forked from latsarbomba/Selfies
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Memory.h
141 lines (117 loc) · 3.34 KB
/
Memory.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#pragma once
class Memory
{
public:
Memory(HANDLE hProc);
~Memory();
DWORD_PTR GetModule(std::wstring modulename);
DWORD_PTR ResolveRelativePtr(DWORD_PTR Address, DWORD_PTR ofs);
BOOL DataCompare(BYTE* pData, BYTE* bMask, char * szMask);
DWORD64 FindPatternEx(HANDLE hProcess, std::wstring modulename, BYTE *bMask, char *szMask, DWORD64 dwAddress);
template<typename TYPE>
TYPE Read(DWORD_PTR address) {
TYPE buffer;
if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, sizeof(buffer), 0) != 0)
return buffer;
}
template<typename TYPE>
TYPE Read(DWORD_PTR address, SIZE_T length) {
TYPE buffer;
if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, length, 0) != 0)
return buffer;
}
bool ReadData(DWORD address, SIZE_T length, char buffer[])
{
if (ReadProcessMemory(hProcess, (LPCVOID)address, &buffer, length, 0) == 0)
return false;
else
return true;
}
bool ReadData(DWORD address, SIZE_T length, wchar_t* buffer[])
{
if (ReadProcessMemory(hProcess, (LPVOID)address, &buffer, length, 0) == 0)
return false;
else
return true;
}
template<typename TYPE>
void Write(DWORD address, TYPE dataToWrite) {
TYPE buffer = dataToWrite;
if (!WriteProcessMemory(hProcess, (LPVOID)address, &buffer, sizeof(buffer), 0))
std::cout << "WPM No Work: " << GetLastError() << std::endl;
}
private:
HANDLE hProcess;
MODULEINFO modinfo;
};
DWORD_PTR Memory::ResolveRelativePtr(DWORD_PTR Address, DWORD_PTR ofs)
{
if (Address)
{
Address += ofs;
DWORD tRead;
ReadProcessMemory(hProcess, (void*)(Address + 3), &tRead, sizeof(tRead), NULL); // .text:000000014000AE54 mov rcx, cs:142384108h
if (tRead) return (DWORD_PTR)(Address + tRead + sizeof(DWORD) + 3);
}
return NULL;
}
BOOL Memory::DataCompare(BYTE* pData, BYTE* bMask, char * szMask)
{
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
return FALSE;
return (*szMask == NULL);
}
DWORD64 Memory::FindPatternEx(HANDLE hProcess, std::wstring modulename, BYTE *bMask, char *szMask, DWORD64 dwAddress)
{
GetModuleInformation(hProcess, GetModuleHandle(modulename.c_str()), &modinfo, sizeof(MODULEINFO)); // Get module information such as size of PE
DWORD64 dwReturn = 0;
DWORD64 dwDataLength = strlen(szMask);
BYTE *pData = new BYTE[dwDataLength + 1];
SIZE_T dwRead;
for (DWORD64 i = 0; i < modinfo.SizeOfImage; i++)
{
DWORD64 dwCurAddr = dwAddress + i;
bool bSuccess;
bSuccess = ReadProcessMemory(hProcess, (LPCVOID)dwCurAddr, pData, dwDataLength, &dwRead);
if (!bSuccess || dwRead == 0)
{
continue;
}
if (DataCompare(pData, bMask, szMask))
{
dwReturn = dwAddress + i;
break;
}
}
delete[] pData;
return dwReturn;
}
DWORD_PTR Memory::GetModule(std::wstring modulename)
{
HMODULE *hModules = NULL;
wchar_t szBuf[50];
DWORD cModules = 0;
EnumProcessModules(hProcess, hModules, 0, &cModules);
hModules = new HMODULE[cModules / sizeof(HMODULE)];
if (EnumProcessModules(hProcess, hModules, cModules / sizeof(HMODULE), &cModules)) {
for (int i = 0; i < cModules / sizeof(HMODULE); i++) {
if (GetModuleBaseName(hProcess, hModules[i], szBuf, sizeof(szBuf))) {
if (modulename.compare(szBuf) == 0)
{
return (DWORD_PTR)hModules[i];
}
}
}
}
return 0;
}
Memory::Memory(HANDLE hProc)
{
hProcess = hProc;
}
//TODO: Clean up later.
Memory::~Memory()
{
}
Memory* mem;