API tools faq
paste
Advertisement
EchoHackCmd

Untitled

EchoHackCmd
Dec 15th, 2019
607
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.36 KB | None | 0 0
raw download clone embed print report
  1. #include "mem.h"
  2. #include <TlHelp32.h>
  3.  
  4. void mem::Patch(BYTE* dst, BYTE* src, unsigned int size)
  5. {
  6. DWORD oldprotect;
  7. VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
  8.  
  9. memcpy(dst, src, size);
  10. VirtualProtect(dst, size, oldprotect, &oldprotect);
  11. }
  12.  
  13. void mem::PatchEx(BYTE* dst, BYTE* src, unsigned int size, HANDLE hProcess)
  14. {
  15. DWORD oldprotect;
  16. VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
  17. WriteProcessMemory(hProcess, dst, src, size, nullptr);
  18. VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);
  19. }
  20.  
  21. void mem::Nop(BYTE* dst, unsigned int size)
  22. {
  23. DWORD oldprotect;
  24. VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
  25. memset(dst, 0x90, size);
  26. VirtualProtect(dst, size, oldprotect, &oldprotect);
  27. }
  28.  
  29. void mem::NopEx(BYTE* dst, unsigned int size, HANDLE hProcess)
  30. {
  31. BYTE* nopArray = new BYTE[size];
  32. memset(nopArray, 0x90, size);
  33.  
  34. PatchEx(dst, nopArray, size, hProcess);
  35. delete[] nopArray;
  36. }
  37.  
  38. uintptr_t mem::FindAddr(HANDLE hProc, uintptr_t ptr, std::vector<unsigned int> offsets)
  39. {
  40. uintptr_t addr = ptr;
  41. for (unsigned int i = 0; i < offsets.size(); ++i)
  42. {
  43. ReadProcessMemory(hProc, (BYTE*)addr, &addr, sizeof(addr), 0);
  44. addr += offsets[i];
  45. }
  46. return addr;
  47. }
  48.  
  49. DWORD mem::GetProcId(const wchar_t* procName)
  50. {
  51. DWORD procId = 0;
  52. HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  53. if (hSnap != INVALID_HANDLE_VALUE)
  54. {
  55. PROCESSENTRY32 procEntry;
  56. procEntry.dwSize = sizeof(procEntry);
  57.  
  58. if (Process32First(hSnap, &procEntry))
  59. {
  60. do
  61. {
  62. if (!_wcsicmp(procEntry.szExeFile, procName))
  63. {
  64. procId = procEntry.th32ProcessID;
  65. break;
  66. }
  67. } while (Process32Next(hSnap, &procEntry));
  68.  
  69. }
  70. }
  71. CloseHandle(hSnap);
  72. return procId;
  73. }
  74.  
  75. uintptr_t mem::GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
  76. {
  77. uintptr_t modBaseAddr = 0;
  78. HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
  79. if (hSnap != INVALID_HANDLE_VALUE)
  80. {
  81. MODULEENTRY32 modEntry;
  82. modEntry.dwSize = sizeof(modEntry);
  83. if (Module32First(hSnap, &modEntry))
  84. {
  85. do
  86. {
  87. if (!_wcsicmp(modEntry.szModule, modName))
  88. {
  89. modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
  90. break;
  91. }
  92. } while (Module32Next(hSnap, &modEntry));
  93. }
  94. }
  95. CloseHandle(hSnap);
  96. return modBaseAddr;
  97. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!