MemoryReading with c++

[Xarg0]

Hello Folks, I just started into c++ programming and decided to write a small memoryreading programm, befor I even started reading a single byte from a process I had to find out how to obtain the process ID
this is how I get a Process ID by Exe with c++

Code:

#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
#include <cstring>
using namespace std;

class MemoryReader
{
       private:
       HANDLE hProcessSnap;
       HANDLE hProcess;
       bool ProcessIsOpen;
       HANDLE hToken; // access token handle
       public:
       PROCESSENTRY32 pe32;
       
       
       
       public:
       bool  GetProcessbyexe(string exestring)
       {
            pe32.dwSize = sizeof( PROCESSENTRY32 );
            if(!Process32First(hProcessSnap, &pe32))
            {
                    return 0;
            }
            while(Process32Next( hProcessSnap, &pe32 ))
            {
                    
                    if (exestring.compare(pe32.szExeFile)==0) 
                    {
                           
                           return true;
                    
                    }
                    
                    
            }return false;
	
        };
        bool SetPrivilege(                       
             LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
             BOOL bEnablePrivilege   // to enable or disable privilege
              ) 
        {
             TOKEN_PRIVILEGES tp;
             LUID luid;
                                     // receives LUID of privilege
             if ( !LookupPrivilegeValue(NULL,lpszPrivilege,&luid ) )        
             {
                   cout<<"LookupPrivilegeValue error: %un"<< GetLastError()<<"n"; 
                   return FALSE; 
                   }

             tp.PrivilegeCount = 1;
             tp.Privileges[0].Luid = luid;
             if (bEnablePrivilege) 
             tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
             else 
             tp.Privileges[0].Attributes = 0;
             if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, &hToken)) return false;
        
	    
// Enable the privilege or disable all privileges.

             if ( !AdjustTokenPrivileges(
                                         hToken, 
                                         FALSE, 
                                         &tp, 
                                         sizeof(TOKEN_PRIVILEGES), 
                                         (PTOKEN_PRIVILEGES) NULL, 
                                         (PDWORD) NULL) )
             { 
                    cout<<"AdjustTokenPrivileges error: %un"<<GetLastError()<<"n"; 
                    return FALSE; 
                    }
                     
             if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)

             {
                    cout<<"The token does not have the specified privilege. n";
                     return        FALSE;
                     } 

             return TRUE;
        };
        bool Open(void)
        {
             
             
                   hProcess=OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_TERMINATE, 0,pe32.th32ProcessID);
                   if (!(hProcess==0)) 
		   {		   
			ProcessIsOpen=true;			
			return true;
			
		   }
                   else 
		   {
			return false;
		   }
                          
             
        };
        bool Close(void)
        {
             if(!(CloseHandle(hProcess))) 
	     {
			return false;
             }
             else
	     {
			ProcessIsOpen=false; 
	       	        return true;
             }
	};
	int ReadInteger(int Adress)
	{
	   
	   if (ProcessIsOpen)
	   {
             int buffer;
             if (ReadProcessMemory(hProcess,(LPVOID)Adress,(LPVOID)&buffer,4,0))
             {
                    return buffer;
                                                                                
             }
             else
             {
                 cout<<"reading failed"<<endl;
                 return 0;                   
             }           
       }
	   else return 0;
	}; 
    bool WriteInteger(int Adress, int value)
    {
        if(ProcessIsOpen)
        {
             if(WriteProcessMemory(hProcess,(LPVOID)Adress,(LPVOID)&value, 4, 0))
             {
                return true;
             }
             else
                           {
                              DWORD oldprotect; 
                              if(VirtualProtectEx(hProcess, (LPVOID) Adress, sizeof(value), PAGE_READWRITE, &oldprotect)) 
                              {
                                   if(WriteProcessMemory(hProcess, (LPVOID) Adress, (LPVOID) &value, sizeof(value), 0)) 
                                   {
                                      VirtualProtectEx(hProcess, (LPVOID) Adress, sizeof(value), oldprotect, &oldprotect);
                                      return true;
                                   }
                              }
                           }
                           return false;
        }    
        else cout<<"Process not Open"<<endl;
        return false;
    };  
    float ReadFloat(int Adress)
    {
         if(ProcessIsOpen)
         {
                          float buffer;
                          if(ReadProcessMemory(hProcess, (LPVOID) Adress, (LPVOID) &buffer, sizeof(buffer), 0)) return buffer;
                          else cout<<"reading failed"<<endl;
                          return 0;
         }
         else cout<<"Process not Open"<<endl;
         return 0;
     };           
     bool WriteFloat(int Adress, float value)
     {
          if(ProcessIsOpen)
          {
                           if(WriteProcessMemory(hProcess, (LPVOID) Adress, (LPVOID) &value, sizeof(value), 0)) 
                           {
                              return true;
                           }
                           else
                           {
                              DWORD oldprotect; 
                              if(VirtualProtectEx(hProcess, (LPVOID) Adress, sizeof(value), PAGE_READWRITE, &oldprotect)) 
                              {
                                   if(WriteProcessMemory(hProcess, (LPVOID) Adress, (LPVOID) &value, sizeof(value), 0)) 
                                   {
                                      VirtualProtectEx(hProcess, (LPVOID) Adress, sizeof(value), oldprotect, &oldprotect);
                                      return true;
                                   }
                              }
                           }
                           return false;          
                               
                          
          }
          else cout<<"Process not Open"<<endl;
          return false;
      };      

        MemoryReader(void)
	{
     		this->hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
     		this->ProcessIsOpen=false;
	};
             
     
};

I fixed some stuff and added some functions to handle the Write/ReadProcessMemory functions.
The functions are pretty selfexplainairy.

[Miguel9614]

Useful, but I think there's a small problem. When I ran it all I got was zero. I changed

Code:

if (exechar==*pe32.szExeFile) 
                    {
                           
                           return pe32.th32ProcessID;
                    
                    }
                    else
                    {
                           return 0;
                    }

to

Code:

if (exechar==*pe32.szExeFile) 
                    {
                           
                           return pe32.th32ProcessID;
                    
                    }

I'm not sure why you put that else there. I think maybe it should be outside of the loop? Of course I could be completely crazy...but that seems to make sense to me and worked when I modified it to this:

Code:

#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
using namespace std;
//  Forward declarations:
BOOL GetProcessList( );
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
class MemoryReader
{
       private:
       HANDLE hProcessSnap;
       HANDLE hProcess;
       public:
       PROCESSENTRY32 pe32;
       
       
       
       public:
       unsigned int GetProcessbyexe(char exechar)
       {
            pe32.dwSize = sizeof( PROCESSENTRY32 );
            if(!Process32First(hProcessSnap, &pe32))
            {
                    return 0;
            }
            while(Process32Next( hProcessSnap, &pe32 ))
            {
                    
                    if (exechar==*pe32.szExeFile) 
                    {
                           
                           return pe32.th32ProcessID;
                    
                    }
            }
            return 0;
        };
        MemoryReader(void);
             
     
};
MemoryReader::MemoryReader(void)
{
     this->hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
     
};
     
int main()
{
    MemoryReader memory;
    char exe;
    cout<<"please enter exe name:n";
    cin>>exe;
    unsigned int myprocid=memory.GetProcessbyexe(exe);
    cout<<"the ProcessID is:"<<myprocid<<"n";
    cout<<"the name was:"<<memory.pe32.szExeFile<<"n"; //for debugging
}

Nonetheless good job =] +rep and I hope you expand on this class. (I'm assuming you're allowing people to use it?)

[Xarg0]

Without the else after Checken the Process name I always got the pid of the last process "edit"If the exe name I entered didn't exist), maybe it's because I'm a Linux user running wine to deal with Windows stuff ^.^
And ofcourse this class is free, and I'll add some more stuff in the future :-)
Ps: Thanks for the +rep

[Miguel9614]

Hmm well I'm running just Windows and the change worked for me. Glad to here it's free, I think I'll add to it to. I'll post it here when I do.

[raindog]

well, you need to search for more than just the 1st letter of the process name.

[MillerLite]

its "\n" for a new line not "n"

or all the lines are bunched together when i run it.

[Miguel9614]

its "n" for a new line not "n"

or all the lines are bunched together when i run it.

Hmm...thats odd. I know its \n. Must have been a typo =P

[raindog]

Quick observation:

The class is called MemoryReader, but there is no call to ReadProcessMemory or anyhting similar.

[Xarg0]

Well thats because I didn't have the time to write some memoryreading functions, btw if you include the right headers you can use ReadProcessMemory without any Problems, I'm currently planning on building some functions that'll help to deal with ReadProcessMemory() like those in the wowsharp memoryreader class
btw could someone please test if the setprivilege function is working for him?
I can't find any mistakes in it but it keeps returning an error 6, maybe because I'm using wine on linux.
Edit: I found the mistake ^^

[Xarg0]

I did a lot of changes, and I think this is usful for a lot of people who are coding with c++, so
/push

[macintox]

easy to understand great job, even if i don't need it +rep

[Lindoz12]

Ive seen that code b4...

[Xarg0]

Ive seen that code b4...

Where did you see this code?
I wrote It on my on, but it's very similar to the wowsharp memory reader.

Btw the VirtualFreeEx() call like it is now in this class, is dangerous to use, it can cause the target aplication to crash, since I forgot to restore the old PageAccesRights
^^, I'll add that soon.

[Lucani]

Big thx, i want use it in my program ;]

[Xarg0]

I updated the class to resett the Page_Acces_rights after writing, if they where changed.
The Class is now pretty completed, if you'd like me to add some other memoryread/write functions for different data types tell me and I'll add them :-)