Insert 1 Form = Form1.frm
Insert 1 Module = modAPI.bas
Insert 4 Class Module : clsProcess_Access.cls, clsMemory_Write.cls, clsMemory_Read.cls, clsMemory_Misc.cls
Form1.frm
Code :
VERSION 5.00
Begin VB.Form Form1
Caption = "-- Minesweeper Demonstration --"
ClientHeight = 7320
ClientLeft = 60
ClientTop = 345
ClientWidth = 7935
LinkTopic = "Form1"
ScaleHeight = 7320
ScaleWidth = 7935
StartUpPosition = 3 'Windows Default
Begin VB.Frame Frame4
Caption = "Process Detection Demos"
Height = 7215
Left = 120
TabIndex = 9
Top = 0
Width = 3135
Begin VB.Frame Frame5
Caption = "GetProcessIdByName"
Height = 975
Left = 120
TabIndex = 10
Top = 240
Width = 2895
Begin VB.TextBox Text4
Height = 285
Left = 480
TabIndex = 13
Top = 600
Width = 1095
End
Begin VB.CommandButton Command3
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 12
Top = 600
Width = 615
End
Begin VB.TextBox Text3
Height = 285
Left = 480
TabIndex = 11
Text = "winmine.exe"
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame7
Caption = "GetProcessIdFromWindowTitle"
Height = 975
Left = 120
TabIndex = 18
Top = 1200
Width = 2895
Begin VB.TextBox Text8
Height = 285
Left = 480
TabIndex = 21
Top = 600
Width = 1095
End
Begin VB.CommandButton Command5
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 20
Top = 600
Width = 615
End
Begin VB.TextBox Text7
Height = 285
Left = 480
TabIndex = 19
Text = "Minesweeper"
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame8
Caption = "GetProcessNameFromWindowTitle"
Height = 975
Left = 120
TabIndex = 22
Top = 2160
Width = 2895
Begin VB.TextBox Text10
Height = 285
Left = 480
TabIndex = 25
Top = 600
Width = 1095
End
Begin VB.CommandButton Command6
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 24
Top = 600
Width = 615
End
Begin VB.TextBox Text9
Height = 285
Left = 480
TabIndex = 23
Text = "Minesweeper"
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame15
Caption = "GetProcessNameFromProcessId"
Height = 975
Left = 120
TabIndex = 59
Top = 3120
Width = 2895
Begin VB.TextBox Text25
Height = 285
Left = 480
TabIndex = 62
Top = 600
Width = 1095
End
Begin VB.CommandButton Command12
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 61
Top = 600
Width = 615
End
Begin VB.TextBox Text24
Height = 285
Left = 480
TabIndex = 60
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame6
Caption = "GetProcessWndByName"
Height = 975
Left = 120
TabIndex = 14
Top = 4080
Width = 2895
Begin VB.TextBox Text6
Height = 285
Left = 480
TabIndex = 17
Top = 600
Width = 1095
End
Begin VB.CommandButton Command4
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 16
Top = 600
Width = 615
End
Begin VB.TextBox Text5
Height = 285
Left = 480
TabIndex = 15
Text = "winmine.exe"
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame9
Caption = "GetModuleBaseFromProcessName"
Height = 975
Left = 120
TabIndex = 26
Top = 5040
Width = 2895
Begin VB.TextBox Text12
Height = 285
Left = 480
TabIndex = 30
Top = 600
Width = 1095
End
Begin VB.CommandButton Command7
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 29
Top = 600
Width = 615
End
Begin VB.TextBox Text11
Height = 285
Left = 480
TabIndex = 28
Text = "user32.dll"
Top = 240
Width = 1815
End
End
Begin VB.Frame Frame10
Caption = "GetModuleSizeFromProcessName"
Height = 1095
Left = 120
TabIndex = 27
Top = 6000
Width = 2895
Begin VB.TextBox Text14
Height = 285
Left = 480
TabIndex = 33
Top = 720
Width = 1095
End
Begin VB.CommandButton Command8
Caption = "Get"
Height = 255
Left = 1680
TabIndex = 32
Top = 720
Width = 615
End
Begin VB.TextBox Text13
Height = 285
Left = 480
TabIndex = 31
Text = "user32.dll"
Top = 360
Width = 1815
End
End
End
Begin VB.Frame Frame1
Caption = "Minesweeper Demo"
Height = 1335
Left = 3360
TabIndex = 0
Top = 0
Width = 4455
Begin VB.Frame Frame2
Caption = "ReadMemory"
Height = 975
Left = 120
TabIndex = 1
Top = 240
Width = 2055
Begin VB.CommandButton Command1
Caption = "Read"
Height = 255
Left = 720
TabIndex = 4
Top = 600
Width = 1215
End
Begin VB.TextBox Text1
Height = 285
Left = 720
TabIndex = 3
Top = 240
Width = 1215
End
Begin VB.Label Label1
Caption = "Flags"
Height = 255
Left = 120
TabIndex = 2
Top = 480
Width = 615
End
End
Begin VB.Frame Frame3
Caption = "WriteMemory"
Height = 975
Left = 2280
TabIndex = 5
Top = 240
Width = 2055
Begin VB.CommandButton Command2
Caption = "Write"
Height = 255
Left = 720
TabIndex = 8
Top = 600
Width = 1215
End
Begin VB.TextBox Text2
Height = 285
Left = 720
TabIndex = 7
Text = "255"
Top = 240
Width = 1215
End
Begin VB.Label Label2
Caption = "Flags"
Height = 255
Left = 120
TabIndex = 6
Top = 480
Width = 735
End
End
End
Begin VB.Frame Frame11
Caption = "Structure Read/Write"
Height = 2055
Left = 3360
TabIndex = 34
Top = 1320
Width = 4455
Begin VB.Frame Frame12
Caption = "Read [Board Info]"
Height = 1695
Left = 240
TabIndex = 35
Top = 240
Width = 1935
Begin VB.CommandButton Command9
Caption = "Read Info"
Height = 255
Left = 600
TabIndex = 42
Top = 1320
Width = 1215
End
Begin VB.TextBox Text17
Height = 285
Left = 600
TabIndex = 41
Top = 960
Width = 1215
End
Begin VB.TextBox Text16
Height = 285
Left = 600
TabIndex = 40
Top = 600
Width = 1215
End
Begin VB.TextBox Text15
Height = 285
Left = 600
TabIndex = 39
Top = 240
Width = 1215
End
Begin VB.Label Label5
Caption = "Height"
Height = 255
Left = 120
TabIndex = 38
Top = 960
Width = 855
End
Begin VB.Label Label4
Caption = "Width"
Height = 255
Left = 120
TabIndex = 37
Top = 600
Width = 975
End
Begin VB.Label Label3
Caption = "Mines"
Height = 255
Left = 120
TabIndex = 36
Top = 240
Width = 975
End
End
Begin VB.Frame Frame13
Caption = "Write [Board Info]"
Height = 1695
Left = 2280
TabIndex = 43
Top = 240
Width = 1935
Begin VB.CommandButton Command10
Caption = "Write Info"
Height = 255
Left = 600
TabIndex = 50
Top = 1320
Width = 1215
End
Begin VB.TextBox Text20
Height = 285
Left = 600
TabIndex = 49
Text = "25"
Top = 960
Width = 1215
End
Begin VB.TextBox Text19
Height = 285
Left = 600
TabIndex = 48
Text = "25"
Top = 600
Width = 1215
End
Begin VB.TextBox Text18
Height = 285
Left = 600
TabIndex = 47
Text = "15"
Top = 240
Width = 1215
End
Begin VB.Label Label8
Caption = "Height"
Height = 255
Left = 120
TabIndex = 46
Top = 960
Width = 855
End
Begin VB.Label Label7
Caption = "Width"
Height = 255
Left = 120
TabIndex = 45
Top = 600
Width = 975
End
Begin VB.Label Label6
Caption = "Mines"
Height = 255
Left = 120
TabIndex = 44
Top = 240
Width = 975
End
End
End
Begin VB.Frame Frame14
Caption = "Scan For Bytes Example (AoB Example)"
Height = 1815
Left = 3360
TabIndex = 51
Top = 3360
Width = 4455
Begin VB.TextBox Text23
Height = 285
Left = 960
TabIndex = 57
Top = 1440
Width = 3375
End
Begin VB.CommandButton Command11
Caption = "Scan"
Height = 255
Left = 2880
TabIndex = 56
Top = 1080
Width = 1455
End
Begin VB.TextBox Text22
Height = 285
Left = 960
TabIndex = 55
Text = "user32.dll"
Top = 720
Width = 3375
End
Begin VB.TextBox Text21
Height = 285
Left = 960
TabIndex = 52
Text = "60, 2E, 64, 61, 74, 61"
Top = 360
Width = 3375
End
Begin VB.Label Label11
Caption = "Address"
Height = 255
Left = 120
TabIndex = 58
Top = 1440
Width = 735
End
Begin VB.Label Label10
Caption = "Module"
Height = 255
Left = 120
TabIndex = 54
Top = 720
Width = 735
End
Begin VB.Label Label9
Caption = "Byte Array"
Height = 255
Left = 120
TabIndex = 53
Top = 360
Width = 1215
End
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
'----------------------------------------------
' VB6 Trainer Toolkit Demo
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'
' This demo shows how to use some, if not all,
' the functions found inside the VB6 Trainer
' Toolkit.
'
' This demo was writen on Windows XP Home w/sp2
' and requires Minesweeper to be running to
' work properly. Your version of Minesweeper
' might have different addresses depending on
' your operating system.
'
'----------------------------------------------
'----------------------------------------------
Private Proc As New clsProcess_Access
Private Poke As New clsMemory_Write
Private Peek As New clsMemory_Read
Private Misc As New clsMemory_Misc
'----------------------------------------------
Private Const dwFlagAddress As Long = &H1005194
Private Const dwBoardInfo As Long = &H1005330
Private Type BoardSetup
Mines As Byte '// Mines
Unk1(2) As Byte '// BLANK BYTES
Width As Byte '// Width
Unk2(2) As Byte '// BLANK BYTES
Height As Byte '// Height
End Type
' Create Instance Of BoardSetup Structure
Private BoardInfo As BoardSetup
'----------------------------------------------
'
' Read Memory Example
'
'
Private Sub Command1_Click()
Dim dwProcId As Long
Dim dwResult As Byte
dwProcId = Proc.GetProcessIdByName("winmine.exe")
Peek.ReadByte dwProcId, dwFlagAddress, dwResult
Text1.Text = dwResult
End Sub
'
' Write Memory Example
'
'
Private Sub Command2_Click()
If Text2.Text = "" Then Exit Sub
If IsNumeric(Text2.Text) = False Then Exit Sub
Dim dwProcId As Long
dwProcId = Proc.GetProcessIdByName("winmine.exe")
Poke.WriteByte dwProcId, dwFlagAddress, CByte(Text2.Text)
End Sub
'
' GetProcessIdByName
'
Private Sub Command3_Click()
Text4.Text = Proc.GetProcessIdByName(Text3.Text)
End Sub
'
' GetProcessWndByName
'
Private Sub Command4_Click()
Text6.Text = Proc.GetProcessWndByName(Text5.Text)
End Sub
'
' GetProcessIdFromWindowTitle
'
Private Sub Command5_Click()
Text8.Text = Proc.GetProcessIdFromWindowTitle(Text7.Text)
End Sub
'
' GetProcessNameFromProcessId
'
Private Sub Command12_Click()
Text25.Text = Proc.GetProcessNameFromProcessId(Text24.Text)
End Sub
'
' GetProcessNameFromWindowTitle
'
Private Sub Command6_Click()
Text10.Text = Proc.GetProcessNameFromWindowTitle(Text9.Text)
End Sub
'
' GetModuleBaseFromProcessName
'
Private Sub Command7_Click()
Text12.Text = Hex(Proc.GetModuleBaseFromProcessName("winmine.exe", Text11.Text))
End Sub
'
' GetModuleSizeFromProcessName
'
' Extended example showing how to use this if you don't know the
' process name from the start.
'
Private Sub Command8_Click()
Dim szProcName As String
szProcName = Proc.GetProcessNameFromWindowTitle("Minesweeper")
Text14.Text = Proc.GetModuleSizeFromProcessName(szProcName, Text13.Text)
End Sub
'
' Read Memory Structure Example
'
'
Private Sub Command9_Click()
Dim dwProgId As Long
dwProgId = Proc.GetProcessIdByName("winmine.exe")
Peek.ReadStruct dwProgId, dwBoardInfo, VarPtr(BoardInfo)
Text15.Text = BoardInfo.Mines
Text16.Text = BoardInfo.Width
Text17.Text = BoardInfo.Height
End Sub
'
' Write Memory Structure Example
'
'
Private Sub Command10_Click()
Dim dwProgId As Long
BoardInfo.Mines = Text18.Text
BoardInfo.Width = Text19.Text
BoardInfo.Height = Text20.Text
dwProgId = Proc.GetProcessIdByName("winmine.exe")
Poke.WriteStruct dwProgId, dwBoardInfo, VarPtr(BoardInfo)
End Sub
'
' ScanForBytes Example
'
'
Private Sub Command11_Click()
Dim dwProcId As Long
Dim dwAddress As Long
dwProcId = Proc.GetProcessIdByName("winmine.exe")
dwAddress = Misc.ScanForBytes(dwProcId, "user32.dll", 0, ByteArray(&H60, &H2E, &H64, &H61, &H74, &H61))
'
' The above code will scan inside of winmine.exe inside the code block
' for user32.dll looking for the ".data" entry and return the address
' where the byte array start was located.
'
' Show Results
Text23.Text = Hex(dwAddress)
End Sub
---------
ModApi.bas
Code :
Attribute VB_Name = "modAPI"
Option Explicit
'----------------------------------------------------------
' modAPI
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'----------------------------------------------------------
'
' Contains the API, Constants, Types, and such used
' throughout the various files included with this
' package. (You need this file to use the others.)
'
' This file also contains some functions that are used
' inside functions but will also be needed by the user
' when making a trainer.
'
'----------------------------------------------------------
' Misc. Constants
Public Const MAX_PATH = 260
' Process Entry Type
Public Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * MAX_PATH
End Type
' Module Entry Type
Public Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
hModule As Long
szModule As String * 256
szExePath As String * MAX_PATH
End Type
' CreateToolhelp32Snapshot Constants
Public Const TH32CS_SNAPMODULE = &H8
Public Const TH32CS_SNAPHEAPLIST = &H1
Public Const TH32CS_SNAPPROCESS = &H2
Public Const TH32CS_SNAPTHREAD = &H4
Public Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST + TH32CS_SNAPPROCESS + TH32CS_SNAPTHREAD + TH32CS_SNAPMODULE)
' Process Access Constants
Public Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Public Const PROCESS_VM_READ = &H10&
Public Const PROCESS_QUERY_INFORMATION = &H400
' Memory Access Constants
Public Const MEM_DECOMMIT = &H4000
Public Const MEM_RELEASE = &H8000
Public Const MEM_COMMIT = &H1000
Public Const MEM_RESERVE = &H2000
Public Const MEM_RESET = &H80000
Public Const MEM_TOP_DOWN = &H100000
Public Const PAGE_READONLY = &H2
Public Const PAGE_READWRITE = &H4
Public Const PAGE_EXECUTE = &H10
Public Const PAGE_EXECUTE_READ = &H20
Public Const PAGE_EXECUTE_READWRITE = &H40
Public Const PAGE_GUARD = &H100
Public Const PAGE_NOACCESS = &H1
Public Const PAGE_NOCACHE = &H200
' Process Access API
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
' Process Enumeration API
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Long
Public Declare Function Module32First Lib "kernel32" (ByVal hSnapshot As Long, lpMe32 As MODULEENTRY32) As Long
Public Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As Long, lpMe32 As MODULEENTRY32) As Long
' Memory Manipulation API
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, pSrc As Any, ByVal ByteLen As Long)
Public Declare Function VirtualProtectEx Lib "kernel32.dll" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
'------------------------------------------------------------------------------
'
' ScanForBytes Functions -- Needed Outside Of Class Module --
'
'------------------------------------------------------------------------------
'//
' @Function: GetArrayDimensions
' @Purpose : Gets the given arrays size.
'
' Thanks To: http://vbnet.mvps.org/index.html?code/helpers/getarraydims.htm
'\\
Public Function GetArrayDimensions(ByVal arrPtr As Long) As Integer
Dim Address As Long
CopyMemory Address, ByVal arrPtr, ByVal 4
If Address <> 0 Then
CopyMemory GetArrayDimensions, ByVal Address, 2
End If
End Function
'//
' @Function: VarPtrArray
' @Purpose : Returns the pointer to an array. (Used when calling GetArrayDimensions.)
'
' Thanks To: http://vbnet.mvps.org/index.html?code/helpers/getarraydims.htm
'\\
Public Function VarPtrArray(arr As Variant) As Long
CopyMemory VarPtrArray, ByVal VarPtr(arr) + 8, ByVal 4
End Function
'//
' @Function: ByteArray
' @Purpose : Creates an array of bytes used inside of ScanForBytes that can be passed as a param.
'
' Thanks To: http://www.cpearson.com/excel/VBAArrays.htm
'\\
Public Function ByteArray(ParamArray vArray() As Variant) As Byte()
Dim vValues() As Variant '// Original Values
Dim bArray() As Byte '// Converted Array
'// Copy Original Array To vValues
vValues = vArray
'// Check If The Array Has Values
If (GetArrayDimensions(VarPtrArray(vValues())) > 0) And (UBound(vValues) >= 0) Then
Dim x As Long
'// Redim the bArray To The Size Of Our Variant Array
ReDim bArray(UBound(vValues) - LBound(vValues)) As Byte
For x = LBound(vValues) To UBound(vValues)
bArray(x) = CByte(vValues(x)) '// Convert Value To Byte And Store It In New Array
Next x
'// Return The New Byte Array
ByteArray = bArray
Else
'// Byte Array Was Empty
Exit Function
End If
End Function
---------------
clsProcess_Access.cls
Code :
VERSION 1.0 CLASS
BEGIN
MultiUse = -1 'True
Persistable = 0 'NotPersistable
DataBindingBehavior = 0 'vbNone
DataSourceBehavior = 0 'vbNone
MTSTransactionMode = 0 'NotAnMTSObject
END
Attribute VB_Name = "clsProcess_Access"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = True
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Option Explicit
'----------------------------------------------------------
' clsProcess_Access
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'----------------------------------------------------------
'
' Contains useful functions to obtain information of
' a process. The following functions can be used
' to obtain information:
'
'----------------------------------------------------------
'
' | GetProcessIdByName
' +-- Grabs the process id from the process name.
' | GetProcessWndByName
' +-- Grabs the process hwnd from the process name.
' | GetProcessIdFromWindowTitle
' +-- Grabs the process id from the window title.
' | GetProcessNameFromWindowTitle
' +-- Grabs the process name from the window title.
' | GetProcessNameFromProcessId
' +-- Grabs the process name from the process id.
'
' | GetModuleBaseFromProcessName
' +-- Grabs the module base address from the process name.
' | GetModuleSizeFromProcessName
' +-- Grabs the module base size from the process name.
'
'----------------------------------------------------------
'
' These functions are setup to use each other to grab
' all the data that is needed for most hacking programs
' such as trainers. I have written just these so far which
' should be enough to get any of the above info based on
' what you know of the process already. You can use each
' function with each other to obtain info such as:
'
' Knowing the process title, and needing the process hwnd.
' 1. Call GetProcessNameFromWindowTitle
' 2. Call GetProcessWndByName
'----------------------------------------------------------
'##################################################################################
'##################################################################################
'##################################################################################
'-------------------------------------------------------------------------------------------
' Process Returns
'
' The following section of code contains functions used to obtain
' process information such as the hWnd or the ProcId of the process.
'-------------------------------------------------------------------------------------------
'//
' @Function: GetProcessIdByName
' @Purpose : Returns the process Id of the given process name.
'\\
Public Function GetProcessIdByName(ByVal szProcessName As String) As Long
Dim pe32 As PROCESSENTRY32
Dim hSnapshot As Long
Dim bFoundProc As Boolean
Dim dwProcId As Long
dwProcId = 0
pe32.dwSize = Len(pe32)
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
bFoundProc = Process32First(hSnapshot, pe32)
Do While bFoundProc
If Right$(LCase$(Left$(pe32.szexeFile, InStr(1, pe32.szexeFile, Chr(0)) - 1)), Len(szProcessName)) = LCase$(szProcessName) Then
dwProcId = pe32.th32ProcessID
Exit Do
End If
bFoundProc = Process32Next(hSnapshot, pe32)
Loop
Call CloseHandle(hSnapshot)
GetProcessIdByName = dwProcId
End Function
'//
' @Function: GetProcessWndByName
' @Purpose : Returns the process hWnd of the given process name.
'\\
Public Function GetProcessWndByName(ByVal szProcessName As String) As Long
Dim dwProcId As Long
dwProcId = GetProcessIdByName(szProcessName)
If dwProcId = 0 Then
GetProcessWndByName = 0
Exit Function
End If
Dim dwProcWnd As Long
dwProcWnd = OpenProcess(PROCESS_ALL_ACCESS, False, dwProcId)
Call CloseHandle(dwProcId)
GetProcessWndByName = dwProcWnd
End Function
'//
' @Function: GetProcessIdFromWindowTitle
' @Purpose : Returns the process id of the given window title.
'\\
Public Function GetProcessIdFromWindowTitle(ByVal szWindowTitle As String) As Long
Dim dwProcWnd As Long
dwProcWnd = FindWindow(vbNullString, szWindowTitle)
If dwProcWnd = 0 Then
GetProcessIdFromWindowTitle = 0
Exit Function
End If
Dim dwProcId As Long
Call GetWindowThreadProcessId(dwProcWnd, dwProcId)
GetProcessIdFromWindowTitle = dwProcId
End Function
'//
' @Function: GetProcessNameFromWindowTitle
' @Purpose : Returns the process id of the given window title.
'\\
Public Function GetProcessNameFromWindowTitle(ByVal szWindowTitle As String) As String
Dim dwProcId As Long
dwProcId = GetProcessIdFromWindowTitle(szWindowTitle)
If dwProcId = 0 Then
GetProcessNameFromWindowTitle = 0
Exit Function
End If
Dim pe32 As PROCESSENTRY32
Dim hSnapshot As Long
Dim bFoundProc As Boolean
Dim szProcessName As String
pe32.dwSize = Len(pe32)
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
bFoundProc = Process32First(hSnapshot, pe32)
Do While bFoundProc
If pe32.th32ProcessID = dwProcId Then
szProcessName = Left$(pe32.szexeFile, InStr(1, pe32.szexeFile, Chr(0)) - 1)
End If
bFoundProc = Process32Next(hSnapshot, pe32)
Loop
Call CloseHandle(hSnapshot)
GetProcessNameFromWindowTitle = szProcessName
End Function
'//
' @Function: GetProcessNameFromProcessId
' @Purpose : Returns the process id of the given window title.
'\\
Public Function GetProcessNameFromProcessId(ByVal dwProcId As Long) As String
Dim pe32 As PROCESSENTRY32
Dim hSnapshot As Long
Dim bFoundProc As Boolean
Dim szProcessName As String
pe32.dwSize = Len(pe32)
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
bFoundProc = Process32First(hSnapshot, pe32)
Do While bFoundProc
If dwProcId = pe32.th32ProcessID Then
szProcessName = Left$(pe32.szexeFile, InStr(1, pe32.szexeFile, Chr$(0)) - 1)
Exit Do
End If
bFoundProc = Process32Next(hSnapshot, pe32)
Loop
Call CloseHandle(hSnapshot)
GetProcessNameFromProcessId = szProcessName
End Function
'-------------------------------------------------------------------------------------------
' Module Returns
'
' The following section of code contains functions used to obtain
' module information such as the size and base address of the loaded
' module inside the given process or window.
'-------------------------------------------------------------------------------------------
'//
' @Function: GetModuleBaseFromProcessName
' @Purpose : Returns the process Id of the given process name.
'\\
Public Function GetModuleBaseFromProcessName(ByVal szProcessName As String, ByVal szModuleName As String) As Long
Dim dwProcId As Long
dwProcId = GetProcessIdByName(szProcessName)
If dwProcId = 0 Then
GetModuleBaseFromProcessName = 0
Exit Function
End If
Dim me32 As MODULEENTRY32
Dim hSnapshot As Long
Dim bFoundModule As Boolean
Dim dwModuleBase As Long
me32.dwSize = Len(me32)
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcId)
bFoundModule = Module32First(hSnapshot, me32)
Do While bFoundModule
If LCase$(Left(me32.szModule, InStr(me32.szModule, Chr(0)) - 1)) = LCase$(szModuleName) Then
dwModuleBase = me32.modBaseAddr
Exit Do
End If
bFoundModule = Module32Next(hSnapshot, me32)
Loop
Call CloseHandle(hSnapshot)
GetModuleBaseFromProcessName = dwModuleBase
End Function
'//
' @Function: GetModuleSizeFromProcessName
' @Purpose : Returns the process Id of the given process name.
'\\
Public Function GetModuleSizeFromProcessName(ByVal szProcessName As String, ByVal szModuleName As String) As Long
Dim dwProcId As Long
dwProcId = GetProcessIdByName(szProcessName)
If dwProcId = 0 Then
GetModuleSizeFromProcessName = 0
Exit Function
End If
Dim me32 As MODULEENTRY32
Dim hSnapshot As Long
Dim bFoundModule As Boolean
Dim dwModuleSize As Long
me32.dwSize = Len(me32)
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcId)
bFoundModule = Module32First(hSnapshot, me32)
Do While bFoundModule
If LCase$(Left(me32.szModule, InStr(me32.szModule, Chr(0)) - 1)) = LCase$(szModuleName) Then
dwModuleSize = me32.modBaseSize
Exit Do
End If
bFoundModule = Module32Next(hSnapshot, me32)
Loop
Call CloseHandle(hSnapshot)
GetModuleSizeFromProcessName = dwModuleSize
End Function
-------------------
clsMemory_Write.cls
VERSION 1.0 CLASS
BEGIN
MultiUse = -1 'True
Persistable = 0 'NotPersistable
DataBindingBehavior = 0 'vbNone
DataSourceBehavior = 0 'vbNone
MTSTransactionMode = 0 'NotAnMTSObject
END
Attribute VB_Name = "clsMemory_Write"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = True
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Option Explicit
'----------------------------------------------------------
' clsMemory_Write
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'----------------------------------------------------------
'
' Contains useful functions to manipulate a processes
' memory. This class is used to allow you to write to
' the given processes memory.
'
'----------------------------------------------------------
'
' WriteProcessMemory
'
' | WriteMemory
' +-- Main write memory function that others are wrapped around.
' | WriteByte
' +-- Writes a 'byte' value to memory.
' | WriteInt
' +-- Writes an 'integer' value to memory.
' | WriteLong
' +-- Writes a 'long' value to memory.
' | WriteSingle
' +-- Writes a 'single' value to memory. (Float)
' | WriteDouble
' +-- Writes a 'double' value to memory. (Float)
' | WriteString
' +-- Writes a 'string' value to memory.
' | WriteStruct
' +-- Writes a 'structure' of data to memory.
'
'----------------------------------------------------------
'-------------------------------------------------------------------------------------------
' Write Process Memory Functions
'
' The first function is private as its a main parent function
' used for the other write memory functions. You can make it
' public and use it if you understand how to :)
'-------------------------------------------------------------------------------------------
Private Function WriteMemory(dwProcId As Long, dwAddress As Long, ByVal pValue As Long, ByVal dwLength As Long) As Boolean
If dwAddress = 0 Then
WriteMemory = False
Exit Function
End If
Dim procHandle As Long
procHandle = OpenProcess(PROCESS_ALL_ACCESS, False, dwProcId)
If procHandle = 0 Then
WriteMemory = False
Exit Function
End If
Dim dwReturned As Long
dwReturned = WriteProcessMemory(procHandle, ByVal dwAddress, ByVal pValue, dwLength, 0&)
Call CloseHandle(procHandle)
If dwReturned > 0 Then
WriteMemory = True
Else
WriteMemory = False
End If
End Function
'//
' @Function: WriteByte
' @Purpose : Writes the given byte value to the give address.
'\\
Public Function WriteByte(dwProcId As Long, dwAddress As Long, ByVal dwValue As Byte) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteByte = False
Exit Function
End If
If WriteMemory(dwProcId, dwAddress, VarPtr(dwValue), LenB(dwValue)) = False Then
WriteByte = False
Exit Function
End If
WriteByte = True
End Function
'//
' @Function: WriteInt
' @Purpose : Writes the given integer value to the give address.
'\\
Public Function WriteInt(dwProcId As Long, dwAddress As Long, ByVal dwValue As Integer) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteInt = False
Exit Function
End If
If WriteMemory(dwProcId, dwAddress, VarPtr(dwValue), LenB(dwValue)) = False Then
WriteInt = False
Exit Function
End If
WriteInt = True
End Function
'//
' @Function: WriteLong
' @Purpose : Writes the given long value to the give address.
'\\
Public Function WriteLong(dwProcId As Long, dwAddress As Long, ByVal dwValue As Long) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteLong = False
Exit Function
End If
If WriteMemory(dwProcId, dwAddress, VarPtr(dwValue), LenB(dwValue)) = False Then
WriteLong = False
Exit Function
End If
WriteLong = True
End Function
'//
' @Function: WriteSingle
' @Purpose : Writes the given single value to the give address.
'\\
Public Function WriteSingle(dwProcId As Long, dwAddress As Long, ByVal dwValue As Single) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteSingle = False
Exit Function
End If
If WriteMemory(dwProcId, dwAddress, VarPtr(dwValue), LenB(dwValue)) = False Then
WriteSingle = False
Exit Function
End If
WriteSingle = True
End Function
'//
' @Function: WriteDouble
' @Purpose : Writes the given double value to the give address.
'\\
Public Function WriteDouble(dwProcId As Long, dwAddress As Long, ByVal dwValue As Double) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteDouble = False
Exit Function
End If
If WriteMemory(dwProcId, dwAddress, VarPtr(dwValue), LenB(dwValue)) = False Then
WriteDouble = False
Exit Function
End If
WriteDouble = True
End Function
'//
' @Function: WriteString
' @Purpose : Writes the given string value to the give address.
'
' !!NOTE!!
'
' Due to issues with writing a string directly to memory, this
' function creates a byte array of the given string and then
' writes the array to memory instead. This is to prevent issues
' with some characters and to make this function light weight and
' easy to work with.
'
'\\
Public Function WriteString(dwProcId As Long, dwAddress As Long, ByVal dwValue As String) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteString = False
Exit Function
End If
Dim szByteArray() As Byte
ReDim szByteArray(Len(dwValue))
Dim x As Long
For x = 1 To UBound(szByteArray)
szByteArray(x - 1) = CByte(Asc(Mid$(dwValue, x, 1)))
Next x
If WriteMemory(dwProcId, dwAddress, VarPtr(szByteArray(0)), Len(dwValue)) = False Then
WriteString = False
Exit Function
End If
WriteString = True
End Function
Public Function WriteStruct(dwProcId As Long, dwAddress As Long, ByVal dwStruct As Long) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
WriteStruct = False
Exit Function
End If
' Create Fake Array For Size Correction
Dim fakeStruct As Variant
fakeStruct = VarPtr(dwStruct)
If WriteMemory(dwProcId, dwAddress, dwStruct, LenB(fakeStruct)) = False Then
WriteStruct = False
Exit Function
End If
WriteStruct = True
End Function
-----------------------------
clsMemory_Read.cls
Code :
VERSION 1.0 CLASS
BEGIN
MultiUse = -1 'True
Persistable = 0 'NotPersistable
DataBindingBehavior = 0 'vbNone
DataSourceBehavior = 0 'vbNone
MTSTransactionMode = 0 'NotAnMTSObject
END
Attribute VB_Name = "clsMemory_Read"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = True
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Option Explicit
'----------------------------------------------------------
' clsMemory_Read
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'----------------------------------------------------------
'
' Contains useful functions to manipulate a processes
' memory. This class is used to allow you to read from
' the given processes memory.
'
'----------------------------------------------------------
'
' ReadProcessMemory
'
' | ReadMemory
' +-- Main read memory function that others are wrapped around.
' | ReadByte
' +-- Reads a 'byte' value from memory.
' | ReadInt
' +-- Reads an 'integer' value from memory.
' | ReadLong
' +-- Reads a 'long' value from memory.
' | ReadSingle
' +-- Reads a 'single' value from memory. (Float)
' | ReadDouble
' +-- Reads a 'double' value from memory. (Float)
' | ReadString
' +-- Reads a 'string' value from memory.
' | ReadStruct
' +-- Reads a 'structure' of data from memory.
'
'----------------------------------------------------------
'-------------------------------------------------------------------------------------------
' Read Process Memory Functions
'
' The first function is private as its a main parent function
' used for the other read memory functions. You can make it
' public and use it if you understand how to :)
'-------------------------------------------------------------------------------------------
Private Function ReadMemory(dwProcId As Long, dwAddress As Long, ByVal pValue As Long, ByVal dwLength As Long) As Boolean
Dim procHandle As Long
If dwAddress = 0 Then
ReadMemory = False
Exit Function
End If
procHandle = OpenProcess(PROCESS_VM_READ, False, dwProcId)
If procHandle = 0 Then
ReadMemory = False
Exit Function
End If
Dim dwReturned As Long
dwReturned = ReadProcessMemory(procHandle, ByVal dwAddress, ByVal pValue, dwLength, 0&)
Call CloseHandle(procHandle)
If dwReturned > 0 Then
ReadMemory = True
Else
ReadMemory = False
End If
End Function
'//
' @Function: ReadByte
' @Purpose : Reads the given processes memory for a VB6 byte value.
'
' -Min Value: 0
' -Max Value: 255
'\\
Public Function ReadByte(dwProcId As Long, dwAddress As Long, dwStorage As Byte) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadByte = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, VarPtr(dwStorage), LenB(dwStorage)) = False Then
ReadByte = False
Exit Function
End If
ReadByte = True
End Function
'//
' @Function: ReadInt
' @Purpose : Reads the given processes memory for a VB6 integer value.
'
' -Min Value: -32768
' -Max Value: 32767
'\\
Public Function ReadInt(dwProcId As Long, dwAddress As Long, dwStorage As Integer) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadInt = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, VarPtr(dwStorage), LenB(dwStorage)) = False Then
ReadInt = False
Exit Function
End If
ReadInt = True
End Function
'//
' @Function: ReadLong
' @Purpose : Reads the given processes memory for a VB6 long value.
'
' -Min Value: -2,147,483,648
' -Max Value: 2,147,483,647
'\\
Public Function ReadLong(dwProcId As Long, dwAddress As Long, dwStorage As Long) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadLong = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, VarPtr(dwStorage), LenB(dwStorage)) = False Then
ReadLong = False
Exit Function
End If
ReadLong = True
End Function
'//
' @Function: ReadSingle
' @Purpose : Reads the given processes memory for a VB6 single value.
'
' -Min - Value: -3.402823e38
' -Max - Value: -1.401298e-45
' -Min + Value: 1.401298e-45
' -Max + Value: 3.402823e38
'\\
Public Function ReadSingle(dwProcId As Long, dwAddress As Long, dwStorage As Single) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadSingle = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, VarPtr(dwStorage), LenB(dwStorage)) = False Then
ReadSingle = False
Exit Function
End If
ReadSingle = True
End Function
'//
' @Function: ReadDouble
' @Purpose : Reads the given processes memory for a VB6 double value.
'
' -Min - Value: -1.79769313486232e308
' -Max - Value: -4.94065645841247e-324
' -Min + Value: 4.94065645841247e-324
' -Max + Value: 1.79769313486232e308
'\\
Public Function ReadDouble(dwProcId As Long, dwAddress As Long, dwStorage As Double) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadDouble = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, VarPtr(dwStorage), LenB(dwStorage)) = False Then
ReadDouble = False
Exit Function
End If
ReadDouble = True
End Function
'//
' @Function: ReadString
' @Purpose : Reads the given processes memory for a string value.
'
' !!NOTE!!
'
' Unicode strings get seperated with a null character between each letter.
' To defeat this I have added a for loop to skip the null termination
' character, but, it will cause your read string to be 1 byte less then
' what it should be due to counting the last null char as one of the
' bytes you have requested to read.
'
'\\
Public Function ReadString(dwProcId As Long, dwAddress As Long, ByRef dwStorage As String, dwSize As Long, Optional bIsUnicode = False) As Boolean
If dwProcId = 0 Or dwAddress = 0 Or dwSize = 0 Then
ReadString = False
Exit Function
End If
Dim szByteArray() As Byte
ReDim szByteArray(dwSize) As Byte
If ReadMemory(dwProcId, dwAddress, VarPtr(szByteArray(0)), dwSize) = False Then
ReadString = False
Exit Function
End If
If bIsUnicode = True Then
Dim szNewArray() As Byte
Dim iSkipped As Integer
Dim x As Long
ReDim szNewArray(UBound(szByteArray) + 1)
For x = 0 To UBound(szByteArray)
If szByteArray(x) <> 0 Then
szNewArray(x - iSkipped) = szByteArray(x)
Else
iSkipped = iSkipped + 1
End If
Next x
dwStorage = StrConv(szNewArray, vbUnicode)
Else
dwStorage = StrConv(szByteArray, vbUnicode)
End If
ReadString = True
End Function
'//
' @Function: ReadStruct
' @Purpose : Reads the given processes memory with the size of a structure.
'
' !!NOTE!!
'
' Due to some unknown reason at this time, this may cause your trainer to
' crash unexpectingly. Please use with caution!! (I will try to fix the issue.)
'
'\\
Public Function ReadStruct(dwProcId As Long, dwAddress As Long, ByVal dwStruct As Long) As Boolean
If dwProcId = 0 Or dwAddress = 0 Then
ReadStruct = False
Exit Function
End If
' Create Fake Array For Size Correction
Dim fakeArray As Variant
fakeArray = VarPtr(dwStruct)
If ReadMemory(dwProcId, dwAddress, dwStruct, LenB(fakeArray)) = False Then
ReadStruct = False
Exit Function
End If
ReadStruct = True
End Function
'//
' @Function: ReadStructEx
' @Purpose : Reads the given processes memory with the size of a structure.
'
' This is an extension of the original ReadStruct function. This allows you
' to set the structure size yourself which is useful when searching for a
' byte array. (This function is used with the ScanForBytes function.)
'
' !!NOTE!!
'
' Due to some unknown reason at this time, this may cause your trainer to
' crash unexpectingly. Please use with caution!! (I will try to fix the issue.)
'
'\\
Public Function ReadStructEx(dwProcId As Long, dwAddress As Long, ByVal dwStruct As Long, ByVal dwLength As Long) As Boolean
If dwProcId = 0 Or dwAddress = 0 Or dwLength = 0 Then
ReadStructEx = False
Exit Function
End If
If ReadMemory(dwProcId, dwAddress, dwStruct, dwLength) = False Then
ReadStructEx = False
Exit Function
End If
ReadStructEx = True
End Function
--------------------------------
clsMemory_Misc.cls
Code :
VERSION 1.0 CLASS
BEGIN
MultiUse = -1 'True
Persistable = 0 'NotPersistable
DataBindingBehavior = 0 'vbNone
DataSourceBehavior = 0 'vbNone
MTSTransactionMode = 0 'NotAnMTSObject
END
Attribute VB_Name = "clsMemory_Misc"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = True
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Option Explicit
'----------------------------------------------------------
' clsMemory_Misc
' Written By: Wiccaan
' Written On: Sept. 6, 2007
'----------------------------------------------------------
'
' Contains extra memory management functions that can
' be useful when reading and writing to memory.
'
'----------------------------------------------------------
'
' | SetMemoryAccess
' +-- Allows you to alter the memory access of the given memory region.
'
' | ScanForBytes
' +-- Scans a process at a given module memory section for a byte array.
'
'----------------------------------------------------------
'//
' @Function: SetMemoryAccess
' @Purpose : Allows you to alter the memory access of the given region of memory.
'
' !!NOTE!!
'
' If you are not exact with the size and address you can cause the process to
' crash! Double check your values before using this function!!
'
'\\
Public Function SetMemoryAccess(dwProcId As Long, dwAddress As Long, ByVal dwSize As Long, ByVal lpNewAccess As Long, ByVal lpOldAccess As Long) As Boolean
Dim procHandle As Long
procHandle = OpenProcess(PROCESS_ALL_ACCESS, False, dwProcId)
If procHandle = 0 Then
SetMemoryAccess = False
Exit Function
End If
Dim dwReturn As Long
Dim dwOldAcc As Long
dwReturn = VirtualProtectEx(procHandle, ByVal dwAddress, dwSize, lpNewAccess, dwOldAcc)
If dwReturn > 0 Then
Call CloseHandle(procHandle)
lpOldAccess = dwOldAcc
SetMemoryAccess = True
Else
lpOldAccess = 0
SetMemoryAccess = False
End If
End Function
'-----------------------------------------------------
' Byte Scanner Code
'
' The below code is used for scanning for a
' bytearray inside a given process. There are
' a few private functions that are used to make
' this work.
'-----------------------------------------------------
'//
' @Function: ScanForBytes
' @Purpose : Scans a given process for an array of bytes.
'
' This function helps out when finding dynamic addresses
' commonly used in games that use code shifting that use
' a DLL or other module for certain values in memory.
'
' DLL Base + Offset = Address // Finding An Address
' Address - DLL Base = Offset // Creating An Offset
'
' Also with this, you can set iByteOffset to step
' a certain amount of bytes ahead or backward from
' the found address for the return value to point
' to where you wish. (Useful for pointers.)
'
'\\
Public Function ScanForBytes(dwProcId As Long, dwModule As String, iByteOffset As Long, dwByteArray() As Byte) As Long
If dwProcId = 0 Or dwModule = "" Then
ScanForBytes = 0
Exit Function
End If
'// Get Module Base And Size
Dim Proc As New clsProcess_Access
Dim modBase As Long
Dim modSize As Long
modBase = Proc.GetModuleBaseFromProcessName(Proc.GetProcessNameFromProcessId(dwProcId), dwModule)
modSize = Proc.GetModuleSizeFromProcessName(Proc.GetProcessNameFromProcessId(dwProcId), dwModule)
'// Make Sure The Array Has Values
If (GetArrayDimensions(VarPtrArray(dwByteArray())) > 0) And (UBound(dwByteArray()) >= 0) Then
'// Make An Array For The Memory Dump And Rebind It To The Size Of The Module
Dim arrMemory() As Byte
ReDim arrMemory(modSize) As Byte
'// Read The Given Modules Memory Space
Dim Peek As New clsMemory_Read
Peek.ReadStructEx dwProcId, modBase, VarPtr(arrMemory(0)), (LenB(arrMemory(0)) * UBound(arrMemory) - LBound(arrMemory))
'// Convert Variables As Needed For Searching String
Dim strMemory As String
Dim strArray As String
strMemory = arrMemory
strArray = dwByteArray
'// Start Search
Dim lngMemloc As Long
Dim lngOffset As Long
Dim Beasdf As Byte
Beasdf = arrMemory(0)
lngOffset = InStrB(1, arrMemory, dwByteArray)
If lngOffset > 0 Then
lngOffset = lngOffset - 1 '// Realign Offset
lngMemloc = (modBase + lngOffset) + iByteOffset '// Create Return Memloc
ScanForBytes = lngMemloc
Else
'// No Memloc Found
ScanForBytes = 0
End If
Else
'// dwByteArray Was Empty
ScanForBytes = 0
End If
End Function
0 comments:
Posting Komentar