Jump to content
Tuts 4 You
Sign in to follow this  
Steve

help me ,...can you convert c++ to delphi?

Recommended Posts

Steve

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>

unsigned long _GetProcessId( char* szProcName )
{
    PROCESSENTRY32 pe32;
    HANDLE hHandle;
 
    hHandle = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
    pe32.dwSize = sizeof( PROCESSENTRY32 );
    if( !Process32First( hHandle, &pe32 ) ) return 0; 
     while( Process32Next( hHandle, &pe32 ) )
     {
        if( strcmp( szProcName, pe32.szExeFile ) == 0 
        {
            CloseHandle( hHandle );
            return pe32.th32ProcessID;
        }
     
    CloseHandle( hHandle );
    return 0;
}
 
unsigned long _ScanForBytes( char* szProcess, char* szBytes )
  {
     HANDLE hHandle;
     SYSTEM_INFO sysInfo;
     MEMORY_BASIC_INFORMATION mbi;
     unsigned long dwMemAddr;
     unsigned long x;
     hHandle = OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION|PROCESS_VM_READ, FALSE, _GetProcessId( szProcess ) );
    if( hHandle == INVALID_HANDLE_VALUE || hHandle == NULL ) return 0;   
     GetSystemInfo( &sysInfo );
     dwMemAddr = (unsigned long)sysInfo.lpMinimumApplicationAddress;
      while( dwMemAddr < (unsigned long)sysInfo.lpMaximumApplicationAddress )
     {
        if( VirtualQueryEx( hHandle, (unsigned long*)dwMemAddr, &mbi, sizeof(mbi) ) == sizeof(mbi) )
         {
            if( (mbi.Protect != PAGE_NOACCESS) && (mbi.State == MEM_COMMIT) )
            {
                char* szMemDump = (char*)malloc(mbi.RegionSize+1);               
                ReadProcessMemory( hHandle, (unsigned long*)dwMemAddr, szMemDump, mbi.RegionSize, NULL );
             for( x=0; x<mbi.RegionSize; x++ )
              {
                    if( memcmp( (void*)(szMemDump+x), (void*)szBytes, strlen( szBytes ) ) == 0 )
                    {
                        free( szMemDump );
                        return (unsigned long)( dwMemAddr + x );
                    }
              }
                free( szMemDump );
            }
        }
        dwMemAddr = (unsigned long)mbi.BaseAddress + mbi.RegionSize;
    }
    CloseHandle( hHandle );  
    return 0;
  }
  
int main( int argc, TCHAR* argcv[] )
{
    printf( "Scan Results: 0x%08X\n", _ScanForBytes( "Calc.exe", "\x74\xBF\x33\xC0" ) );    
    getchar();
    return 0;
}

Edited by Steve (see edit history)

Share this post


Link to post
whoknows
http://www.softpedia.com/get/System/File-Management/C2pas32.shtml

 

  • Like 1

Share this post


Link to post
Steve
THANK YOU FOR ANSWER Mr.Whoknows and Mr.h4sh3m

but what it's wrong...?

function _GetProcessId(szProcName: PChar): Integer;
var
pe32: PROCESSENTRY32;
hHandle: THandle;

begin  
  hHandle:= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 
  pe32.dwSize:= sizeof(PROCESSENTRY32);
 
if not Process32First(hHandle,pe32) then
  begin  result:= 0;  exit;  end;
 
while Process32Next(hHandle,pe32) do
  begin 
    if StrComp(szProcName,pe32.szExeFile)=0 then
    begin
      CloseHandle(hHandle);
       
begin
        result:= pe32.th32ProcessID;     exit;
       
end;
   
end;
 
end;
  CloseHandle(hHandle);
 
begin  result:= 0;  exit;  end;
end;

function _ScanForBytes():Cardinal;
const
  szByte: array[0..3] of byte = ($74, $BF, $33,$C0);
var
  hHandle :THandle;
  sysInfo :SYSTEM_INFO;
  mbi:MEMORY_BASIC_INFORMATION;
  dwMemAddr,x:ULONG;
  BytesRead: DWord;
  szMemDump: array of byte;

begin  Result:=0;
  hHandle:= OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_OPERATION or PROCESS_VM_READ,False,_GetProcessId(
'Test.exe'));
 
if (hHandle = 0) then begin Result:=0;  end;
  GetSystemInfo(sysInfo);
  dwMemAddr:= dword(sysInfo.lpMinimumApplicationAddress);
 
while (dwMemAddr < dword(sysInfo.lpMaximumApplicationAddress)) do
  begin
   if VirtualQueryEx(hHandle,Ptr(dwMemAddr), mbi,SizeOf(mbi))= SizeOf(mbi)then
   begin
     if(mbi.Protect <> PAGE_NOACCESS) and (mbi.State = MEM_COMMIT) then
     begin
      //GetMem(szMemDump, Mbi.RegionSize+1);
      szMemDump:=GetMemory(mbi.RegionSize+1);
      SetLength(szMemDump, Mbi.RegionSize);
      ReadProcessMemory(hHandle,Pointer(dwMemAddr),szMemDump, Mbi.RegionSize, BytesRead );
     
for x:= x to mbi.RegionSize-1 do
      begin
     //if( memcmp( (void*)(szMemDump+x), (void*)szByte, strlen( szByte ) ) == 0 )
       
if CompareMem(@szMemDump[x], @szByte[0], Length(szByte)) then
       begin
        FreeMem(szMemDump);
        Result:=Int64(dwMemAddr + x );
       
end;
     
end;
      FreeMem( szMemDump );
     
end;
   
end;
    dwMemAddr := Int64(mbi.BaseAddress)+mbi.RegionSize;
 
end;
  CloseHandle(hHandle);
 
begin  result:= 0; exit;  end;
end;

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...