-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathinterfacememory.cpp
85 lines (72 loc) · 2.08 KB
/
interfacememory.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#include "interfacememory.h"
#include <QString>
InterfaceMemory::InterfaceMemory(QPlainTextEdit* _screen, HANDLE _hprocess)
{
screen=_screen;
hprocess=_hprocess;
}
QString InterfaceMemory::Convert(uint8_t* memory){
QString demp="";
for(int i =0;i<16;i++){
if (((memory[i] >= 0x30) && (memory[i]<=0x39)) || ((memory[i] >= 'a') && (memory[i]<='z')) || ((memory[i] >= 'A') && (memory[i]<='Z')))
{
QString chr;
char u[3];
u[0] = memory[i];
u[1]=0;
chr.sprintf("%s", &u);
demp+= chr;
}
else
{
demp+= ".";
}
}
return demp;
}
int InterfaceMemory::Dump(LPVOID addr)
{
MEMORY_BASIC_INFORMATION meminfo;
uint8_t* memory;
SIZE_T nbytes=0;
QString TextDump = "";
if (!VirtualQueryEx(hprocess,addr, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)))
{
return 0;
}
memory = (uint8_t*)malloc(0x1000);
if (meminfo.State==MEM_COMMIT)
{
if (meminfo.Type==MEM_MAPPED || meminfo.Type==MEM_PRIVATE || meminfo.Type==MEM_IMAGE)
{
if(meminfo.RegionSize>0x1000){
meminfo.RegionSize=0x1000;
}
ReadProcessMemory(hprocess, addr, memory, meminfo.RegionSize,&nbytes);
if (nbytes!=0){
QString ascii="";
for(int i=0; i< meminfo.RegionSize; i++)
{
if((i%16)==0)
{
TextDump+= "| "+ascii;
TextDump+="\n " + QString::number((uint32_t)addr+i,16)+ "|";
ascii=Convert(memory+i);
}
QString b;
b.sprintf("%02X", memory[i]);
TextDump += " "+b;
screen->document()->setPlainText(TextDump);
}
free(memory);
return 1;
}
free(memory);
return 1;
}
free(memory);
return 0;
}
free(memory);
return 0;
}