Wide strings and normal strings

Moobman (15)
I need some help regarding wide strings. I already have a working program for searching normal strings in a user-mode process that is specified (grabbing process ID and opening process with all access).

But i'm having a few issues regarding wide strings, if i input a wide-string like the sorts of: "E$$j$j" it will output as if it was found in the running process, though when i go to confirm this with processhacker there is no such string to be found in the process. Basically a false input, due to it being a wide string.

If anyone knows this sort of stuff, and could point me in the right direction that would be amazing! Thanks.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
#include <Windows.h>
#include <iostream>
#include <string>
#include <vector>
#include <stdio.h>
#include <tlhelp32.h>
#include <cstdlib>


DWORD ProcId = 0;

void GetProcId(const char* ProcName)
{
	PROCESSENTRY32   pe32;
	HANDLE         hSnapshot = NULL;

	pe32.dwSize = sizeof( PROCESSENTRY32 );
	hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

	if( Process32First( hSnapshot, &pe32 ) )
	{
		do{
			if( strcmp( pe32.szExeFile, ProcName ) == 0 )
				break;
		}while( Process32Next( hSnapshot, &pe32 ) );
	}

	if( hSnapshot != INVALID_HANDLE_VALUE )
		CloseHandle( hSnapshot );

	ProcId = pe32.th32ProcessID;
}

char* GetAddressOfData(DWORD pid, const char *data, size_t len)
{
    HANDLE process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
    if(process)
    {
        SYSTEM_INFO si;
        GetSystemInfo(&si);

        MEMORY_BASIC_INFORMATION info;
        std::vector<char> chunk;
        char* p = 0;

        std::cout << si.lpMaximumApplicationAddress;

        while(p < si.lpMaximumApplicationAddress)
        {

            if(VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info))
            {
                chunk.resize(info.RegionSize);
                SIZE_T bytesRead;

                if(ReadProcessMemory(process, p, &chunk[0], info.RegionSize, &bytesRead))
                {

                    for(size_t i = 0; i < (bytesRead - len); ++i)
                    {

                        if(memcmp(data, &chunk[i], len) == 0)
                        {
                            return (char*)p + i;
                        }
                    }
                }
                p += info.RegionSize;
                std::cout << ".";

            }
        }
    }
    return 0;
}



int main(){

	std::string ProcName;

	ProcName = "javaw.exe";

	GetProcId(ProcName.c_str());

    std::string input;
    input = "Test";

    int pid = ProcId;

    char* ret = GetAddressOfData(pid, input.c_str(), sizeof(input.c_str()));

    if(ret){
        std::cout << "Found Addr: " << (void*)ret << "\n";

    }
    else{
        std::cout << "Not found\n";
    }
          return 0;
}
Moobman (15)
I tried some stuff, removing one error after the other and achieved a program that compiles..

Problem now is that it is crashing every time i run it/compile it, anyone?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
#include <Windows.h>
#include <iostream>
#include <string>
#include <vector>
#include <stdio.h>
#include <tlhelp32.h>
#include <cstdlib>


DWORD ProcId = 0;

void GetProcId(const char* ProcName)
{
	PROCESSENTRY32   pe32;
	HANDLE         hSnapshot = NULL;

	pe32.dwSize = sizeof( PROCESSENTRY32 );
	hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

	if( Process32First( hSnapshot, &pe32 ) )
	{
		do{
			if( strcmp( pe32.szExeFile, ProcName ) == 0 )
				break;
		}while( Process32Next( hSnapshot, &pe32 ) );
	}

	if( hSnapshot != INVALID_HANDLE_VALUE )
		CloseHandle( hSnapshot );

	ProcId = pe32.th32ProcessID;
}

wchar_t* GetAddressOfData(DWORD pid, wchar_t *data, size_t len)
{
    HANDLE process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
    if(process)
    {
        SYSTEM_INFO si;
        GetSystemInfo(&si);


        MEMORY_BASIC_INFORMATION info;
        std::vector<wchar_t> chunk;
        wchar_t* p = 0;

        while(p < si.lpMaximumApplicationAddress)
        {

            if(VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info))
            {
                chunk.resize(info.RegionSize);
                SIZE_T bytesRead;

                if(ReadProcessMemory(process, p, &chunk[0], info.RegionSize, &bytesRead))
                {

                    for(size_t i = 0; i < (bytesRead - len); ++i)
                    {

                        if(memcmp(data, &chunk[i], len) == 0)
                        {
                            return (wchar_t*)p + i;
                        }
                    }
                }
                p += info.RegionSize;
                std::cout << ".";

            }
        }
    }
    return 0;
}



int main(){

	std::string ProcName;

	ProcName = "javaw.exe";

	GetProcId(ProcName.c_str());

    std::string input;
    input = "Test";

    int pid = ProcId;

    wchar_t* ret = GetAddressOfData(pid, wchar_t(), size_t());

    if(ret){
        std::cout << "Found Addr: " << (void*)ret << "\n";

    }
    else{
        std::cout << "Not found\n";
    }
          return 0;
}
Topic archived. No new replies allowed.