c++搜索内存、修改内存

首先写一个是测试程序(game.exe)代码如下:

#include <windows.h>
#include <TLHELP32.H>
#include <stdio.h>
int g_nNum;
void main(int argc, char* argv[])
{
       int i=198;
       g_nNum=1003;
       while (1)
       {
           printf("i=%d,addr=%08lX;  g_nNum=%d,addr=%08lX\n",++i,&i,--g_nNum,&g_nNum);
           getchar();
       }
       return;
}

目的是要搜索和修改game.exe中i变量或者g_nNum变量的值代码如下:

  1 #include <windows.h>
  2 #include <stdio.h>
  3 BOOL CompareAPage(DWORD dwBaseAddr,DWORD dwValue);
  4 BOOL FindFirst(DWORD dwValue);//目标进程空间进行第一次查找
  5 BOOL FindNext(DWORD dwValue);//在目标进程地址空间第2、3、4 ...次查找
  6 DWORD g_arList[1024];//地址列表
  7 int g_nListCnt;//有效地址的个数
  8 HANDLE g_hProcess;//目标进程句柄
  9 BOOL CompareAPage(DWORD dwBaseAddr,DWORD dwValue)
 10 {
 11     BYTE arBytes[4096];
 12     if (!::ReadProcessMemory(g_hProcess,(LPVOID)dwBaseAddr,arBytes,4096,NULL))
 13     {
 14         return false;
 15     }
 16     DWORD * pdw;
 17     for (int i=0;i<(int)4*1024-3;i++)
 18     {
 19         pdw =(DWORD*)&arBytes[i];
 20         if (pdw[0]==dwValue)//等于要查找的值
 21         {
 22             if(g_nListCnt>=1024)
 23             {
 24                 return FALSE;
 25             }
 26             else
 27             {
 28                 g_arList[g_nListCnt++]=dwBaseAddr+i;
 29             }
 30         }
 31     }
 32     return true;
 33 }
 34 BOOL FindFirst(DWORD dwValue)
 35 {
 36     const DWORD dwOneGB=1024*1024*1024;
 37     const DWORD dwOnePage=4*1024;
 38     if (g_hProcess==NULL)
 39     {
 40         return FALSE; 
 41     }
 42     //查看操作系统类型,以决定开始地址
 43     DWORD dwBase;
 44     OSVERSIONINFO vi={sizeof(vi)
 45     };
 46     ::GetVersionEx(&vi);
 47     if (vi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)
 48     {
 49         dwBase=4*1024*1024;//windows98系列,4mb
 50     }
 51     else
 52     {
 53         dwBase=640*1024;//windowsNT系列,64kb
 54     }
 55     //在开始地址到2GB的地址空间进行查找
 56     for (;dwBase<2*dwOneGB;dwBase+=dwOnePage)
 57     {
 58         CompareAPage(dwBase,dwValue);
 59     }
 60     return TRUE;
 61 }
 62 void ShowList()
 63 {
 64     for (int i=0;i<g_nListCnt;i++)
 65     {
 66         printf("%08lX\n",g_arList[i]);
 67     }
 68 }
 69 BOOL FindNext(DWORD dwValue)
 70 {
 71     //保存m_arList数组中有效地址的个数,初始化新的m_nListCnt值
 72     int nOrgCnt=g_nListCnt;
 73     g_nListCnt=0;
 74     
 75     //在m_arList数组记录的地址处查找
 76     BOOL bRet=FALSE;//假设失败
 77     DWORD dwReadValue;
 78     for (int i=0;i<nOrgCnt;i++)
 79     {
 80         if (::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),NULL))
 81         {
 82             if (dwValue==dwReadValue)
 83             {
 84                 g_arList[g_nListCnt++]=g_arList[i];
 85                 bRet=TRUE;
 86             }
 87         }
 88     }
 89     return bRet;
 90 }
 91 BOOL WriteMemory(DWORD dwAddr,DWORD dwValue)
 92 {
 93     return ::WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);
 94 }
 95 int main()
 96 {
 97     char szFileName[]="game.exe";
 98     STARTUPINFO si={sizeof(si)};
 99     PROCESS_INFORMATION pi;
100     ::CreateProcess(NULL,szFileName,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
101     ::CloseHandle(pi.hThread);
102     g_hProcess=pi.hProcess;
103     //输入要修改的值
104     int iVal;
105     printf("input val=");
106     scanf("%d",&iVal);
107     FindFirst(iVal);
108     //打印出搜索结果
109     ShowList();
110     while(g_nListCnt>1)
111     {
112         printf("Input val=");
113         scanf("%d",&iVal);
114         FindNext(iVal);
115         ShowList();
116     }
117     printf("New value=");
118     scanf("%d",&iVal);
119     //写入新值
120     if (WriteMemory(g_arList[0],iVal))
121     {
122         printf("Write data success\n");
123     }
124     ::CloseHandle(g_hProcess);
125     return 0;
126 }

摘自windows程序设计 第2版 

 

posted @ 2013-11-25 07:27  玄奘三藏  阅读(2417)  评论(0编辑  收藏  举报