windows编程之内存数据修改

于 2010-05-24 11:36:00 发布
阅读量837 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: windows 编程 null input exe byte
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/codeferever/article/details/5619674

#include"StdAfx.h"
#include<windows.h>

DWORD g_arList[1024];
int g_nListCnt=0;
HANDLE g_hProcess;

BOOL CompareAPage(DWORD dwBaseAddr,DWORD dwValue){
    BYTE arBytes[4096];
    if(!::ReadProcessMemory(g_hProcess,(LPVOID)dwBaseAddr,arBytes,4096,NULL))
        return FALSE;
    DWORD* pwd;
    for(int i=0;i<(int)1024*4-3;i++){
        pwd=(DWORD*)&arBytes[i];
        if(pwd[0]==dwValue){
            if(g_nListCnt>1024)
                return FALSE;
            g_arList[g_nListCnt++]=dwBaseAddr+i;
        }
    }
    return TRUE;
}

BOOL FindFirst(DWORD dwValue){
    const DWORD dwOneGB=1024*1024*1024;
    const DWORD dwOnePage=4*1024;
    if(g_hProcess==NULL)
        return FALSE;
    DWORD dwBase;
    OSVERSIONINFO vi={sizeof(vi)};
    ::GetVersionEx(&vi);
    if(vi.dwPlatformId=VER_PLATFORM_WIN32_WINDOWS)
        dwBase=4*1024*1024;
    else
        dwBase=640*1024;
    for(;dwBase<2*dwOneGB;dwBase+=dwOnePage)
        CompareAPage(dwBase,dwValue);
    return TRUE;
}

BOOL FindNext(DWORD dwValue){
    int i=0;
    int nOrgCnt=g_nListCnt;
    g_nListCnt=0;
    BOOL bRet=FALSE;
    DWORD dwReadValue;
    for(i=0;i<nOrgCnt;i++){
        if(::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),NULL)){
            if(dwReadValue==dwValue){
                g_arList[g_nListCnt++]=g_arList[i];
                bRet=TRUE;
            }
        }
    }
    return     TRUE;
}

BOOL WriteMemory(DWORD dwAddr,DWORD dwValue){
    return ::WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);
}

void ShowList(){
    for(int i=0;i<g_nListCnt;i++)
        printf("%081X/n",g_arList[i]);
}

int main(int argc,char* argv[])
{
    //启动进程
    char szFileName[30];
    printf("The exe_file name is:");
    scanf("%s",szFileName);
    STARTUPINFO si={sizeof(si)};
    PROCESS_INFORMATION pi;
    ::CreateProcess(NULL,szFileName,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
    //关闭线程句柄,只用到进程句柄
    ::CloseHandle(pi.hThread);
    g_hProcess=pi.hProcess;
    //输入要修改的值
    int iVal;
    printf("Input val= ");
    scanf("%d",&iVal);
    FindFirst(iVal);
    ShowList();
    printf("g_nListCnt= %d/n//n/n",g_nListCnt);
    while(g_nListCnt>1){
        printf("Input val=");
        scanf("%d",&iVal);
        FindNext(iVal);
        ShowList();
        if(g_nListCnt==0)
            printf("Not any address in g_nList!/n");
        printf("g_nListCnt= %d/n//n/n",g_nListCnt);
    }
    printf("iVal=    %d/n",iVal);
    printf("New Value=    ");
    scanf("%d",&iVal);
    WriteMemory(g_arList[0],iVal);
    ::CloseHandle(g_hProcess);
    printf("Operation Successful!/n/n");
    return 0;
}

codeferever
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值