[ create a new paste ] login | about

Link: http://codepad.org/cdLpKbdw    [ raw code | output | fork ]

C++, pasted on Jun 14:
質問です、下記はソースの1部分なんですが、あるプロセスのメモリを検索しています。000000007FFFFFFFまでを検索しているのですが7FFFFFFF9FFFFFFFまでに増やしたいです、単純に終了アドレスを9FFFFFFFにしても検索してくれないですが何故でしょうか?
UINT search_1(HANDLE hProcess, unsigned char bytecode[], int n, UINT and1, int intAnd1, UINT and2, int intAnd2) {
	TNtReadVirtualMemory pfnNtReadVirtualMemory = NULL;
	pfnNtReadVirtualMemory = (TNtReadVirtualMemory)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtReadVirtualMemory");

	TNtWriteVirtualMemory pfnNtWriteVirtualMemory = NULL;
	pfnNtWriteVirtualMemory = (TNtWriteVirtualMemory)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtWriteVirtualMemory");
	MEMORY_BASIC_INFORMATION mBI;
	// サーチ開始アドレス
	UINT start = 0x00000000;
	// サーチ終了アドレス
	UINT end = 0x7FFFFFFF;
	int a = 0;
	int b = 0;
	__int64 b_0 = 0;
	__int64 b_1 = 0;
	__int64 b_2 = 0;
	__int64 b_3 = 0;
	__int64 b_4 = 0;
	__int64 b_5 = 0;
	int r_11 = 11;
	int r_8 = 8;
	int addr1 = 0;
	int addr2 = 0;
	int addr2_0 = 0;
	int addr2_1 = 0;
	int addr2_2 = 0;
	int addr2_3 = 0;
	int addr2_4 = 0;
	int addr2_5 = 0;

	int intActionCnt = 0;

	while (start < end) {
		SIZE_T size = VirtualQueryEx(hProcess, (void*)start, &mBI, sizeof(MEMORY_BASIC_INFORMATION));

		if (size == 0) {
			std::cout << "error" << std::endl;
			break;
		}

		if ((mBI.State == MEM_COMMIT) && (mBI.Type == MEM_PRIVATE) && (mBI.Protect == PAGE_READWRITE) && (mBI.Type != MEM_IMAGE)) {
			UINT start2, end2;
			start2 = start;
			end2 = start2 + mBI.RegionSize;
			int p;
			CHAR *MemoryBuff = new CHAR[4096];
			while (start2 <= end2)
			{
				pfnNtReadVirtualMemory(hProcess, (LPVOID)start2, (LPVOID)MemoryBuff, 4096, NULL);
				for (p = 0; p < 4096; p++)  //バッファのサイズ=ループ回数
				{
					start2++;
					MemoryBuff++;
					if (memcmp(MemoryBuff, bytecode, n) == 0) {
						//cout << "address=" << hex << start2 << "\n";

						//addr2_0 = start2 + 0x5c;
						addr2_1 = start2 + 0x68;
						addr2_2 = start2 + 0x18;
						addr2_3 = start2 + 0x10;
						addr2_4 = start2 + 0x14;
						//addr2_5 = start2 - 0x8;
						//pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_0, &b_0, 4, NULL);
						pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_1, &b_1, 4, NULL);
						pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_2, &b_2, 4, NULL);
						pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_3, &b_3, 4, NULL);
						pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_4, &b_4, 4, NULL);
						//pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_5, &b_5, 4, NULL);

						if (b_1 == 2 && b_2 == 383558760 && b_3 == 0 && b_4 == 0) {
							cout << "address1=" << hex << start2 << "\n";
							pfnNtWriteVirtualMemory(hProcess, (LPVOID)addr2_1, &r_8, 4, NULL);
							//return start2;
						}
					}
				}
				MemoryBuff = MemoryBuff - 4096; //ポインタを戻しておきます。

			}

		}
		start += mBI.RegionSize;
	}
	return 0;
}


Output:
1
2
Line 1: error: stray '\350' in program
compilation terminated due to -Wfatal-errors.


Create a new paste based on this one


Comments: