内存查找
windows程序设计中的内存查找主程序代码:
// MemRepair.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
BOOL FindFirst(DWORD dwValue);
BOOL FindNext(DWORD dwValue);
HANDLE g_hProcess;
DWORD g_arList;
DWORD g_nListCnt;
BOOL CompareAPage(DWORD dwBaseAddr, DWORD dwValue)
{
//读取一页内存
BYTE arBytes;
BOOL bRead = ::ReadProcessMemory(g_hProcess, (LPVOID)dwBaseAddr, arBytes, 4096,NULL);
if (bRead == FALSE)
{
return FALSE;
}
DWORD *pdw;
for (int i=0;i<4096-4;i++)
{
pdw = (DWORD*)&arBytes;
if (pdw == dwValue)
{
g_arList = dwBaseAddr+i;
}
/*出错,应该将地址先转换成DWORD*,即指向DWORD的地址,然后再取
if ((DWORD)&arBytes == dwValue)
{
g_arList = dwBaseAddr+i;
}
*/
}
if (g_nListCnt > 1024)
{
printf("the position is large than 1024..");
return FALSE;
}
return TRUE;
}
BOOL FindFirst(DWORD dwValue)
{
const DWORD dwOneGB = 1 * 1024 *1024 *1024; // 1GB
const DWORD dwOnePage = 4* 1024; // 4K
DWORD dwBase;
OSVERSIONINFO versionInfo={0};
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
::GetVersionEx(&versionInfo);
if (versionInfo.dwPlatformId ==VER_PLATFORM_WIN32_WINDOWS ) //win98
{
dwBase = 4 * 1024 *1024; // 4MB
}
else
{
dwBase = 64 * 1024; // 64KB
}
//从开始地址到2GB的空间查找
for (;dwBase<2*dwOneGB;dwBase+=dwOnePage)
{
CompareAPage(dwBase,dwValue);
}
return TRUE;
}
BOOL FindNext(DWORD dwValue)
{
DWORD dwOriCnt = g_nListCnt;
DWORD dwReadValue;
BOOL bRet = FALSE;
g_nListCnt = 0;
for (int i=0;i<dwOriCnt;i++)
{
if (::ReadProcessMemory(g_hProcess,(LPVOID)g_arList,&dwReadValue,sizeof(DWORD),0))
{
if (dwReadValue == dwValue)
{
g_arList = g_arList;
bRet = TRUE;
}
}
}
return bRet;
}
void ShowList()
{
for (int i=0;i<g_nListCnt;i++)
{
printf("%08lX\n", g_arList);
}
}
BOOL WriteMemory(DWORD dwAddr, DWORD dwValue)
{
//出错的情况:写入的是&dwValue,而不是(LPVOID)dwValue
return WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);
}
int _tmain(int argc, _TCHAR* argv[])
{
g_nListCnt = 0;
memset(g_arList,0,sizeof(g_arList));
char szCommandLine[]="c:\\testor.exe";
STARTUPINFO si={sizeof(STARTUPINFO)};
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = TRUE;
PROCESS_INFORMATION pi;
BOOL bRet = CreateProcess(NULL, szCommandLine,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if (bRet == FALSE)
{
printf("createProcess failed...");
return -1;
}
::CloseHandle(pi.hThread);
g_hProcess = pi.hProcess;
//输入修改值
int iVal;
printf("Input iVal=");
scanf("%d", &iVal);
//进行第一次查找
FindFirst(iVal);
//打印结果
ShowList();
//再次查找
while (g_nListCnt > 1)
{
printf("input iVal:\n");
scanf("%d",&iVal);
FindNext(iVal);
ShowList();
}
//修改值
printf("input new value:\n");
scanf("%d",&iVal);
if (WriteMemory(g_arList,iVal))
{
printf("write suc...");
}
::CloseHandle(g_hProcess);
return 0;
}
测试用的程序代码:
#include "stdafx.h"
#include <stdio.h>
int g_nNum = 1003;
int _tmain(int argc, _TCHAR* argv[])
{
int i = 200;
while(1)
{
printf("i=%d,&i=%08lX...g_nNum=%d,&g_nNum=%08lX\n\n",i--,&i,--g_nNum,&g_nNum);
getchar();
}
return 0;
}
页:
[1]