forked from Mr-Un1k0d3r/EDRs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdumpbytes.c
39 lines (29 loc) · 922 Bytes
/
dumpbytes.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#include <Windows.h>
#include <stdio.h>
#include <tlhelp32.h>
VOID ListLoadedDlls() {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0);
MODULEENTRY32 me32;
me32.dwSize = sizeof(MODULEENTRY32);
printf("Listing loaded modules inside process PID %d\n------------------------------------------\n", GetCurrentProcessId());
if(Module32First(hSnap, &me32)) {
do {
printf("%s is loaded at 0x%p.\n", me32.szExePath, me32.modBaseAddr);
} while(Module32Next(hSnap, &me32));
}
CloseHandle(hSnap);
}
int main(int argc, char **argv) {
DWORD dwSize = atoi(argv[1]);
CHAR *dll = argv[2];
CHAR *func = argv[3];
FARPROC ptr = GetProcAddress(LoadLibrary(dll),func);
printf("%s!%s found at 0x%p\n", dll, func, ptr);
CHAR *data = ptr;
ListLoadedDlls();
DWORD i = 0;
for(i; i < dwSize; i++) {
printf("%02x", (unsigned char)data[i]);
}
return 0;
}