-
-
Save h3ku/4823f6ffa15b3cc392a23ba3977bbec1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mod mem_lib; | |
fn main() { | |
let pid = mem_lib::get_proc_id_by_name("Telegram.exe"); | |
println!("Found process with id {}", pid); | |
let proccess = mem_lib::get_proc(pid); | |
println!("Read {}", proccess.read_address("0x99B720C")); | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
extern crate kernel32; | |
extern crate winapi; | |
extern crate wio; | |
use std::mem; | |
use std::ffi::OsString; | |
use self::wio::wide::FromWide; | |
use std::os; | |
pub struct Process { | |
handler: winapi::HANDLE | |
} | |
impl Process { | |
fn new(m_handler: winapi::HANDLE) -> Process { | |
return Process { handler: m_handler } | |
} | |
pub fn read_address(self, addres: &str) -> u64 { | |
let num = unsafe{mem::uninitialized()}; | |
let addr = u64::from_str_radix(&addres[2..], 16).unwrap(); | |
let test = unsafe{kernel32::ReadProcessMemory(self.handler, addr as *mut os::raw::c_void, num, u64::max_value(), 0 as *mut u64)}; | |
return num as u64; | |
} | |
} | |
pub fn get_proc(pid: u32) -> Process { | |
return Process::new(unsafe{kernel32::OpenProcess(winapi::PROCESS_VM_READ, 0, pid)}); | |
} | |
pub fn get_proc_id_by_name(name: &str) -> u32 { | |
let mut process: winapi::PROCESSENTRY32W = unsafe{mem::uninitialized()}; | |
process.dwSize = mem::size_of::<winapi::PROCESSENTRY32W>() as u32; | |
//Make a Snanshot of all the current proccess. | |
let snapshot = unsafe{kernel32::CreateToolhelp32Snapshot(winapi::TH32CS_SNAPPROCESS, 0)}; | |
//Get the first proccess and store it in proccess variable. | |
if unsafe{kernel32::Process32FirstW(snapshot, &mut process)} != 0{ | |
//Take the next procces if posible. | |
while unsafe{kernel32::Process32NextW(snapshot, &mut process)} != 0 { | |
let process_name = OsString::from_wide(&process.szExeFile); | |
match process_name.into_string() { | |
Ok(s) => { | |
if s.contains(name) { | |
return process.th32ProcessID; | |
} | |
}, | |
Err(_) => { | |
println!("Error converting process name for PID {}", process.th32ProcessID); | |
} | |
} | |
} | |
} | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment