[C++]Memory Reading Class

[opulent]

I've been leeching around for almost a month.. Here's something that's helped me.

This is the reader I'm using at the moment, it's in C++. It's very basic and may prove useful to someone just starting out, it will read numeric types from one wow process.

The thread that I taxed most of the code from is here ->.

All credit goes to Kynox for this code.. Even though I butchered it.

Code:

/*A memory Class used to read numeric values from 
specific memory locations                      */
class Memory //Mostly brought to you by Kynox
{
public:
	Memory(){
      /*Precondition: none
	*Postcondition: an instance of the class memory
	*is invoked and debug priveleges attempted.        */	
		AddDebugPrivileges(); 
	}
	
	template <class T>
	static T Read(DWORD Offset)
	//Precondition: Program has debug privileges
	//		A valid wow offset for reading.
	//Postcondition: Returns the value of the offset.
	{
		T TSave = NULL; //Variable which takes the read.
		
		//Calling function to find current valid wow handle
		HANDLE hWowHandle = RefreshWowHandle();
		
		if(hWowHandle != NULL)
		{
			int sz = sizeof(T); //Debug Variable
			DWORD sizeRead;
			bool valid;

			valid = ReadProcessMemory(hWowHandle,(LPCVOID) Offset,(LPVOID) &TSave, sizeof(T), &sizeRead);
			
			//The following if statement tests the validity of the read.
			if(valid == FALSE || sizeRead != sizeof(T)){
				CloseHandle(hWowHandle);
				TSave = NULL;
				return TSave; //Null returned for a bad read.
			}
			
			else{
				CloseHandle(hWowHandle);
				return TSave;//Valid read
			}
		}
		
		else{//Condition is met when a valid handle is not found.
			TSave = NULL; 
			return TSave;//Null returned for a bad read.
		}
	}

	
	static bool AddDebugPrivileges()
        // Adjusting Privileges for Read/Write
	//I got this code from Kynox @ mmowned.
	{
		HANDLE hToken;
		TOKEN_PRIVILEGES tp;

		OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, &hToken);

		if(!LookupPrivilegeValueA( NULL, "SeDebugPrivilege", &tp.Privileges[0].Luid ))
		{
			CloseHandle(hToken);
			return 1;
		}

		tp.PrivilegeCount = 1;
		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

		if( !AdjustTokenPrivileges(hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, 0))
		{
			CloseHandle(hToken);
			return 1;
		}

		CloseHandle(hToken);
		return 0;
	}
	
	
	static HANDLE RefreshWowHandle()
        //Function to get a handle to the WoW process for reading
	//Postcondition: Returns a current and valid handle
	{
		DWORD Pid; //ProcessId
		HANDLE newHandle;
		
		//attempt to get game handle by FindWindow.
		if(FindWindow(NULL, "World of Warcraft") != NULL)
		{
			HWND hWnd = FindWindow(NULL, "World of Warcraft");
			if (hWnd == NULL)
			{
				newHandle = NULL;
				return newHandle; //error returns handle as NULL
			}

			GetWindowThreadProcessId(hWnd, &Pid);
			if (Pid == 0)
			{
				newHandle = NULL;
				return newHandle; //error returns handle as NULL
			}

			newHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);
			if (newHandle == NULL)
			{
				newHandle = NULL;
				return newHandle; //error returns handle as NULL
			}

			return newHandle;//Returns a handle to this wow process
		}


		else 
		{
			newHandle = NULL;
			return newHandle; //error, Couldn't find the window.
		}
	}
};

This is probably a terrible way to go about out of process memory reading and all criticism is welcome. Any tips as to how to make this modular for string types would also be appreciated.

[Cypher]

Don't use DWORD to hold your addreses. Use DWORD_PTR. That way your datatype for storing addresses will be architecture portable (i.e. 32-bits on IA-32 and 64-bits on AMD64).

You should also be using C++ casts, not C casts. e.g. static_cast, reinterpret_cast, etc.

Rather than calling Open*Handle and CloseHandle manually you should wrap them into an object so the call to CloseHandle happens automatically. There is default code to tdo this in the code accompanying the book 'Windows via C++', and I have attached my modified version in my latest Injector's code. Another bonus with doing that is that on top of cleaner code, its also a lot easier to use C++ exception handling.

You also might want to make your functions more resilient to potential problems. Here's an example of my GetSeDeubgPrivilege function:

Code:

// Gives the current process the SeDebugPrivelige so we can get the 
// required process handle.
// Note: Requires administrator rights
void Injector::GetSeDebugPrivilege()
{
	// Open current process token with adjust rights
	HANDLE TempToken;
	BOOL RetVal = OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES
		| TOKEN_QUERY, &TempToken);
	if (!RetVal) 
		throw InjectorException("Injector::GetSeDebugPrivilege: Could not open process token.");
	EnsureCloseHandle Token(TempToken);

	// Get the LUID for SE_DEBUG_NAME 
	LUID Luid = { NULL }; // Locally unique identifier
	if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &Luid)) 
		throw InjectorException("Injector::GetSeDebugPrivilege: Could not look up privilege value for SeDebugName.");
	if (Luid.LowPart == NULL && Luid.HighPart == NULL) 
		throw InjectorException("Injector::GetSeDebugPrivilege: Could not get LUID for SeDebugName.");

	// Process privileges
	TOKEN_PRIVILEGES Privileges = { NULL };
	// Set the privileges we need
	Privileges.PrivilegeCount = 1;
	Privileges.Privileges[0].Luid = Luid;
	Privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	// Apply the adjusted privileges
	if (!AdjustTokenPrivileges(Token, FALSE, &Privileges,
		sizeof (Privileges), NULL, NULL)) 
		throw InjectorException("Injector::GetSeDebugPrivilege: Could not adjust token privileges.");
}

As for string types, what's wrong with this:
std::vector<char> MyBuffer(some_size);
ReadNumberOfBytes(address,some_size,&MyBuffer[0]);
std::string MyString(&MyBuffer[0]);

That's just a very raw pseudo-example, but you get the idea.

Other parts of your code could be heavily cleaned up by combining certain statements, reducing conditional nesting, etc.

There are also things I'd change in terms of the actual design of the class, but that's just me.

[opulent]

I appreciate the constructive feedback and included snippet. I've noticed you've cited that particular book in a few different threads now. I'll have to get a hold of a copy.

In any case I plan to redesign the code now. Hopefully, after a few rewrites and a ton of mistakes I'll have something with more portability and functionality.

Thanks again.

oP.

[Cypher]

No problem. Good luck.