scan for ints in a process

Abd4b56ff96074042dda5243e99a5d14
0
Anddos 103 Jun 16, 2012 at 16:14

basically what i want todo is scan this process for all the ints with the value 5, i am close to getting it working but i think something is missing , can anyone take alook at my code , thanks

the code formatting messed up scroll down to see the code on pastebin.

5 Replies

Please log in or register to post a reply.

A8433b04cb41dd57113740b779f61acb
0
Reedbeta 167 Jun 16, 2012 at 16:46

Please use the [ code ]…[ /code ] tags and post your code with proper formatting so we can read it. :)

6eaf0e08fe36b2c23ca096562dd7a8b7
0
__________Smile_ 101 Jun 16, 2012 at 18:29

That is certainly incorrect:

if (memcmp(offset, findme, 7) == 0)

Instead of 7 must be sizeof(int) or sizeof(five) or sizeof(findme).

Abd4b56ff96074042dda5243e99a5d14
0
Anddos 103 Jun 17, 2012 at 04:19

code has been changed , i really dont know whats happened to the first post formating..

i am going to have to use pastebin

http://pastebin.com/Airxe5bW

what i want todo , when its found the int with the value 5 i want to output the ints address’s and the found address so i know its really found it, thanks

if i make a test app like this, it dosent find this :/ so something is wrong somewhere…

#include “stdafx.h”
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int five = 5;
while(1)
{
cout << &five << endl;
}
return 0;
}

6eaf0e08fe36b2c23ca096562dd7a8b7
0
__________Smile_ 101 Jun 17, 2012 at 14:33

You have uninitialized dwStart variable.

Also line

if(&five > mbi.BaseAddress && &five <= ((int*)mbi.BaseAddress)+mbi.RegionSize)

is confusing. Do you want to find variable five in the same process, not another? If so, then the line is wrong, must be

if(&five >= mbi.BaseAddress && &five <= (char*)mbi.BaseAddress+mbi.RegionSize-sizeof(five))
Abd4b56ff96074042dda5243e99a5d14
0
Anddos 103 Jun 17, 2012 at 17:34

that code is actually to test if its close to finding it, yes this is the process i am scanning

#include “stdafx.h”
#include <iostream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int five = 5;
while(1)
{
cout << &five << endl;
}
return 0;
}