- Yasaklandı
- #1
Banlı Üye
PHP:
bool Functions::OpenMyProcess(DWORD pID){
pHandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION, FALSE, pID); //PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION
if (pHandle == INVALID_HANDLE_VALUE) {
MessageBox(NULL, "Can't Open Process.\n Run As Admin.", "FV2", MB_OK | MB_ICONERROR);
return false;
}
if (runThread){
threadScan = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ScanMemmory, NULL, 0, &threadId);
}
return true;
}
void ScanMemmory(){
SYSTEM_INFO sysInfo = { 0 };
GetSystemInfo(&sysInfo);
auto aStart = (long)sysInfo.lpMinimumApplicationAddress;
auto aEnd = (long)sysInfo.lpMaximumApplicationAddress;
int found = 0;
do{
while (aStart < aEnd){
MEMORY_BASIC_INFORMATION mbi = { 0 };
if (!VirtualQueryEx(Funcs.pHandle, (LPCVOID)aStart, &mbi, sizeof(mbi))){
CloseHandle(Funcs.pHandle);
TerminateThread(Funcs.threadScan, 1);
}
if (mbi.State == MEM_COMMIT && ((mbi.Protect & PAGE_GUARD) == 0) && ((mbi.Protect == PAGE_NOACCESS) == 0)){
auto isWritable = ((mbi.Protect & PAGE_READWRITE) != 0 || (mbi.Protect & PAGE_WRITECOPY) != 0 || (mbi.Protect & PAGE_EXECUTE_READWRITE) != 0 || (mbi.Protect & PAGE_EXECUTE_WRITECOPY) != 0);
if (isWritable){
auto dump = new unsigned char[mbi.RegionSize + 1];
memset(dump, 0x00, mbi.RegionSize + 1);
ReadProcessMemory(Funcs.pHandle, mbi.BaseAddress, dump, mbi.RegionSize, NULL);
for (auto x = 0; x < mbi.RegionSize - 4; x += 4){
/* FREE */
if (free){
if (*(DWORD*)(dump + x) == 45000){
found++;
BYTE data[] = { 0x0, 0x0, 0x0, 0x0 }; //0
DWORD wAddr = (DWORD)mbi.BaseAddress + x;
WriteProcessMemory(Funcs.pHandle, (BYTE*)wAddr, &data, sizeof(data), NULL);
}
}
}
delete[] dump;
}
}
aStart += mbi.RegionSize;
}
Funcs.runThread = false;
} while (Funcs.runThread);
if (!Funcs.runThread){
CloseHandle(Funcs.pHandle);
TerminateThread(Funcs.threadScan, 0);
}
}
