View previous topic :: View next topic |
Author |
Message |
eclessiastes How do I cheat? Reputation: 0
Joined: 03 Sep 2016 Posts: 4
|
Posted: Sat Oct 29, 2016 3:23 am Post subject: Problem ReadProcessMemory in Chunks |
|
|
Hi experts,
I'm struggling to make my program read a process memory in chunks. Below is code i'm trying to make work.
Code: |
RequestPrivileges();
SYSTEM_INFO sysInfo;
GetNativeSystemInfo(&sysInfo);
..CreateToolhelp32Snapshot...Process32First...OpenProcess...
LPVOID minAddress, maxAddress;
minAddress = sysInfo.lpMinimumApplicationAddress;
maxAddress = sysInfo.lpMaximumApplicationAddress;
while (minAddress < maxAddress)
{
MEMORY_BASIC_INFORMATION mbi = { 0 };
VirtualQueryEx(handleProc, minAddress, &mbi, sizeof(mbi);
if (mbi.Protect == PAGE_READWRITE && mbi.State == MEM_COMMIT)
{
printf("Block size %d\n", mbi.RegionSize);
wchar_t * dumpUnicode = new wchar_t[mbi.RegionSize + 100];
memset(dumpUnicode, 0x00, mbi.RegionSize + 100);
if (!ReadProcessMemory(handleProc, mbi.BaseAddress, dumpUnicode, mbi.RegionSize, &UBytesRead))
...
}
minAddress = (LPBYTE)mbi.BaseAddress + mbi.RegionSize;
}
|
Now the problem here is that my game has blocks of very large size, like 2 gb. I want to compare block size if its larger than 10000 bytes then i should read it in chunks. Thanks in advance for any help!!!
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Oct 29, 2016 3:45 am Post subject: |
|
|
read 10000+comparesize so you have some overlap
e.g with compare size of 10 bytes:
0-10010
10000-10010
20000-20020
etc..
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
eclessiastes How do I cheat? Reputation: 0
Joined: 03 Sep 2016 Posts: 4
|
Posted: Sat Oct 29, 2016 1:23 pm Post subject: |
|
|
That is exactly what i want to do, problem is i have no vague idea how to do.
if (mbi.RegionSize>10000) { ???
how do i split in chunks the large block size ? I was trying to read it in a char then read the char in chunks but its crashing. I should use readprocessmemory multiple times for every 10000 bytes but haven't found a small example on web
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Sat Oct 29, 2016 1:45 pm Post subject: |
|
|
Some things to check:
- Make sure that your handle returned from OpenProcess is valid.
- Make sure that your handle has proper permissions.
- Ensure that the page you are reading to read has valid permissions. You are not checking for things like PAGE_GUARD and PAGE_NOACCESS which can lead to a crash.
In terms of your code you are missing a ) on the VirtualQueryEx line.
While dumping memory in raw, you should be using 'unsigned char' and not wchar_t as memory is not stored as unicode in general. It can hold unicode characters and information, but the raw dump should just be single bytes.
If you dump just the full region you should be fine without needing to overlap things. Or if you do need to overlap, what you can do is store the dumped/read data into a container of some sort and check if the next page of memory is directly after the previous one and combine them.
_________________
- Retired. |
|
Back to top |
|
|
H4x0rBattie Advanced Cheater Reputation: 0
Joined: 10 Nov 2016 Posts: 58
|
Posted: Wed Nov 23, 2016 3:22 am Post subject: |
|
|
There is an article at codeproject for C# if my memory serves me right. Search for memory scanner.
_________________
|
|
Back to top |
|
|
|