Skip to content

Instantly share code, notes, and snippets.

@TechhDan
Last active January 30, 2024 01:46
Show Gist options
  • Save TechhDan/db617ad6611b6e57b883fa064589522e to your computer and use it in GitHub Desktop.
Save TechhDan/db617ad6611b6e57b883fa064589522e to your computer and use it in GitHub Desktop.
Memory Scanner
#include <iostream>
#include <Windows.h>
#include <vector>
bool ReadMemory(HANDLE hProcess, DWORD64 address, int& value) {
SIZE_T bytesRead;
return ReadProcessMemory(hProcess, (LPCVOID)address, &value, sizeof(value), &bytesRead) && bytesRead == sizeof(value);
}
void InitialScan(HANDLE hProcess, const int targetValue, std::vector<DWORD64>& foundAddresses, const SYSTEM_INFO& si) {
MEMORY_BASIC_INFORMATION info;
std::vector<BYTE> buffer;
DWORD64 address = 0;
while (address < (DWORD64)si.lpMaximumApplicationAddress) {
if (VirtualQueryEx(hProcess, (LPCVOID)address, &info, sizeof(info)) == sizeof(info)) {
if (info.State == MEM_COMMIT && (info.Protect == PAGE_READWRITE || info.Protect == PAGE_READONLY)) {
buffer.resize(info.RegionSize);
SIZE_T bytesRead;
if (ReadProcessMemory(hProcess, (LPCVOID)address, buffer.data(), info.RegionSize, &bytesRead)) {
for (SIZE_T i = 0; i < bytesRead - sizeof(targetValue); ++i) {
if (*reinterpret_cast<int*>(&buffer[i]) == targetValue) {
foundAddresses.push_back(address + i);
std::cout << "Found target value at address: " << std::hex << (address + i) << std::endl;
}
}
}
}
}
address += info.RegionSize;
}
}
void RescanForNewValue(HANDLE hProcess, const int newValue, std::vector<DWORD64>& foundAddresses) {
std::cout << "Scanning for updated value..." << std::endl;
std::vector<DWORD64> updatedAddresses;
for (DWORD64 addr : foundAddresses) {
int readValue;
if (ReadMemory(hProcess, addr, readValue) && readValue == newValue) {
updatedAddresses.push_back(addr);
std::cout << "Updated value found at address: " << std::hex << addr << std::endl;
}
}
foundAddresses = updatedAddresses; // Update the list with only those addresses that contain the new value
}
int main() {
DWORD pid = 29000; // Replace with your process ID
HANDLE hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
if (hProcess == NULL) {
std::cerr << "Failed to open process with PID " << pid << ". Error Code: " << GetLastError() << std::endl;
return 1;
}
SYSTEM_INFO si;
GetSystemInfo(&si);
int targetValue;
std::cout << "Enter initial target value: ";
std::cin >> targetValue;
std::vector<DWORD64> foundAddresses;
InitialScan(hProcess, targetValue, foundAddresses, si);
while (true) {
std::cout << "Enter new value to search (or -1 to exit): ";
int newValue;
std::cin >> newValue;
if (newValue == -1) break;
RescanForNewValue(hProcess, newValue, foundAddresses);
}
CloseHandle(hProcess);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment