1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
|
FORMAT PE GUI 4.0
entry start
include 'win32ax.inc'
; Structure pour VirtualQuery()
struct MEMORY_BASIC_INFORMATION
BaseAddress dd ?
AllocationBase dd ?
AllocationProtect dd ?
RegionSize dd ?
State dd ?
Protect dd ?
Type dd ?
ends
section '.data' data readable writeable
mbi MEMORY_BASIC_INFORMATION
hwnd dd ?
procid dd ?
phandle dd ?
procname db 'MonAppli',0
appname db 'TEST',0
noprocmsg db 'Veuillez lancer MonAppli !',0
scanaddr dd ?
buffmsg db ?
bytelu dd ?
buffer db ?
section '.code' code readable executable
start:
invoke FindWindowA,0,addr procname
cmp eax,0
je noprocess
mov [hwnd],eax
invoke GetWindowThreadProcessId,[hwnd], addr procid
invoke OpenProcess,PROCESS_ALL_ACCESS, 0, [procid]
mov [phandle],eax
mov [scanaddr],0
scan:
cmp [scanaddr],7FFFFFFFh
ja endscan
invoke VirtualQueryEx,[phandle],[scanaddr],mbi,4*7
cmp [mbi.State],MEM_COMMIT
jne incscan
invoke ReadProcessMemory,[phandle],[mbi.BaseAddress],buffer,[mbi.RegionSize],bytelu
invoke sprintf,buffmsg,"Adresse %x Taille %x Byte lu: %d",[mbi.BaseAddress],[mbi.RegionSize],[bytelu]
invoke MessageBox,0,buffmsg,appname,MB_OK
incscan:
mov eax,[scanaddr]
add eax,[mbi.RegionSize]
mov [scanaddr],eax
jmp scan
endscan:
invoke MessageBox,0,"Fin du scan !",appname,MB_OK
jmp exit
noprocess:
invoke MessageBox,0,noprocmsg,appname,MB_OK
jmp exit
exit:
invoke ExitProcess,0
section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL',\
user,'USER32.DLL',\
msvcrt,'MSVCRT.DLL'
import kernel,\
OpenProcess,'OpenProcess',\
VirtualQueryEx,'VirtualQueryEx',\
ReadProcessMemory,'ReadProcessMemory',\
WriteProcessMemory,'WriteProcessMemory',\
ExitProcess,'ExitProcess'
import user,\
FindWindowA,'FindWindowA',\
GetWindowThreadProcessId,'GetWindowThreadProcessId',\
MessageBox,'MessageBoxA'
import msvcrt,\
sprintf,'sprintf' |
Partager