/
Solve.BreakME.0x1.c
52 lines (44 loc) · 1.48 KB
/
Solve.BreakME.0x1.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/**/
//@Solve.BreakME.0x1
//@Toufik Airane
//@2013.10
/**/
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <TlHelp32.h>
int GetProcessToPid(char *name) {
PROCESSENTRY32 ProcessEntry = { 0 };
ProcessEntry.dwSize = sizeof(PROCESSENTRY32);
HANDLE Snapshot32Process = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(Snapshot32Process == INVALID_HANDLE_VALUE) {
printf("Invalid Handle Value");
exit(EXIT_FAILURE);
}
if(!Process32First(Snapshot32Process, &ProcessEntry)) {
printf("Process First Failed");
CloseHandle(Snapshot32Process);
exit(EXIT_FAILURE);
}
do {
char *ExeFile = ProcessEntry.szExeFile;
if(strcmp(name, ExeFile)==0)
return ProcessEntry.th32ProcessID;
} while (Process32Next(Snapshot32Process, &ProcessEntry));
CloseHandle(Snapshot32Process);
return 0;
}
int main(int argc, char *argv[]) {
if(argc!=2) exit(EXIT_FAILURE);
int pid = GetProcessToPid(argv[1]);
printf("[#] PID du CrackMe : %d\n", pid);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if(hProcess==NULL) { printf("OpenProcess() : KO\n"); exit(EXIT_FAILURE); }
DWORD buffer, taille;
if(!(ReadProcessMemory(hProcess, (LPDWORD) 0x0028FF40, &buffer, sizeof(DWORD), &taille))) { // la seule difficultée est l'adresse du stack
printf("ReadProcessMemory() : KO\n"); exit(EXIT_FAILURE); // que l'on récupère via le debugger
}
printf("[#] La key est : %d\n", buffer);
close(hProcess);
return 0;
}