Untitled

mail@pastecode.io avatar
unknown
c_cpp
a year ago
4.9 kB
0
Indexable
Never
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <assert.h>
#include <dbghelp.h>

/*
					HMODULE moduleHandles[1024];
					DWORD cbNeeded;
					if (EnumProcessModules(processHandle, moduleHandles, sizeof(moduleHandles), &cbNeeded)) {
						for (DWORD i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
							TCHAR moduleName[MAX_PATH];
							if (GetModuleFileNameEx(processHandle, moduleHandles[i], moduleName, sizeof(moduleName) / sizeof(TCHAR))) {
								printf("%s address: %p difference address: %td\n", moduleName, (uintptr_t)moduleHandles[i], (ptrdiff_t)event.u.Exception.ExceptionRecord.ExceptionAddress - (ptrdiff_t)moduleHandles[i]);
							}
						}
					} else {
						printf("Failed to enumerate process modules.\n");
					}
*/


// Exception handler function
void checkBits(DWORD pid) {
    /* check the bits of the process */
	HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
    if (hProcess == NULL) {
        printf("Error: OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid) failed with error code %d\n", GetLastError());
        return;
    }

	BOOL isWow64 = FALSE;
    if (!IsWow64Process(hProcess, &isWow64)) {
        printf("Error: !IsWow64Process(hProcess, &isWow64) failed with error code %d\n", GetLastError());
        CloseHandle(hProcess);
        return;
    }

    if (isWow64) {
        printf("Process %d is running as a 32-bit process on a 64-bit system.\n", pid);
    } else {
        printf("Process %d is running as a 64-bit process.\n", pid);
    }

    CloseHandle(hProcess);
}

// Main function
int main(int argc, char *argv[]) {
    // Check if target process ID was provided as argument
    if (argc < 2) {
        printf("Usage: %s <Process ID>\n", argv[0]);
        return 1;
    }

    // Convert target process ID from string to integer
    DWORD processId = atoi(argv[1]);

	checkBits(processId);

    // Attach to target process
    if (!DebugActiveProcess(processId)) {
        printf("Error attaching to process (error code %d)\n", GetLastError());
        return 1;
    }
	
	DebugSetProcessKillOnExit(FALSE);

	
    // Loop indefinitel
    DEBUG_EVENT event;
	while (WaitForDebugEvent(&event, INFINITE)) {
		switch (event.dwDebugEventCode) {
            case EXCEPTION_DEBUG_EVENT:
                printf("Exception occurred with code 0x%08X at address 0x%p ", event.u.Exception.ExceptionRecord.ExceptionCode, event.u.Exception.ExceptionRecord.ExceptionAddress);
				HMODULE moduleToTheAddress;
				if (!GetModuleHandleEx(0x00000004, (LPCSTR)event.u.Exception.ExceptionRecord.ExceptionAddress, &moduleToTheAddress)) {
										
					printf("Error GetModuleHandleEx(0x00000004, ptr, &moduleToTheAddress) (error code %d)\n", GetLastError());
					
					/* Enumerating Modules Loaded */
					
				}else{
					char moduleName[MAX_PATH];
					GetModuleFileName(moduleToTheAddress, moduleName, MAX_PATH);
					printf(" Module Name: %s", moduleName);
					
					
					/* Enumerating Modules Loaded */
					HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
					if (processHandle == NULL) {
						printf("Failed to open process handle.\n");
						return 0;
					}
					
			
					HMODULE moduleHandles[1024];
					DWORD cbNeeded;
					if (EnumProcessModules(processHandle, moduleHandles, sizeof(moduleHandles), &cbNeeded)) {
						for (DWORD i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
							MODULEINFO moduleInf;
							if(!GetModuleInformation(processHandle, moduleHandles[i], &moduleInf, sizeof(moduleInf))){
								printf("Cannot get module information %d", GetLastError());
							}
							size_t buffSize = 1024;
							LPVOID buffer = malloc(buffSize);
							LPVOID moduleBase = moduleInf.lpBaseOfDll;
							size_t bytesRead;
							if(!ReadProcessMemory(processHandle, moduleBase, buffer, buffSize, &bytesRead)){
								printf("Cannot readProcessMemory %d", GetLastError());
							}
							/*TCHAR moduleName[MAX_PATH];
							if (GetModuleFileNameEx(processHandle, moduleHandles[i], moduleName, sizeof(moduleName) / sizeof(TCHAR))) {
								printf("%s address: %p difference address: %td\n", moduleName, (uintptr_t)moduleHandles[i], (ptrdiff_t)event.u.Exception.ExceptionRecord.ExceptionAddress - (ptrdiff_t)moduleHandles[i]);
							}*/
						}
					} else {
						printf("Failed to enumerate process modules.\n");
					}
					
				}
				printf("\n");
				ContinueDebugEvent(event.dwProcessId, event.dwThreadId, DBG_CONTINUE);
                break;
            default:
                ContinueDebugEvent(event.dwProcessId, event.dwThreadId, DBG_CONTINUE);
                break;
        }
    }
	

    // Detach from target process
    DebugActiveProcessStop(processId);

    return 0;
}