Windows C++ code to scan another process

10/20/2017 - 6:01 PM

Windows C++ code to scan another process

Simple demonstration of using ReadProcessMemory to read another process' memory.

#include <windows.h>
#include <iostream>
#include <iomanip>
#include <vector>
#include <cstdint>

#pragma comment( lib, "user32.lib" )

constexpr unsigned CHUNK = 1048576;
constexpr unsigned MAXSIZE = 0x7fffffff;
DWORD pid;

int main()
{
    std::vector<uint8_t> buffer(CHUNK);
    HWND hWnd = FindWindowA(0, "x.cpp (C:\\tmp) - GVIM");
    GetWindowThreadProcessId(hWnd, &pid);
    HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    for( unsigned i = 0; i < MAXSIZE; i += CHUNK )
    {
        size_t actual = 0;
        ReadProcessMemory(pHandle, (LPVOID)i, 
            buffer.data(), buffer.size(), &actual );
        if( actual )
        {
            std::cout << " Read " << std::dec << actual << " bytes at 0x"
                << std::hex << i << "\n";
            for( unsigned j = 0; j < actual-4; j++ )
            {
                if( (*(uint32_t*)&buffer[j] & 0xffffff) == 'ppc' )
                {
                    std::cout << "Found at 0x" << std::hex << (i+j) << "\n";
                }
            }
        }
    }
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Windows C++ code to scan another process