Dump fail?
Dump fail?
Well, daum this section is pretty dead.. Might as well ask for help.
Soo... I've been working on this dumper for about a half an hour, and it was about to work until!!! Yeah, the dumped file seems to be corrupted, if I dump a DLL and try to load it with olly it says it can't be loaded. If I dump the executable and try to run it, it says cannot initialize blah blah 0xSomeAddress.
Anyway, heres my code.
[PHP]
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <fstream>
using namespace std;
DWORD GetProcessID(char* targetProcess)
{
PROCESSENTRY32 *lpEntry;
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if(!snap) return 0;
Process32First(snap,lpEntry);
if( !strcmp(targetProcess,lpEntry->szExeFile) )
return lpEntry->th32ProcessID;
while( Process32Next(snap,lpEntry) )
{
if( !strcmp(targetProcess,lpEntry->szExeFile) )
{
return lpEntry->th32ProcessID;
}
}
return NULL;
}
MODULEENTRY32* GetModuleEntry(char* targetModule,DWORD pid)
{
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
MODULEENTRY32* lpModEntry;
Module32First(snap,lpModEntry);
if( !strcmp(targetModule,lpModEntry->szModule) )
return lpModEntry;
while( Module32Next(snap,lpModEntry) )
{
if( !strcmp(targetModule,lpModEntry->szModule) )
return lpModEntry;
}
return NULL;
}
bool DumpModule(MODULEENTRY32* lpModEnt)
{
unsigned char* buffer;
buffer = new unsigned char[lpModEnt->modBaseSize];
HANDLE handle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ,0,lpModEnt->th32ProcessID);
if(!handle) return 0;
if(!ReadProcessMemory(handle,lpModEnt->modBaseAddr,buffer,lpModEnt->modBaseSize,0)) return 0;
string dumpedFile = "_";
dumpedFile += lpModEnt->szModule;
fstream Dumping(dumpedFile.c_str(),ios::in | ios:
ut | ios::binary | ios::trunc);
for(int i=0;i<lpModEnt->modBaseSize;i++)
{
Dumping<<buffer[i];
}
cout <<"Done";
return true;
}
int main()
{
MODULEENTRY32* lpMod = GetModuleEntry("d3d9.dll",GetProcessID("d3d9test.e xe"));
if(lpMod != NULL)
{
DumpModule(lpMod);
}
cin.get();
}
[/PHP]
Halp!
Note: I'm not sure at all where the problem could be, maybe it's the method it reads or writes the files. Hopefully someone here has already made a module dumper and knows what I'm doing wrong.
Thanks.
Soo... I've been working on this dumper for about a half an hour, and it was about to work until!!! Yeah, the dumped file seems to be corrupted, if I dump a DLL and try to load it with olly it says it can't be loaded. If I dump the executable and try to run it, it says cannot initialize blah blah 0xSomeAddress.
Anyway, heres my code.
[PHP]
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
#include <fstream>
using namespace std;
DWORD GetProcessID(char* targetProcess)
{
PROCESSENTRY32 *lpEntry;
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
if(!snap) return 0;
Process32First(snap,lpEntry);
if( !strcmp(targetProcess,lpEntry->szExeFile) )
return lpEntry->th32ProcessID;
while( Process32Next(snap,lpEntry) )
{
if( !strcmp(targetProcess,lpEntry->szExeFile) )
{
return lpEntry->th32ProcessID;
}
}
return NULL;
}
MODULEENTRY32* GetModuleEntry(char* targetModule,DWORD pid)
{
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
MODULEENTRY32* lpModEntry;
Module32First(snap,lpModEntry);
if( !strcmp(targetModule,lpModEntry->szModule) )
return lpModEntry;
while( Module32Next(snap,lpModEntry) )
{
if( !strcmp(targetModule,lpModEntry->szModule) )
return lpModEntry;
}
return NULL;
}
bool DumpModule(MODULEENTRY32* lpModEnt)
{
unsigned char* buffer;
buffer = new unsigned char[lpModEnt->modBaseSize];
HANDLE handle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ,0,lpModEnt->th32ProcessID);
if(!handle) return 0;
if(!ReadProcessMemory(handle,lpModEnt->modBaseAddr,buffer,lpModEnt->modBaseSize,0)) return 0;
string dumpedFile = "_";
dumpedFile += lpModEnt->szModule;
fstream Dumping(dumpedFile.c_str(),ios::in | ios:
ut | ios::binary | ios::trunc);for(int i=0;i<lpModEnt->modBaseSize;i++)
{
Dumping<<buffer[i];
}
cout <<"Done";
return true;
}
int main()
{
MODULEENTRY32* lpMod = GetModuleEntry("d3d9.dll",GetProcessID("d3d9test.e xe"));
if(lpMod != NULL)
{
DumpModule(lpMod);
}
cin.get();
}
[/PHP]
Halp!
Note: I'm not sure at all where the problem could be, maybe it's the method it reads or writes the files. Hopefully someone here has already made a module dumper and knows what I'm doing wrong.
Thanks.
Similar Threads
- Dump!By Flawless in Spammers Corner22Last post
- 3Last post
- 15Last post
Originally Posted by Void
