I know this code is sloppy, but I'm wondering why when I'm using the ReadProcessMemory() function I can't see the string stored in the relevant address.
//If the game window is open then this function grabs the process ID.
if(FinderCheck)
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
//All so access you can read and write to process memory.
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,procID);
if(procID = NULL)
{
cout << "Error: Failed to Obtain Process ID" << endl;
}
else
{
while(true)
{
//To read the process memory this line writes the memory data to buffer
//Remember to change the address every time you boot the process or it will not work.
ReadProcessMemory(handle, (PBYTE*)0xDC8F1AA904,&Cursor,sizeof(Cursor),0);
cout << Cursor << endl;
cout << "Test" << endl;
Sleep(500);
}
}
if(procID = NULL)
Sadly, this if statement will always evaluate to false, you are missing the second "=". This also means that from this point procID is NULL.
What about the rest of the code? Can you show us how the definition of the Cursor looks like and how do you implemented operator<<?
Related
I'm new in c++ programming and I'm coding a tool to enumerate information of all process running on windows OS.
After researching, googling, I have found a useful library Ntdll.lib and header winternl.h that helping me gathering information about process by using NtQuerySystemInformation() function. Everything work fine, I have call that function and retrieved the array of structure SYSTEM_PROCESS_INFORMATION that contains information about the process entry, here is my piece of code:
DWORD dwRet;
DWORD dwSize = 0;
NTSTATUS Status = STATUS_INFO_LENGTH_MISMATCH;
while (true)
{
// Check if pointer p is not NULL then free it
if (p != NULL) { VirtualFree(p, 0, MEM_RELEASE); }
p = (PSYSTEM_PROCESS_INFORMATION)VirtualAlloc(NULL, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
// Query system to get the process list information
Status = NtQuerySystemInformation(SystemProcessInformation, (PVOID)p, (ULONG)dwSize, &dwRet);
if (Status == STATUS_SUCCESS)
{
cout << "Query process information successfully!!" << endl;
break;
}
else if (Status != STATUS_INFO_LENGTH_MISMATCH)
{
VirtualFree(p, 0, MEM_RELEASE);
p = NULL;
cout << "NtQuerySystemInformation failed with error code: " << Status << endl;
return FALSE;
}
// Add more 16kb to buffer in case there is more process opened during this loop
dwSize = dwRet + (2 << 14);
}
The problem appears when I was looking for thread details of processes, in particular, I don't know how to get the array of structure SYSTEM_THREAD_INFORMATION with NtQuerySystemInformation() function.
I have read the docs here: https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntquerysysteminformation and it says that each SYSTEM_PROCESS_INFORMATION structure returned by NtQuerySystemInformation() has 1 or more SYSTEM_THREAD_INFORMATION structure followed in memory but I don't know how to interact with them. Anyone has an idea for my problem? I'm just a newbie in c++ programming and I'm studying in user mode code so sorry if my question is silly or not worth asking.
Starting from your PSYSTEM_PROCESS_INFORMATION p:
while (p) {
PSYSTEM_THREAD_INFORMATION pt = (PSYSTEM_THREAD_INFORMATION)(p + 1);
for (int t = 0; t < p->NumberOfThreads; t++) {
std::cout << "Start address of thread " << t << " is " << std::hex << pt->StartAddress << std::dec << std::endl;
pt++; // Adds sizeof(SYSTEM_THREAD_INFORMATION) to the address in pt
}
if (p->NextEntryOffset) {
p = PSYSTEM_PROCESS_INFORMATION((void *)p + NextEntryOffset);
} else {
p = nullptr;
}
}
Thanks to Botje and RbMm and all of you for helping me solving this problem.
I just add the part that Botje show me and correct the line
PSYSTEM_THREAD_INFORMATION pt = (PSYSTEM_THREAD_INFORMATION)(p + 1);
then the problem is solved and my code works smoothly.
Thanks again, this post is closed
I tried the code below. It requests ejection when the device name contains "San", because I have plugged in a SanDisk USB drive. However it fails, and the reason seems to be PNP_VetoIllegalDeviceRequest. I looked up the reason, and this page says it is
The device does not support the specified operation.
But I can manually eject the SanDisk using Windows' menu, so the reason seems absurd. Did I call the function correctly? Do I need to call something else before calling CM_Request_Device_Eject?
The output was
....
SanDisk Ultra USB Device
Removing Sandisk
rejected.
type:8
name:USBSTOR\Disk&Ven_SanDisk&Prod_Ultra&Rev_1.00\....
The code was (the value of Devinst was 3)
if (wcsstr(buffer, L"San") != 0)
{
wcout << "Removing Sandisk" << endl;
PNP_VETO_TYPE vType;
WCHAR vName[MAX_PATH];
result = CM_Request_Device_Eject(Devinst, &vType, vName, MAX_PATH, NULL);
if (result == CR_SUCCESS)
{
cout << "ejected" << endl;
}
else
{
wcout << "rejected." << endl;
wcout << "type:"<< vType << endl;
wcout << "name:" << vName << endl;
}
}
After searching the web, I have found this page: https://www.winvistatips.com/threads/removal-of-usb-disk.179677/
The questioner had the exact same error, and there was a reply that said that he needs to call that function to the parent node, not the USB disk node. So, I modified the code like below, and it worked.
DEVINST parent;
CM_Get_Parent(&parent, Devinst, NULL);
PNP_VETO_TYPE vType;
WCHAR vName[MAX_PATH];
result = CM_Request_Device_Eject(parent, &vType, vName, MAX_PATH, NULL);
I have a problem with opening clipboard multiple times. It opens up fine on the first call, however, my program needs to access the clipboard several times, but shuts down on the second call of OpenClipboard(NULL) with the CLIPBRD_E_CANT_OPEN error).
This is a function that opens the clipboard
void Translator::process_copied()
{
//cout << "processing" << endl;
if (OpenClipboard(NULL))
{
HANDLE clip;
clip = GetClipboardData(CF_UNICODETEXT);
Relayout((WCHAR*)clip);
HANDLE res = GlobalAlloc(GMEM_FIXED, sizeof(WCHAR)*wcslen((WCHAR*)clip)+1);
res = clip;
EmptyClipboard();
SetClipboardData(CF_UNICODETEXT, res);
CloseClipboard();
}
else
{
std::cout << GetLastError();
//throw clipboard_did_not_open;
//cout << "error in opening clipboard" << endl;
}
}
I suspect that the problem appears in the SetClipboardData() function, because if I remove it, clipboard doesn't have any problem opening multiple times. The same goes to res = clip; line.
I am new to WinAPI and C++ in general, so I apologize if my question is silly.
When storing a memory block on the clipboard, the HANDLE given to SetClipboardData() must be allocated with the GMEM_MOVEABLE flag, per the SetClipboardData() documentation:
If the hMem parameter identifies a memory object, the object must have been allocated using the [GlobalAlloc] function with the GMEM_MOVEABLE flag.
As such, you must call GlobalLock() on the HANDLE returned by GetClipboardData() in order to access the data, per the GlobalAlloc() documentation:
GMEM_MOVEABLE
0x0002
Allocates movable memory. Memory blocks are never moved in physical memory, but they can be moved within the default heap.
The return value is a handle to the memory object. To translate the handle into a pointer, use the GlobalLock function.
Don't just type-cast the HANDLE as-is, like you can for a memory object allocated with the GMEM_FIXED flag.
You are also not putting any character data in the res memory that you allocate with GlobalAlloc(). Which is moot, since you are not putting your allocated memory on the clipboard at all, you are actually putting the original HANDLE from GetClipboardData() back onto the Clipboard, and then leaking your res memory.
Try something more like this instead:
void Translator::process_copied()
{
//cout << "processing" << endl;
HWND hwnd = ...; // a window that YOU own
if (OpenClipboard(hwnd))
{
HANDLE clip = GetClipboardData(CF_UNICODETEXT);
if (clip)
{
WCHAR *text = (WCHAR*) GlobalLock(clip);
Relayout(text);
HANDLE res = GlobalAlloc(GMEM_MOVABLE, (wcslen(text)+1) * sizeof(WCHAR));
if (res)
{
WCHAR *newText = (WCHAR*) GlobalLock(res);
// put characters in newText as needed...
wcscpy(newText, text);
GlobalUnlock(res);
GlobalUnlock(clip);
EmptyClipboard();
if (!SetClipboardData(CF_UNICODETEXT, res))
{
std::cout << GetLastError();
GlobalFree(res);
//throw clipboard_did_not_set;
//cout << "error in setting clipboard data" << endl;
}
}
else
{
std::cout << GetLastError();
//throw global_memory_not_allocated;
//cout << "error in allocating memory" << endl;
GlobalUnlock(clip);
}
}
else
{
std::cout << GetLastError();
//throw clipboard_data_not_get;
//cout << "error in getting clipboard data" << endl;
}
CloseClipboard();
}
else
{
std::cout << GetLastError();
//throw clipboard_did_not_open;
//cout << "error in opening clipboard" << endl;
}
}
I googled a bit but can't seem to make this work.
privileges();
int pid = getPid("test.exe");
cout << "Process ID :" << pid << endl;
const char* prename;
HANDLE pHandle = OpenProcess(PROCESS_VM_READ , FALSE, pid);
if (pHandle)
{
cout << "Handle Open Success" << endl;
//SIZE_T bytesRead;
if (ReadProcessMemory(pHandle, (void*)0x013831BC, &prename, strlen(prename), NULL))
{
cout << "Read Success" << endl;
cout << prename << endl;
}
else
cout << GetLastError() << endl;
}
return 0;
It prints "Read Success" but does not print the variable just blank. The address(address of a string in another process) I got is from ollydbg and verified it using a function as well.
I also wanted to replace the string using writeprocessmemory but before i get to that i needed to make sure reading is correct.
Any idea?
Your problem lies here:
const char* prename;
ReadProcessMemory(pHandle, (void*)0x013831BC, &prename, strlen(prename), NULL)
Your char pointer is not initialized and neither is the random memory it points to. When you call strlen on it, it's trying to get the length of a random memory location.
Secondly you're using the address of the pointer &prename, that's the address of the pointer not the char array it should point to.
To fix do it like this:
char prename[100];
ReadProcessMemory(pHandle, (void*)0x013831BC, &prename, sizeof(prename), NULL)
sizeof() will return 100, so you will be reading 100 bytes of memory
In efforts to learn more C++, I have chosen - you know - something fun to do and that is writing to random application's memory. The code I have written seems to work on all applications but I am having difficulties getting it to work with Google Chrome tabs.
What I am trying to do is simply change my score on Slope (on y8.com) for which I have the memory address with the help of cheat engine. The problem seems to be retrieving the Process ID of the tab. Using Chrome's Task Manager, I translated the tab's address to hex, opened the process in cheat engine and found the score address.
Here the problem comes. Whenever I use GetWindowThreadProcessId(window, &processID); cout << processID, it doesn't print the ID which can be seen in chrome's task manager for the game's tab. In fact, it prints the ID of chrome as a whole (which I know because in chrome's task manager, "chrome" has that ID). And the score cannot be written to or read from chrome's processID. If I ignore this problem, buffer seems to always print as 0.. no changes.
I am very new to this, and expect myself not to know what I am talking about. If you test the game yourself, you'll have to find the address that your chrome is using at the time. But here's the code (I have commented out the WriteProcessMemory and put Read just so I get it working before I write anything):
#include <iostream>
#include <string>
#include <Windows.h>
using namespace std;
int main() {
int buffer = 0;
LPVOID address = (LPVOID)0x15E7E1B0FB8/*(0x000000000192DFA0 + 0x0000291D8FE04000 + 0x18)*/;
cout << "Begin playing the game and wait for the 0 score to appear" << endl;
HWND window = FindWindow(NULL, "Slope Game - Play online at Y8.com");
if (window) {
cout << "Game found running! You ready to hax?" << endl;
DWORD processID = 11180;
GetWindowThreadProcessId(window, &processID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, processID);
if (handle) {
/*string hackedScoreInput = "0";
cout << "Desired Score: " << flush; getline(cin, hackedScoreInput);
int hackedScore = stoi(hackedScoreInput);
int suc = WriteProcessMemory(handle, address, &hackedScore, sizeof(hackedScore), NULL);
if (suc > 0) {
cout << "HAXED!" << endl;
CloseHandle(handle);
}
else {
cerr << GetLastError() << endl;
cerr << hackedScore << " of size: " << sizeof(hackedScore) << endl;
return 3;
}*/
while (true) {
ReadProcessMemory(handle, address, &buffer, sizeof(buffer), NULL);
cout << buffer << " at adress: " << processID << endl;
Sleep(100);
system("CLS");
}
}
else {
cerr << "Could not open the process" << endl;
return 2;
}
}
else {
cerr << "Error! Could not find window!" << endl;
Sleep(3000);
return 1;
}
return 0;
}
What's wrong with the code?
Modern browsers use multiple processes and there is no rule that says that a browser tab HWND has to be owned by the process where the web page "runs".
Some browser implementations might have one main process that hosts the UI including all tabs but the actual web page content might be rendered to a shared bitmap/memory in a different process where it is safe to run scripts etc.
Chrome is open source so you could take a look and see if there is a way to find out which render process renders a certain tab by looking at the child processes command line arguments.