EnumProcesses help? :/
Posted: Wed Mar 08, 2006 10:39 am
hey again, i've hooked WriteProcessMemory with madCodeHook and i'm trying to get the program to show me what processes it's writing to, so i'm using madRemote's EnumProcesses and it keeps returning "[System Process]" is there anything i can do about that?
this is my code:
this is my code:
Code: Select all
library XGBR;
{$R 'RSRC.res' 'RSRC.RC'}
Uses
Windows, madCHook, madRemote;
var
realWriteProcessMemory: function(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL; stdcall;
function GetProcessFileName(hProcess: THandle) : string;
var i1 : integer;
pl : TDAProcess;
processId: dword;
begin
processId := ProcessHandleToId(hProcess);
result := '';
pl := EnumProcesses;
for i1 := 0 to high(pl) do
if pl[i1].id = processId then begin
result := pl[i1].exeFile;
break;
end;
end;
function hookWriteProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL; stdcall;
var
FileName: string;
begin
FileName := GetProcessFileName(hProcess);
MessageBoxA(0, pchar(FileName), 'Debug', MB_OK);
Result := realWriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten);
end;
begin
if (HookApi('kernel32.dll', 'WriteProcessMemory', @hookWriteProcessMemory, @realWriteProcessMemory, MIXTURE_MODE) = False) then MessageBoxA(0, 'HookApi(WriteProcessMemory Failed.', 'Error.', MB_OK);
end.