Search code examples
c++fstreamofstream

File dumping from Binary issue

I'm trying to code a dump tool and There is a file in memory at a pacific address that holds a file with 41mb's in file size. I'm trying to write that file with the file size to the directory. Any advice or opinions you can provide much appreciation.

I've tried this...

Here is my updated code:

 #include <Windows.h>
 #include <stdio.h>
 #include <iostream>
 #include <fstream>

 int sizevalue = 43.417254; // size of file
 DWORD address = 0x43417254;
 char Wfilename[14] = "cartfile.dat";
 char Rfilename[14] = "cartfile.dat";

 //entry
 int main(int argc, char* argv[])
 {
 HWND hwnd = FindWindowA(NULL, "gametutorial");

 if (hwnd == NULL)
 {
 cout << "Cannot find window." << endl;
 Sleep(3000);
 exit(-1);
 }
 else
 {
 DWORD procID;
 GetWindowThreadProcessId(hwnd, &procID);
 HANDLE handle = OpenProcess(PROCESS_VM_READ, PROCESS_VM_WRITE, procID);
 if (procID == NULL)
 {
 cout << "Cannot obtain process." << endl;
 Sleep(3000);
 exit(-1);
 }
 else
 {

 for (;;)
 {
 if (GetAsyncKeyState(VK_F10))
 {
 printf("Dumping cartfile now... \n");
 ofstream outputStream("cartfile.dat", ios::out | ios::binary);
 if (outputStream.is_open())
 {
 std::cout << "file opened okay\n";
 }
 else
 {
 std::cout << "Error opening file\n";
 }
    ReadProcessMemory_(handle, (void*)address, &sizevalue, Rfilename, 
    sizeof(sizevalue), 0);
    WriteProcessMemory_(handle, (void*)address, &sizevalue, Wfilename, 
 sizeof(sizevalue), 0); 
 0);
 outputStream.close();
 system("pause");
 return 0;
 }
 Sleep(1);
 }
 }
 }
 }

 BOOL WriteProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID 
 lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
 {
 return 0;
 }

 BOOL ReadProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID 
 lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
 {
 return 0;
 }

Here is my header file...

#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header

BOOL WriteProcessMemory_(
HANDLE  hProcess,
LPVOID  lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T  nSize,
SIZE_T* lpNumberOfBytesWritten
);

BOOL ReadProcessMemory_(
HANDLE  hProcess,
LPVOID  lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T  nSize,
SIZE_T* lpNumberOfBytesRead
);

But it still dumps the cartfile with 0 file size 0kb. So what now?

But it only dumps the Cartfile but it is 0 size. Which the bytes in the place in the binary holds a file with 41 mb's in file size. The file opens fine so I can open the file successfully. It must be something to do with the way it is writing the file and size of the file from the bytes in memory? So what Am I doing wrong?

Here is a pic of the results on how these bytes are 41mb's

Solution

  • Here is an example that writes 64k of memory from a running Notepad++ process. Perhaps you can adapt it to your needs.

    #include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
#include <vector>

void* GetBaseAddress(HANDLE processHandle)
{
    HMODULE hMods[1024];
    DWORD cbNeeded;
    if (EnumProcessModules(processHandle, hMods, sizeof(hMods), &cbNeeded))
    {
        return hMods[0];
    }
    return nullptr;
}

int main()
{
    HWND hwnd = FindWindowA(NULL, "new 1 - Notepad++");
    if (hwnd == NULL)
    {
        std::cout << "Cannot find window.\n";
        return -1;
    }

    DWORD procID;
    GetWindowThreadProcessId(hwnd, &procID);
    HANDLE handle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, procID);
    if (procID == NULL)
    {
        std::cout << "Cannot obtain process.\n";
        return -1;
    }

    for (;;)
    {
        if (GetAsyncKeyState(VK_F10))
        {
            // I don't have a fixed address so I just find the address of the first loaded module in the process.
            // You need to determine your address and replace this.
            void *address = GetBaseAddress(handle);

            // Resize this buffer to whatever the size is you need.
            std::vector<char> buffer(64 * 1024);

            SIZE_T bytesRead = 0;
            BOOL ret = ReadProcessMemory(handle, address, buffer.data(), buffer.size(), &bytesRead);
            if (!ret)
            {
                std::cout << "Error (" << GetLastError() << ") reading memory\n";
                return -1;
            }
            if (bytesRead != buffer.size())
            {
                std::cout << "Memory size mismatch. Requested " << buffer.size() << ", Received " << bytesRead << "\n";
                return -1;
            }

            std::ofstream out("memory.dat", std::ios::out | std::ios::binary);
            if (!out)
            {
                std::cout << "Error opening file\n";
                return -1;
            }
            out.write(buffer.data(), buffer.size());
            break;
        }
    }
    return 0;
}