Untitled
unknown
c_cpp
5 months ago
5.1 kB
3
Indexable
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <string.h>
#include <comdef.h>
#include <stdlib.h>
#include <array>
#include <chrono>
#include "ps.h"
#include <vector>
HANDLE GetProcessByName(LPCWSTR procName)
{
HANDLE hProcess = NULL;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32W process;
process.dwSize = sizeof(process);
if (Process32FirstW(snapshot, &process))
{
while (Process32NextW(snapshot, &process))
{
if (wcscmp(process.szExeFile, procName) == 0)
{
wprintf(L"%ls\n", process.szExeFile);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process.th32ProcessID);
CloseHandle(snapshot);
return hProcess;
}
}
}
printf("Process not found.\n");
return hProcess;
}
bool PatternCheck(std::vector<unsigned char> buffer, std::vector<unsigned char> pattern, size_t bufferlen, int& index)
{
size_t bufferSize = bufferlen - pattern.size();
size_t patternSize = pattern.size();
for (int i = 0;i < bufferSize;i++)
{
if (buffer[i] != pattern[0])
{
continue;
}
else
{
for (int j = 1;j < patternSize;j++)
{
if (pattern[j] == 0)
{
continue;
}
else if (buffer[i+j] != pattern[j])
{
break;
}
if (j == patternSize - 1)
{
index = i;
return true;
}
}
}
}
return false;
}
std::vector<unsigned char> StringToVector(std::string sPattern)
{
size_t len = sPattern.size();
len = ((len-2)/3)+1;
std::vector<unsigned char> buffer;
buffer.resize(len);
int index = 0;
for (int i = 0;i < len;i++)
{
const char * hexchar = sPattern.substr(index,2).c_str();
buffer[i] = strtol(hexchar, NULL, 16);
index += 3;
}
return buffer;
}
__declspec(dllexport) bool SearchPattern(LPCWSTR proc, LPCSTR sPattern, DWORD64& addr, double& timeTaken, DWORD64 startAddr = 0)
{
MEMORY_BASIC_INFORMATION mbi = {};
SYSTEM_INFO si = {};
GetSystemInfo(&si);
const int memcommit = 0x1000;
const int privatetype = 0x20000;
const int pnoaccess = 0x01;
size_t bytesRead;
HANDLE hProcess = GetProcessByName(proc);
std::vector<unsigned char> pattern = StringToVector(sPattern);
DWORD64 min;
LPCVOID sys_min;
if (startAddr == 0)
{
min = (DWORD64)si.lpMinimumApplicationAddress;
sys_min = (LPCVOID)si.lpMinimumApplicationAddress;
}
else
{
min = startAddr + 1;
sys_min = (LPCVOID)min;
}
DWORD64 max = (DWORD64)si.lpMaximumApplicationAddress;
LPCVOID sys_max = (LPCVOID)si.lpMaximumApplicationAddress;
std::chrono::steady_clock::time_point steady_start, steady_end;
steady_start = std::chrono::steady_clock::now();
while (min < max)
{
VirtualQueryEx(hProcess, sys_min, &mbi, sizeof(mbi));
if (mbi.State == memcommit && mbi.Protect != pnoaccess && mbi.Type == privatetype)
{
std::vector<unsigned char> buffer(mbi.RegionSize);
ReadProcessMemory(hProcess, sys_min, buffer.data(), mbi.RegionSize, &bytesRead);
int index = 0;
if (PatternCheck(buffer, pattern, mbi.RegionSize, index))
{
addr = (min + index);
steady_end = std::chrono::steady_clock::now();
double time = std::chrono::duration<double>(steady_end - steady_start).count();
timeTaken = time;
return true;
break;
}
}
min += (DWORD64)mbi.RegionSize;
sys_min = (LPCVOID)min;
}
steady_end = std::chrono::steady_clock::now();
double time = std::chrono::duration<double>(steady_end - steady_start).count();
timeTaken = time;
return false;
}Leave a Comment