void rpmInt(DWORD Pid,char* ExeName,HANDLE Console,char *wBuffer,DWORD Written)
{
HANDLE ThisProc = OpenProcess(PROCESS_ALL_ACCESS,true,Pid); //
if(ThisProc == INVALID_HANDLE_VALUE)
{
wsprintf(wBuffer,"%s\n","Invalid Handle");
WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
}
else
{
wsprintf(wBuffer,"%s\n","Valid Handle");
WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
}
MEMORY_BASIC_INFORMATION mbi;
char Buffer[64];
SYSTEM_INFO si;
GetSystemInfo(&si);
DWORD dwStart;
SIZE_T v;
char *p;
DWORD lpRead;
const char* regionp;
//BYTE s = 't';
char *memchrp;
int memcmpr;
//const char findme[8] = "PRIVMSG";
HANDLE Term;
int s = 5;
int five = 5;
char findme[sizeof(five)]; //4
//search for int with the value 5
memcpy(findme, &five, sizeof(five));
while(dwStart < (DWORD)si.lpMaximumApplicationAddress)
{
v = VirtualQueryEx(ThisProc,
(void *)dwStart,
&mbi,
sizeof(MEMORY_BASIC_INFORMATION));
if(v == 0)
{
wsprintf(wBuffer,"%s\n","breaking");
WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
break;
}
if(mbi.State == MEM_COMMIT)
{
wsprintf(wBuffer,"%s\n","memcommit");
WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
p = (char *)malloc(mbi.RegionSize);
wsprintf(wBuffer,"Memory at %02x, size %d\n",mbi.BaseAddress,mbi.RegionSize);
WriteConsole(Console,wBuffer,strlen(wBuffer),&Written,0);
if(ReadProcessMemory(ThisProc,(void *)dwStart,p,mbi.RegionSize,&lpRead))
{
const char* offset = p;
regionp = p;
while ((offset = (const char*)memchr(offset, findme[0], regionp+mbi.RegionSize-offset)) != 0)
{
if(&five > mbi.BaseAddress && &five <= ((int*)mbi.BaseAddress)+mbi.RegionSize)
{
MessageBox(NULL,"close","",0);
if (memcmp(offset, findme, 4) == 0)
{
MessageBox(NULL,"found","",0);
wsprintf(Buffer,"%p %p\n",findme,five);
WriteConsole(Console,Buffer,strlen(Buffer),&Written,0);
Sleep(5);
break;
}
}
++offset;
}
}
}
if(dwStart + mbi.RegionSize < dwStart)
{
// printf("%s\n","breaking");
break;
}
if(mbi.RegionSize != lpRead)
{
// printf("Not enough bytes read %d != %d\n",mbi.RegionSize,lpRead);
}
dwStart += mbi.RegionSize;
Sleep(5);
}
}