win32获取其它进程变量地址存放的信息

本文说明已知其它进程变量所在地址，如何读取此进程变量地址所保存的信息

Win32ReadMemTest的代码如下

#include "stdafx.h"
#include "windows.h"
int add(int a,int b);
typedef int (*func)(int,int);
int _tmain(int argc, _TCHAR* argv[])
{
    DWORD number=10000;
    DWORD *ptr=&number;
    func myfunc=NULL;
    myfunc=add;
    printf("%p: %d\n",ptr,*ptr);
    printf("func address:%p\n",myfunc);
    
    system("pause");
    return 0;
}
int add(int a,int b)
{
    return a+b;
}

运行Win32ReadMemTest
就会显示ptr的地址：0x002df914

/************************************************************
FileName:win32SystemInfo
Version : 
Date:2013.01.30
Description: //本模块说明
已知其它进程变量所在地址，如何读取其它进程变量地址所保存的信息
<author> 
hbb0b0@163.com
</author>
***********************************************************/
#include "stdafx.h"
#include "windows.h"
#include "stdlib.h"
//typedef int (*func)(int,int);
int _tmain(int argc, _TCHAR* argv[])
{
    //窗口句柄
    HWND hwnd=NULL;
    //线程pid
    DWORD pId;
    //进程句柄
    HANDLE hProcess;
    //其他程序的变量基地址
    LPVOID lpBaseAddress=(LPVOID)0x002df914;
    //LPVOID lpFunctBaseAddres=(LPVOID)0x0108109B;
    DWORD lpbuffer;
    //func funAdd=NULL;
    DWORD dwordResult;
    BOOL boolResult;
    int funcResult=0;
    //获取一个窗口句柄
    hwnd=FindWindowA("ConsoleWindowClass","E:\\Hbb0b0\\Program\\vs2012\\sqlite3\\Debug\\Win32ReadMemTest.exe");
    if(!hwnd)
    {
        printf("%s\n","can't find thread hwnd!");
        return 0;
    }

    dwordResult= GetWindowThreadProcessId(hwnd,&pId);
    if(!dwordResult)
    {
        printf("%s\n","can't find thread pId!");
        return 0;
    }

    hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pId);
    if(!hProcess)
    {
        printf("%s\n","can't find processId!");
        return 0;
    }
    //读取指定进程某个地址的信息
    ReadProcessMemory(hProcess,lpBaseAddress,(void*)&lpbuffer,sizeof(DWORD),0 );

    printf("%d",lpbuffer);

    //ReadProcessMemory(hProcess,lpFunctBaseAddres,(void*)funAdd,sizeof(func),0 );

    //funcResult=    funAdd(10,5);
    //printf("%d",funcResult);
    return 0;
}