Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdlib.h>
- #include <stdio.h>
- #include <windows.h>
- #include <TlHelp32.h>
- #include "resource.h"
- CHAR szMultipartString[] = {0x2E, 0x7A, 0x69, 0x70, 0x2E, 0x30, 0x3F, 0x3F, 0x3C, 0x2F, 0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x3E};
- CHAR mkMultipartString[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- CHAR szSinglepartString[] = {0x2E, 0x65, 0x78, 0x65, 0x3C, 0x2F, 0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x3E};
- CHAR mkSinglepartString[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- CHAR szServer[] = {0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x62, 0x69, 0x6E, 0x73, 0x2E, 0x62, 0x69, 0x67, 0x66, 0x69, 0x73, 0x68, 0x67, 0x61, 0x6D, 0x65, 0x73, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x64, 0x6F, 0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x73, 0x2F};
- CHAR szServerMask[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- UINT Search( PBYTE lpTargetAddress,
- PBYTE lpSearchPattern,
- PBYTE lpSearchMask,
- UINT cbPatternSize,
- UINT cbSearchSize,
- BOOL bOffset )
- {
- ULONG ReturnValue = 0; // Set return value to 0
- UINT i = 0; // Set counter 'i' to 0
- UINT j = 0; // Set counter 'j' to 0
- do // Do {STEPS} while {CONDITION == TRUE}
- {
- j = 0; // In loop, set counter 'j' to 0;
- do // Do {STEPS} while {CONDITION == TRUE}
- {
- if ( lpSearchMask[j] == 0 ) // If byte is 0x00, check byte, else skip
- {
- if ( lpTargetAddress[i+j] != lpSearchPattern[j] )// If current byte isn't a match, break loop
- {
- break; // Break loop
- }
- }
- j++; // Else, check next mask byte in pattern
- } while ( j < cbPatternSize ); // CONDITION: While counter 'j' is less than pattern size
- if (j ==cbPatternSize )
- {
- ReturnValue = i; // If it makes it here, we've got a match
- if ( !bOffset )
- {
- ReturnValue += ( ( UINT ) lpTargetAddress ); // Add lpTargetAddress to return value
- }
- break; // Break loop
- }
- i++; // Next byte in search buffer
- } while ( i <= cbSearchSize - cbPatternSize ); // CONDITION: While we havent searched the entire search range
- return ReturnValue; // Return result
- }
- HANDLE OpenGameManager()
- {
- HANDLE hSnapshot = NULL;
- HANDLE hTemp = NULL;
- PROCESSENTRY32 pe32 = {0};
- // Attempt to create the snapshot of all processes
- hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPALL, 0 );
- // Check result
- if ( hSnapshot == INVALID_HANDLE_VALUE )
- {
- // Notify of failure to create snapshot
- return NULL;
- }
- // Set member to size of structure to prevent failure
- pe32.dwSize = sizeof ( pe32 );
- // Attempt to begin iterating the processes found in the snapshot
- if ( !Process32First( hSnapshot, &pe32 ) )
- {
- // Close our snapshot handle
- CloseHandle( hSnapshot );
- // Notify of failure with Process32First
- return NULL;
- }
- // Enter enumeration loop, checking original results before calling Process32Next until either process
- // is found or Process32Next returns FALSE
- do
- {
- // String compare the szExeFile member with "bfgclient.exe"
- if ( !lstrcmp( pe32.szExeFile, "bfgclient.exe" ) )
- {
- // Found a hit, continue checking this process
- // Close handle to snapshot
- CloseHandle( hSnapshot );
- // Attempt to open process with basic read privileges
- hTemp = OpenProcess( PROCESS_VM_READ | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID );
- if ( !hTemp )
- {
- // Failed to open process for basic read privileges, found but not accessible
- // Notify of failure
- return NULL;
- }
- else
- {
- // Successfully opened handle, we can read from this process
- return hTemp;
- }
- }
- } while ( Process32Next( hSnapshot, &pe32 ) );
- CloseHandle( hSnapshot );
- // Didn't find the process, notify and return
- return NULL;
- }
- BOOL FindMemorySection ( HANDLE hProcess, MEMORY_BASIC_INFORMATION *pRegion, BOOL *IsMultipart )
- {
- MEMORY_BASIC_INFORMATION TempMBI = {0};
- UINT dwCurrentBase = 0;
- BYTE *pMemory = 0;
- UINT flOldProtect = 0;
- BOOL bReadOK = FALSE;
- for ( dwCurrentBase = 0; dwCurrentBase < 0x7FFFFFFF; dwCurrentBase += TempMBI.RegionSize )
- {
- if ( VirtualQueryEx( hProcess, (LPCVOID)dwCurrentBase, &TempMBI, sizeof ( TempMBI ) ) )
- {
- if ( TempMBI.State == MEM_COMMIT )
- {
- pMemory = LocalAlloc( LMEM_ZEROINIT, TempMBI.RegionSize );
- if ( !pMemory )
- {
- // Notify of failure to allocate memory
- return FALSE;
- }
- if ( VirtualProtectEx( hProcess, TempMBI.BaseAddress, TempMBI.RegionSize, PAGE_READWRITE, &flOldProtect ))
- {
- bReadOK = ReadProcessMemory( hProcess, TempMBI.BaseAddress, pMemory, TempMBI.RegionSize, NULL );
- VirtualProtectEx( hProcess, TempMBI.BaseAddress, TempMBI.RegionSize, flOldProtect, &flOldProtect );
- }
- if ( bReadOK )
- {
- // Search through the memory now to see if we have a match for either of the search strings
- if ( Search( pMemory, szMultipartString, mkMultipartString, sizeof (szMultipartString), TempMBI.RegionSize, TRUE ) )
- {
- *IsMultipart = TRUE;
- // Copy across MBI information
- memcpy( pRegion, &TempMBI, sizeof ( TempMBI ) );
- // Free memory used
- LocalFree( pMemory );
- return TRUE;
- }
- else if ( Search (pMemory, szSinglepartString, mkSinglepartString, sizeof (szSinglepartString), TempMBI.RegionSize, TRUE ) )
- {
- *IsMultipart = FALSE;
- // Copy across MBI information
- memcpy( pRegion, &TempMBI, sizeof ( TempMBI ) );
- // Free memory used
- LocalFree( pMemory );
- return TRUE;
- }
- else if ( Search (pMemory, szServer, szServerMask, sizeof (szServer), TempMBI.RegionSize, TRUE ) )
- {
- // Copy across MBI information
- memcpy( pRegion, &TempMBI, sizeof ( TempMBI ) );
- // Free memory used
- LocalFree( pMemory );
- return TRUE;
- }
- }
- // Free memory used
- LocalFree( pMemory );
- }
- }
- else
- {
- return FALSE;
- }
- }
- return FALSE;
- }
- VOID ThreadProc( VOID *pParam )
- {
- HANDLE hGameManager = OpenGameManager();
- BOOL bIsMultipart = FALSE;
- MEMORY_BASIC_INFORMATION Region = {0};
- CHAR szMessage[256];
- // Find BFG game manager and open a handle
- if ( hGameManager )
- {
- // Find memory region which contains string(s)
- if ( FindMemorySection( hGameManager, &Region, &bIsMultipart ) )
- {
- sprintf_s(szMessage, 256, "%08X", Region.BaseAddress);
- MessageBox(0,szMessage,0,0);
- // Scan memory for string(s)
- // Output string(s)
- }
- // Close handle to game manager process
- CloseHandle( hGameManager );
- }
- //ExitThread( ERROR_SUCCESS );
- }
- BOOL CALLBACK WndProc( HWND hWin, UINT uMsg, LPARAM lParam, WPARAM wParam )
- {
- switch ( uMsg )
- {
- case WM_COMMAND:
- switch LOWORD ( lParam )
- {
- case IDOK:
- ThreadProc(0);
- break;
- case IDCANCEL:
- SendMessage( hWin, WM_CLOSE, 0, 0 );
- break;
- }
- break;
- case WM_INITDIALOG:
- break;
- case WM_CLOSE:
- EndDialog( hWin, ERROR_SUCCESS );
- break;
- }
- return FALSE;
- }
- INT WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nShowCmd )
- {
- return DialogBoxParam( hInstance, MAKEINTRESOURCE(IDD_MAIN), HWND_DESKTOP, (DLGPROC)WndProc, 0 );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement