(C++) Searcuing WC3's VM Help ;P.

03-31-2007, 12:19 AM

(VM = Virtual Memory for thoes who want to know ;P. And yes, I realize I spelt Searching horribly horribly wrong :P.)
I'm pritty far along with this, I have token permissions set up and it shoulden't be long before it's functional. But for some reason, the program I have currently refuses ReadProcessMemory/WriteProcessMemory (Error code; 299) Doesn't seem to be my tokens that're rejecting the request. Problem is, I don't know what else could be, this doesn't work for any non-memory protected programs, so I'm definantly doing something wrong.

(Last version compiled with Borland BCC55 free command-line compiler, no special flags.)

Hidden information:

Code:

#include <iostream>
#include <windows.h>
#include <conio.h>
#include <String.h>
using namespace std;

int* Search(int sid, HANDLE op, DWORD add) {
 MEMORY_BASIC_INFORMATION mbi;
 SYSTEM_INFO sys;
 LPVOID lpMem;
 string buffer;

 int Query_Return_Value;

 GetSystemInfo(&sys);
 lpMem = sys.lpMinimumApplicationAddress;

 while(lpMem < sys.lpMaximumApplicationAddress) {
  mbi.RegionSize = 0;
  Query_Return_Value = VirtualQueryEx(op, lpMem, &mbi, sizeof(mbi));

  if(Query_Return_Value == sizeof(mbi)) {
   ReadProcessMemory(op, &add, &buffer, mbi.RegionSize, NULL);

   if(mbi.Type == MEM_PRIVATE & mbi.State == MEM_COMMIT) {

    if(mbi.RegionSize > 0) {
    }

   }

   cout << GetLastError() << endl;

  } else {
   lpMem = (LPVOID)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize);
   cout << GetLastError() << endl;
  }

 }

 return &sid;
}

BOOL EnablePrivilege(LPCSTR PrivilegeName) {
 HANDLE Token;
 LUID luid;
 TOKEN_PRIVILEGES tp;
 BOOL bol;

 ZeroMemory(&tp, sizeof(tp));

 if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token)) {
  return false;
 }

 if(!LookupPrivilegeValue(NULL, PrivilegeName, &luid)) {
  CloseHandle(Token);
  return false;
 }

 tp.PrivilegeCount = 1;
 tp.Privileges[0].Luid = luid;
 tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

 bol = AdjustTokenPrivileges(Token, FALSE, &tp, sizeof(tp), NULL, NULL);
 CloseHandle(Token);
 return bol;
}

int main() {
 HANDLE tProc;
 HWND tWND;
 DWORD ProcessId;
 HANDLE TokenHandle;
 LUID debugid;
 TOKEN_PRIVILEGES tp;

 EnablePrivilege(SE_DEBUG_NAME);

 EnablePrivilege(SE_INC_BASE_PRIORITY_NAME);

 tWND = FindWindow(NULL, "Calculator"); //Something without any memory defense to test on.
 if(tWND){
 GetWindowThreadProcessId(tWND, &ProcessId);

 tProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
 if(!tProc) {
  cout << "\nError 01: -Failed to open pid" << &ProcessId << endl;
  getch();
  return 0;
 }

 Search(1, tProc, ProcessId);
 } else {
  cout << "Failed to find window. Quit this and start the application, then start this \n application.";
  getch();
  }
 return 0;
}

I'd like to note a good deal of this code's logic is based off Azumarill's vb version of the FPS mod.

I don't think this will correctly function even after the permissions are fixed, but I'm getting close! I can feel it! :p.

-Thanks for any help :).

03-31-2007, 03:28 AM	#2
Vexorian	I suggest you join #wc3dev IRC channel and get a chat with pipedream ...

03-31-2007, 08:31 AM	#3
Blackroot	Pipe totaly dejected the request ;P. Needless to say I'm not any further along then when I started -,-.

04-22-2007, 12:36 AM	#4
Mapz_Maker	My Advice is to get Microsoft's Visual Studio 2005 Express Editon (C++) it is free, and it is usually very helpful. And a lot of people on wc3c use it over borland. I would be very interested to know how (if you ever do figure it out)you would search a program's memory for info, then change the info. That would be cool.

04-22-2007, 01:13 PM

Zoxc

Quote:

Originally Posted by Mapz_Maker

My Advice is to get Microsoft's Visual Studio 2005 Express Editon (C++) it is free, and it is usually very helpful. And a lot of people on wc3c use it over borland. I would be very interested to know how (if you ever do figure it out)you would search a program's memory for info, then change the info. That would be cool.

By alot of people you mean .. xttocs.

(BTW CodeGear is maintaining the IDE's now =P)

04-22-2007, 02:29 PM	#6
PitzerMike	You only need to check the Grimoire sourcecode. All you need is there.