Offsets
260. dwAddress = Read<DWORD>(dwAddress); //HEX VAL
261.  
262. //Loop Through Each Offset & Store Hex Value (Address) In dwTMP
263. for (__int32 i = 0; i < iSize; i++)
264. dwAddress = Read<DWORD>(dwAddress + Offset[i]);
265.  
266.  
267. if (!Type)
268. return dwAddress + Offset[iSize]; //FALSE - Return Address
269. else
270. return Read<cData>(dwAddress + Offset[iSize]); //TRUE - Return Value
271. }
272.  
273.  
274. //WRITE MEMORY
275. template <class cData>
276. void Write(DWORD dwAddress, cData Value)
277. { WriteProcessMemory(hProcess, (LPVOID)dwAddress, &Value, sizeof(cData), NULL); }
278.  
279.  
280. //WRITE MEMORY - Pointer
281. template <class cData>
282. void Write(DWORD dwAddress, char *Offset, cData Value)
283. { Write<cData>(Read<cData>(dwAddress, Offset, false), Value); }
284.  
285. #pragma endregion
286.  
287.  
288. private:
289.  
290.  
291. //HANDLES
292. HANDLE hProcess;
293.  
294.  
295. //STORAGE
296. DWORD dwPID, dwProtection, dwCaveAddress;
297.  
298.  
299. //MISC
300. BOOL bPOn, bIOn, bProt;
301. };
302. #endif