[C++] Basic memory-scanning in DLL

Dwar · 2010-11-29, 04:14 PM

Basic memory-scanning in DLL

Header with functions for searching thru the current applications memory for a certain value.
The add_log function is just a function which prints to a log-file using a stream.

 /*

	Memory-scanner/searcher



	Syntax

		dwScanMemory(      

			DWORD dwScanStart,

			DWORD dwScanEnd,

			int fValueToScanFor,

			int iValueType

		);



	Parameters

		dwScanStart

			offset to start scanning from, eg. 0x00400000

		dwScanEnd

			offset to end scanning on, eg. 0x00500000

		fValueToScanFor

			the value to scan for

		iValueType

			Data-type of the value

			0: char (1 byte)

			1: short (2 bytes)

			2: int (4 bytes)

			3: float (4 bytes & decimals)

			4: double (8 bytes & decimals)



	Return

		If it finds value it returns the offset, if not found returns 0.



	<novcain@gmail.com>

*/

DWORD dwScanMemory( DWORD dwScanStart, DWORD dwScanEnd, float fValueToScanFor, int iValueType )

{

	DWORD dwScanOffset = dwScanStart;	//holds current offset

	char* cScanValue;	//temporary variable.. holds value of current offset

	bool bScan = true;	//if true, end scanning

	if( iValueType == 1 ){ short vScanFor = fValueToScanFor; }

	else if( iValueType == 2 ){ int vScanFor = fValueToScanFor; }

	else if( iValueType == 3 ){ float vScanFor = fValueToScanFor; }

	else if( iValueType == 4 ){ double vScanFor = fValueToScanFor; }

	else{ char vScanFor = fValueToScanFor; }

	add_log("Starting to scan memory for %i",vScanFor);

	while(bScan == true){	//while we're scanning, no result found

		dwScanOffset += 0x00000001;	//move to next offset

		cScanValue = (char*)dwScanOffset;	//set cScanValue to the current value

		if(*cScanValue == vScanFor){	//if the current value is same as the one we're scanning for

			add_log("Value found (%i) * %d",vScanFor,dwScanOffset); }	//add it to the log

		if(dwScanOffset == dwScanEnd){	//if we reached the end of the scan-range

			add_log("Reached end of scan-range"); bScan = false; }	//end scanning

	}

	return dwScanOffset;	//return the offset that was found

}

Author: Mr. Novocain

TEDSON · 2010-12-02, 12:12 AM

Hi, I just found you forum while searching for memory scan code, Im sorry but Im a massive noob.

Can I compile this code as dll and call the function from withing the process I want to read the memory from?

I'm working with an online flash game, which I load into a gui via an IE object.

Cheat engine finds the value Im looking for really quicly and there are always only 4 addresses at which it finds it, 3 of which are good for my needs.

The value is a double.

As I say Im really noob and dont know anything about dll injection, but figure I dont need it since the running process I want to read belongs to myself.

The code I have is written in an interpreted scripting language, but has no problems calling dll functions.

I hope you can clarify some of my noob questions and appreciate any help you can offer.

MrSmith · 2010-12-02, 01:07 AM

For flash games it's probably better to decompile it and see the functions. Then from your app call the function and set the value.

TEDSON · 2010-12-02, 07:59 PM

Thanks for the reply, but the game is online, and although I have tried decompiling it, most code is server side, and I have nothing useful from this.

I dont want to do much with the value Im looking for other than read it, my big problem is finding its address.

Thanks.

TEDSON · 2010-12-08, 10:35 AM

Seems my last post was lost.

Wanted to ask how to determine dwScanStart and dwScanEnd values.

Thread: [C++] Basic memory-scanning in DLL

Thread Tools

Display

[C++] Basic memory-scanning in DLL

Re: [C++] Basic memory-scanning in DLL

Re: [C++] Basic memory-scanning in DLL

Re: [C++] Basic memory-scanning in DLL

Posting Permissions