VeduMemory/VeduMemory.h at master · dev-veteran/VeduMemory · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#pragma once
#include <cstdio>
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>

#define NT_SUCCESS(x) ((x) >= 0)

typedef NTSTATUS(NTAPI* _NtWriteVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, LPCVOID Buffer, ULONG NumberOfBytesToWrite, PULONG NumberOfBytesWritten);
_NtWriteVirtualMemory NtWriteVirtualMemory = (_NtWriteVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtWriteVirtualMemory");

typedef NTSTATUS(NTAPI* _NtReadVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToRead, PULONG NumberOfBytesRead);
_NtReadVirtualMemory NtReadVirtualMemory = (_NtReadVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtReadVirtualMemory");

namespace VeduMemory
{
	namespace Externals
	{
		HANDLE processHandle;
		DWORD processID;
	}

	namespace KernelMode
	{
		template <class dataType>
		dataType Read(DWORD addressToRead)
		{
			dataType rpmBuffer;
			NtReadVirtualMemory(Externals::processHandle, (PVOID)addressToRead, &rpmBuffer, sizeof(dataType), 0);
			return rpmBuffer;
		}

		template <class dataType>
		void Write(DWORD addressToWrite, dataType ValueToWrite)
		{
			DWORD oldProtect = 0;
			NTSTATUS Status = 0;
			VirtualProtectEx(Externals::processHandle, (PVOID)addressToWrite, sizeof(dataType), PAGE_EXECUTE_READWRITE, &oldProtect);

			if (!NT_SUCCESS(Status = NtWriteVirtualMemory(Externals::processHandle, (PVOID)addressToWrite, &ValueToWrite, sizeof(dataType), NULL)))
				std::cout << Status << std::endl;

			VirtualProtectEx(Externals::processHandle, (PVOID)addressToWrite, sizeof(dataType), oldProtect, NULL);
		}

		template <class dataType>
		void Write(DWORD addressToWrite, dataType* ValueToWrite)
		{
			DWORD oldProtect = 0;
			NTSTATUS Status = 0;
			VirtualProtectEx(Externals::processHandle, (PVOID)addressToWrite, sizeof(dataType), PAGE_EXECUTE_READWRITE, &oldProtect);

			if (!NT_SUCCESS(Status = NtWriteVirtualMemory(Externals::processHandle, (PVOID)addressToWrite, ValueToWrite, sizeof(dataType), NULL)))
				std::cout << Status << std::endl;

			VirtualProtectEx(Externals::processHandle, (PVOID)addressToWrite, sizeof(dataType), oldProtect, NULL);
		}
	}

	namespace UserMode
	{
		template <typename T>
		T Read(SIZE_T targetAddress) {
			T Buffer;
			ReadProcessMemory(Externals::processHandle, (LPCVOID)targetAddress, &Buffer, sizeof(T), NULL);
			return Buffer;
		}

		template <typename T>
		void Write(SIZE_T targetAddress, T Buffer) {
			WriteProcessMemory(Externals::processHandle, (LPVOID)targetAddress, &Buffer, sizeof(Buffer), NULL);
		}

		uintptr_t GetModuleAddress(const char* moduleName)
		{
			HANDLE snapshotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, Externals::processID);
			if (snapshotHandle != INVALID_HANDLE_VALUE)
			{
				MODULEENTRY32 modEntry;
				modEntry.dwSize = sizeof(modEntry);
				if (Module32First(snapshotHandle, &modEntry))
				{
					do {
						if (!strcmp(modEntry.szModule, moduleName))
						{
							CloseHandle(snapshotHandle);
							return (uintptr_t)modEntry.modBaseAddr;
						}
					} while (Module32Next(snapshotHandle, &modEntry));
				}
			}
			return FALSE;
		}
	}
}