 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hwtrap
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 4
|
 Posted: Sat May 05, 2012 3:32 pm Post subject: [Delphi] Search for string in memory |
 |
|
Hi, I'm tryin to find a string into another process memory using VirtualQueryEx/ReadProcessMemory. For tests I'm using notepad, and got some success but not the way I need it. Look the code below: | Code: | var
PIDHandle: THandle;
MemInfo: MEMORY_BASIC_INFORMATION;
MemStart, ReceivedBytes: cardinal;
Buff: PChar;
while (VirtualQueryEx(PIDHandle, Pointer(MemStart), MemInfo, SizeOf(MemInfo)) > 0) do
begin
if ((MemInfo.State = MEM_COMMIT) and (not (MemInfo.Protect = PAGE_GUARD)
or (MemInfo.Protect = PAGE_NOACCESS))) then
begin
if (0<>MemInfo.Protect and PAGE_READWRITE) then
begin
GetMem(Buff, MemInfo.RegionSize);
if (ReadProcessMemory(PIDHandle, MemInfo.BaseAddress, Buff,
MemInfo.RegionSize, ReceivedBytes)) then
begin;
Memo1.Lines.Append(Buff);
end;
FreeMem(Buff);
end;
end;
MemStart:= MemStart + MemInfo.RegionSize;
end;
CloseHandle(PIDHandle);
end;
end; |
As you can see, I'm adding into a Memo the Buff read in the ReadProcessMemory, but I got only invalid characters in the Memo... I'm using Cheat Engine to get the address of some string wrote in notepad and passing the address in ReadProcessMemory like this:
| Code: | if (ReadProcessMemory(PIDHandle, Pointer($005F8F97), Buff, MemInfo.RegionSize, ReceivedBytes)) then
begin
Memo1.Lines.Append(Buff);
end;
|
In this way it works, and get the exact string I wrote there. But I'm searching for some string in other processes, so I haven't the address of this string, need to scan for it as you saw in the first code box... Ok if appeared invalid chars, including my string. I know memory isn't strings, so will have invalid things, but if at least my string appeared in the Memo will be ok. But it don't even appear!! How can I make this???
Remember:1- when I give the right address pointer, it works fine.
2- my string will be in ASCII or Unicode
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Sat May 05, 2012 3:53 pm Post subject: |
|
|
Memo.lines.append copies the string till the first 0-terminator and discards the rest.
Before copying replace all the #0 chars with a space (in fact, replace #0 to #31 with a space)
Unicode and ascii can not be scanned for at the same time this way though
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hwtrap
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 4
|
| Posted: Sat May 05, 2012 3:54 pm Post subject: |
|
|
Can you please help-me on how to do this? Because I already tried this solution, and didn't get success... I tried this code:
| Code: | var
MyBuff: AnsiString;
if (ReadProcessMemory(PIDHandle, MemInfo.BaseAddress, Buff,
MemInfo.RegionSize, ReceivedBytes)) then
begin;
SetLength(mybuff,MemInfo.RegionSize);
CopyMemory(@mybuff[1],Buff,MemInfo.RegionSize);
Memo1.Lines.Append(MyBuff);
end;
|
But got in the memo something like:
hxxp://s18.postimage.org/8xdu0vprd/memo1.jpg
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Sat May 05, 2012 4:47 pm Post subject: |
|
|
As i said, memo1.lines.append will only copy till the first 0-terminator, it does not care about the length, change the bytes with value 0 to a space (also take care of control characters like newline/backspace/delete/tab/etc...)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hwtrap
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 4
|
| Posted: Sat May 05, 2012 4:56 pm Post subject: |
|
|
| Bro, help-me because I don't know how to do this... Sorry, but I searched all over the internet already, and can't find a solution...
|
|
| Back to top |
|
|
hwtrap
How do I cheat?
![]() Reputation: 0
Joined: 05 May 2012
Posts: 4
|
| Posted: Sat May 12, 2012 4:44 pm Post subject: |
|
|
I'm bumping this thread because did some changes in the code, and have another kind of doubt. Maybe someone can help-me...I'm tryin to scan an entire process memory but no success... What I'm doing is: for tests I'm using notepad, so I write there %B and this values in HEX are: 25(%) and 42(B). So the code is: | Code: | while (VirtualQueryEx(PIDHandle, Pointer(MemStart), MemInfo, SizeOf(MemInfo)) <> 0) do
begin
if ((MemInfo.State = MEM_COMMIT) and (not (MemInfo.Protect = PAGE_GUARD)
or (MemInfo.Protect = PAGE_NOACCESS)) and (MemInfo.Protect = PAGE_READWRITE)) then
begin
SetLength(Buff, MemInfo.RegionSize);
if (ReadProcessMemory(PIDHandle, MemInfo.BaseAddress, Buff,
MemInfo.RegionSize, ReceivedBytes)) then
begin
for I := 0 to SizeOf(Buff) do
begin
if (IntToHex(Buff[i], 1) = '25') and (IntToHex(Buff[i+2], 1) = '42') then
Form1.Memo1.Lines.Append(IntToHex(Buff[i], 1));
end;
end;
end;
MemStart:= MemStart + MemInfo.RegionSize;
end;
CloseHandle(PIDHandle);
end; |
The var 'Buff' is TBytes (I read about TBytes and think it's same as array of byte). So I'm converting the bytes to Hex, and searching for values: 25 and 42 respectively. The code is like:
| Code: | | if (IntToHex(Buff[i], 1) = '25') and (IntToHex(Buff[i+2], 1) = '42') then |
Because have 00 between the hex values. So I need to add '+2'. How can I scan the entire memory for this values??
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
