-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMemory.cpp
More file actions
95 lines (77 loc) · 2.43 KB
/
Memory.cpp
File metadata and controls
95 lines (77 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#include "pch.h"
#include "Memory.h"
DWORD Memory::GetPID(const wchar_t* processName)
{
DWORD pid = 0;
HANDLE pSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (pSnap == INVALID_HANDLE_VALUE) return pid;
PROCESSENTRY32 pEntry;
pEntry.dwSize = sizeof(pEntry);
unsigned int counter = 0;
if (Process32First(pSnap, &pEntry))
{
do
{
if (!_wcsicmp(pEntry.szExeFile, processName))
{
pid = pEntry.th32ProcessID;
break;
}
} while (Process32Next(pSnap, &pEntry));
}
CloseHandle(pSnap);
return pid;
}
uintptr_t Memory::GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap == INVALID_HANDLE_VALUE) return modBaseAddr;
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_wcsicmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
CloseHandle(hSnap);
return modBaseAddr;
}
uintptr_t Memory::FindDMAAddy(HANDLE hProc, uintptr_t ptr, std::vector<unsigned int>offsets)
{
for (unsigned int i = 0; i < offsets.size(); i++)
{
ReadProcessMemory(hProc, (BYTE*)ptr, &ptr, sizeof(ptr), 0);
ptr += offsets[i];
}
return ptr;
}
void Memory::PatchEx(HANDLE hProcess, void* dst, void* buffer, size_t size)
{
DWORD oldProtect;
VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldProtect);
WriteProcessMemory(hProcess, dst, buffer, size, NULL);
VirtualProtectEx(hProcess, dst, size, oldProtect, &oldProtect);
}
void Memory::NopEx(HANDLE hProcess, void* dst, size_t size)
{
BYTE* nopArray = new BYTE[size];
memset(nopArray, 0x90, size);
PatchEx(hProcess, dst, nopArray, size);
}
void Memory::ReadEx(HANDLE hProcess, void* dst, void* buffer, size_t size)
{
DWORD oldProtect;
VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldProtect);
ReadProcessMemory(hProcess, dst, buffer, size, NULL);
VirtualProtectEx(hProcess, dst, size, oldProtect, &oldProtect);
}
HANDLE Memory::pHandle = NULL;
uintptr_t Memory::BaseAddress = 0;
DWORD Memory::pid = 0;