-
Notifications
You must be signed in to change notification settings - Fork 0
/
ProcMem.h
103 lines (83 loc) · 3.37 KB
/
ProcMem.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
#ifndef PROCMEM_H //If Not Defined
#define PROCMEM_H //Define Now
#define WIN32_LEAN_AND_MEAN //Excludes Headers We Wont Use (Increase Compile Time)
#include <windows.h> //Standard Windows Functions/Data Types
#include <iostream> //Constains Input/Output Functions (cin/cout etc..)
#include <TlHelp32.h> //Contains Read/Write Functions
#include <string> //Support For Strings
#include <sstream> //Supports Data Conversion
class ProcMem {
protected:
//STORAGE
HANDLE hProcess;
DWORD dwPID, dwProtection, dwCaveAddress;
//MISC
BOOL bPOn, bIOn, bProt;
public:
//MISC FUNCTIONS
ProcMem();
~ProcMem();
int chSizeOfArray(char *chArray); //Return Size Of External Char Array
int iSizeOfArray(int *iArray); //Return Size Of External Int Array
bool iFind(int *iAry, int iVal); //Return Boolean Value To Find A Value Inside An Int Array
#pragma region TEMPLATE MEMORY FUNCTIONS
//REMOVE READ/WRITE PROTECTION
template <class cData>
void Protection(DWORD dwAddress)
{
if (!bProt)
VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), PAGE_EXECUTE_READWRITE, &dwProtection); //Remove Read/Write Protection By Giving It New Permissions
else
VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), dwProtection, &dwProtection); //Restore The Old Permissions After You Have Red The dwAddress
bProt = !bProt;
}
//READ MEMORY
template <class cData>
cData Read(DWORD dwAddress)
{
cData cRead; //Generic Variable To Store Data
ReadProcessMemory(hProcess, (LPVOID)dwAddress, &cRead, sizeof(cData), NULL); //Win API - Reads Data At Specified Location
return cRead; //Returns Value At Specified dwAddress
}
//READ MEMORY - Pointer
template <class cData>
cData Read(DWORD dwAddress, char *Offset, BOOL Type)
{
//Variables
int iSize = iSizeOfArray(Offset) - 1; //Size Of *Array Of Offsets
dwAddress = Read<DWORD>(dwAddress); //HEX VAL
//Loop Through Each Offset & Store Hex Value (Address)
for (int i = 0; i < iSize; i++)
dwAddress = Read<DWORD>(dwAddress + Offset[i]);
if (!Type)
return dwAddress + Offset[iSize]; //FALSE - Return Address
else
return Read<cData>(dwAddress + Offset[iSize]); //TRUE - Return Value
}
//WRITE MEMORY
template <class cData>
void Write(DWORD dwAddress, cData Value)
{
WriteProcessMemory(hProcess, (LPVOID)dwAddress, &Value, sizeof(cData), NULL);
}
//WRITE MEMORY - Pointer
template <class cData>
void Write(DWORD dwAddress, char *Offset, cData Value)
{
Write<cData>(Read<cData>(dwAddress, Offset, false), Value);
}
//MEMORY FUNCTION PROTOTYPES
virtual void Process(char* ProcessName); //Return Handle To The Process
virtual void Patch(DWORD dwAddress, char *chPatch_Bts, char *chDefault_Bts); //Write Bytes To Specified Address
virtual void Inject(DWORD dwAddress, char *chInj_Bts, char *chDef_Bts, BOOL Type); //Jump To A Codecave And Write Memory
virtual DWORD AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *chPattern); //Find A Byte Pattern
virtual DWORD Module(LPSTR ModuleName); //Return Module Base Address
DWORD FindPattern(DWORD start, DWORD size, LPCSTR sig, LPCSTR mask);
DWORD FindPatternArray(DWORD start, DWORD size, LPCSTR mask, int count, ...);
bool DataCompare(const BYTE* pData, const BYTE* pMask, LPCSTR pszMask);
#pragma endregion
};
#endif
#pragma once
#pragma once
#pragma once