Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Dumping a file

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Fri Jun 29, 2012 12:19 am    Post subject: Dumping a file Reply with quote
Each time I try to dump processes memory, I end up with "Its not a valid win32 application".

But I can't see what it is i'm doing wrong, so can somebody out it out?

Code:

void CreateDump ()
{
   system ( "PAUSE" );

   // Obtain the base and end address of the module
   DWORD dwBase = (DWORD) GetModuleHandle (0);
   DWORD dwEnd  = 0;

   // Obtain the base and end address of the module
   HANDLE hSnapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPALL, 0 );

   MODULEENTRY32 ME;
   ME.dwSize = sizeof ( MODULEENTRY32 );

   if ( Module32First ( hSnapshot, &ME ) )
   {
      if ( !strcmp ( ME.szModule, "Testing Application.exe" ) )
      {
         dwBase = (DWORD) ME.modBaseAddr;
         dwEnd  = dwBase + (DWORD) ME.modBaseSize;
      }

      while ( Module32Next ( hSnapshot, &ME) )
      {
         if ( !strcmp ( ME.szModule, "Testing Application.exe" ) )
         {
            dwBase = (DWORD) ME.modBaseAddr;
            dwEnd  = dwBase + (DWORD) ME.modBaseSize;
         }
      }
   }

   // Create our file
   HANDLE hFile = CreateFile ( "C:\\Test.exe", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0 );

   if ( !hFile )
      cout << "Handle failed" << endl;

   DWORD dwBytes;

   // Begin reading
   BYTE * Memory;
   Memory = new BYTE [ dwEnd - dwBase - 1 ];
   memcpy ( Memory, (void*) dwBase, dwEnd - dwBase - 1 );

    WriteFile ( hFile, Memory, dwEnd - dwBase - 1, &dwBytes, NULL );

   CloseHandle ( hFile );
}
Back to top
View user's profile Send private message MSN Messenger
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Fri Jun 29, 2012 3:53 am    Post subject: Reply with quote
lol of course that is not how you dump a file. you seem to be under the impression that a file can be dumped by simply writing all the memory bytes into a file. in practice, you have lost a lot of information. let me list a few so you can research how to properly reconstruct a file:

- PE header and file format specific informatino
- section information and section header tables which include relocation information (e.g. where should each section be based at)
- symbol table, dynamic symbol table

performing such a dump is a non-trivial task but certainly it is possible. you just need to read up on the PE file specification. what is your motivation for doing something like this? there may be a better way to achieve whatever you are trying to do
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites