windows编程之内存数据修改

最新推荐文章于 2025-02-10 21:35:41 发布

原创最新推荐文章于 2025-02-10 21:35:41 发布 · 858 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#windows #编程 #null #input #exe #byte

本文介绍了一个用于在指定进程中搜索特定内存值并进行修改的工具。该工具利用Windows API实现内存读写操作，通过逐页扫描的方式寻找目标值，并允许用户进行多次筛选以精确定位，最终实现内存值的修改。

部署运行你感兴趣的模型镜像

#include"StdAfx.h"
#include<windows.h>

DWORD g_arList[1024];
int g_nListCnt=0;
HANDLE g_hProcess;

BOOL CompareAPage(DWORD dwBaseAddr,DWORD dwValue){
    BYTE arBytes[4096];
    if(!::ReadProcessMemory(g_hProcess,(LPVOID)dwBaseAddr,arBytes,4096,NULL))
        return FALSE;
    DWORD* pwd;
    for(int i=0;i<(int)1024*4-3;i++){
        pwd=(DWORD*)&arBytes[i];
        if(pwd[0]==dwValue){
            if(g_nListCnt>1024)
                return FALSE;
            g_arList[g_nListCnt++]=dwBaseAddr+i;
        }
    }
    return TRUE;
}

BOOL FindFirst(DWORD dwValue){
    const DWORD dwOneGB=1024*1024*1024;
    const DWORD dwOnePage=4*1024;
    if(g_hProcess==NULL)
        return FALSE;
    DWORD dwBase;
    OSVERSIONINFO vi={sizeof(vi)};
    ::GetVersionEx(&vi);
    if(vi.dwPlatformId=VER_PLATFORM_WIN32_WINDOWS)
        dwBase=4*1024*1024;
    else
        dwBase=640*1024;
    for(;dwBase<2*dwOneGB;dwBase+=dwOnePage)
        CompareAPage(dwBase,dwValue);
    return TRUE;
}

BOOL FindNext(DWORD dwValue){
    int i=0;
    int nOrgCnt=g_nListCnt;
    g_nListCnt=0;
    BOOL bRet=FALSE;
    DWORD dwReadValue;
    for(i=0;i<nOrgCnt;i++){
        if(::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),NULL)){
            if(dwReadValue==dwValue){
                g_arList[g_nListCnt++]=g_arList[i];
                bRet=TRUE;
            }
        }
    }
    return     TRUE;
}

BOOL WriteMemory(DWORD dwAddr,DWORD dwValue){
    return ::WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);
}

void ShowList(){
    for(int i=0;i<g_nListCnt;i++)
        printf("%081X/n",g_arList[i]);
}

int main(int argc,char* argv[])
{
    //启动进程
    char szFileName[30];
    printf("The exe_file name is:");
    scanf("%s",szFileName);
    STARTUPINFO si={sizeof(si)};
    PROCESS_INFORMATION pi;
    ::CreateProcess(NULL,szFileName,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
    //关闭线程句柄,只用到进程句柄
    ::CloseHandle(pi.hThread);
    g_hProcess=pi.hProcess;
    //输入要修改的值
    int iVal;
    printf("Input val= ");
    scanf("%d",&iVal);
    FindFirst(iVal);
    ShowList();
    printf("g_nListCnt= %d/n//////////////////////////n/n",g_nListCnt);
    while(g_nListCnt>1){
        printf("Input val=");
        scanf("%d",&iVal);
        FindNext(iVal);
        ShowList();
        if(g_nListCnt==0)
            printf("Not any address in g_nList!/n");
        printf("g_nListCnt= %d/n//////////////////////////////n/n",g_nListCnt);
    }
    printf("iVal=    %d/n",iVal);
    printf("New Value=    ");
    scanf("%d",&iVal);
    WriteMemory(g_arList[0],iVal);
    ::CloseHandle(g_hProcess);
    printf("Operation Successful!/n/n");
    return 0;
}