#include "MemReader.h"
int n = 0;
DWORD FindAdr;
int main(int argc, char* argv[])
{
MemReader* mem = new MemReader("name.exe");
mem->Open();
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, mem->getPID());
MODULEENTRY32 game = { 0 };
mem->GetModuleInfo("name.exe", &game, true);
printf("base = 0x%X\n", (DWORD)game.modBaseAddr);
printf("debug = %X\n", DebugActiveProcess(mem->getPID()));
printf("Pid = %X\n", mem->getPID());
DWORD x = (DWORD)game.modBaseAddr + 0x120CF3; // адрес искомой инструкции
printf("adr = 0x%X\n", x);
DWORD oldOp = mem->Read(x, 1).toDWORD(); //оригинальный байт
printf("oldOp = 0x%X\n", oldOp);
DWORD opInt3 = 0xCC; // int 3
mem->Write(&opInt3, x, 1);
FlushInstructionCache(hProc, &opInt3, 1);
printf("realdOp = 0x%X\n", mem->Read(x, 1).toDWORD());
DEBUG_EVENT debug_event = { 0 };
CONTEXT thread_context;
thread_context.ContextFlags = CONTEXT_FULL;
for (;;)
{
if (!WaitForDebugEvent(&debug_event, INFINITE))
return 0;
if (EXCEPTION_BREAKPOINT == debug_event.u.Exception.ExceptionRecord.ExceptionCode)
{
HANDLE hBadThread = OpenThread(THREAD_GET_CONTEXT | THREAD_SUSPEND_RESUME, 0, debug_event.dwThreadId);
GetThreadContext(hBadThread, &thread_context);
printf("edi = 0x%X\n", thread_context.Edi);
// thread_context.Eip--; // Move back one byte
//SetThreadContext(hBadThread, &thread_context);
//CloseHandle(hBadThread);
n++;
}
if (n == 2)
{
FindAdr = thread_context.Edi;
printf("FindArd = 0x%X\n", FindAdr);
mem->Write(&oldOp, x, 1);
FlushInstructionCache(hProc, &opInt3, 1);
printf("realdOp = 0x%X\n", mem->Read(x, 1).toDWORD());
ContinueDebugEvent(debug_event.dwProcessId,
debug_event.dwThreadId,
DBG_CONTINUE);
break;
}
ContinueDebugEvent(debug_event.dwProcessId,
debug_event.dwThreadId,
DBG_EXCEPTION_NOT_HANDLED);
}
mem->Write(&oldOp, x, 1); //если не словили нужное исключение(в цикле for i<90)
DebugActiveProcessStop(mem->getPID());
system("PAUSE")
};