// name.exe PID IMAGE-BASE IMAGE-SIZE
// E.g. ReadProcMem.exe 1234 DE0000 4F000
// base and size are in Hex

#include <windows.h>
#include <stdio.h>
#include <io.h>

int main(int argc, char ** argv)
{
	unsigned int base = 0, size = 0;
	SIZE_T bytes_r = 0, bytes_w = 0;

	sscanf(argv[2], "%x", &base);
	sscanf(argv[3], "%x", &size);
	unsigned char * buf = (unsigned char *) calloc(size, 1);

	HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, (DWORD)atoi(argv[1]));
	ReadProcessMemory(hProcess, (LPCVOID) base, buf, size, &bytes_r);

	printf("Requested size = %x, Read size = %x\n\n", size, bytes_r);

	
	HANDLE hFile = CreateFile(TEXT("img_dump.exe"),    
					GENERIC_READ|GENERIC_WRITE,          
					0,       
					NULL,                  
					OPEN_ALWAYS,         
					FILE_ATTRIBUTE_NORMAL, 
					NULL);                 

	WriteFile(hFile, buf, size,	&bytes_w, NULL);
	 
	CloseHandle(hFile);

	printf("Wrote %x bytes\n\n", bytes_w);

    return 0;
}