C ++:读取另一个进程的内存 [英] C++: reading memory of another process
本文介绍了C ++:读取另一个进程的内存的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想有一个函数,允许我读取另一个进程的内存。
我在想这样的东西(伪代码):
staticAddress = 0x026E0DC4
processId = GetProcessIdByName (processName)
processHandle = GetProcessHandle(processId)
processBaseAddress = GetBaseAddress(processHandle)
addressToRead = processBaseAddress + staticAddress
readValueAsInt = ReadMemoryInt(processHandle,addressToRead)
readValueAsFloat = ReadMemoryFloat(processHandle,addressToRead)
readValueAsString = ReadMemoryString(processHandle,addressToRead)
可能吗?
这是我到目前为止:
#include< Windows.h>/ pre>
#include< conio.h>
#include< tlhelp32.h>
#include< string>
#include< psapi.h>
#pragma注释(lib,psapi)
int GetProcessId(char * ProcName){
PROCESSENTRY32 pe32;
HANDLE hSnapshot = NULL;
pe32.dwSize = sizeof(PROCESSENTRY32);
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(Process32First(hSnapshot,& pe32)){
do {
if(strcmp(pe32.szExeFile,ProcName)== 0)
break;
} while(Process32Next(hSnapshot,& pe32));
}
if(hSnapshot!= INVALID_HANDLE_VALUE)
CloseHandle(hSnapshot);
return pe32.th32ProcessID;
}
int GetModuleBase(HANDLE processHandle,string& sModuleName)
{
HMODULE * hModules;
char szBuf [50];
DWORD cModules;
DWORD dwBase = -1;
// ------
EnumProcessModules(processHandle,hModules,0,& cModules);
hModules = new HMODULE [cModules / sizeof(HMODULE)];
if(EnumProcessModules(processHandle,hModules,cModules / sizeof(HMODULE),& cModules)){
for(int i = 0; iif(GetModuleBaseName(processHandle,hModules [i],szBuf,sizeof(szBuf))){
if(sModuleName.compare(szBuf)== 0){
dwBase = (DWORD)hModules [i];
break;
}
}
}
}
delete [] hModules;
return dwBase;
}
int ReadMemoryInt(HANDLE processHandle,LPCVOID address){
// LPVOID buffer = ??;
// SIZE_T size = ??
SIZE_T NumberOfBytesToRead = 4; // ??
ReadProcessMemory(processHandle,address,buffer,size,NumberOfBytesToRead)
return buffer; // ??
}
int ReadMemoryFloat(HANDLE processHandle,LPCVOID address){
// LPVOID buffer = ??;
// SIZE_T size = ??;
SIZE_T NumberOfBytesToRead = 8; // ??
ReadProcessMemory(processHandle,address,buffer,size,NumberOfBytesToRead)
return buffer; // ??
}
int ReadMemoryString(HANDLE processHandle,LPCVOID address){
// LPVOID buffer = ??;
// SIZE_T size = ??;
SIZE_T NumberOfBytesToRead = 999; // ??
ReadProcessMemory(processHandle,address,buffer,size,NumberOfBytesToRead)
return buffer; // ??
}
int main()
{
//从Program.exe中读取一个整数+ 0x05D8A3C4
int address = 0x05D8A3C4;
char * processName =Program.exe;
int processId = GetProcessId(processName);
HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS,false,processId);
int processBaseAddress = GetModuleBase(processHandle,(string)Program.exe;
LPCVOID actualAddress = processBaseAddress + address;
int readValue = ReadMemory(processHandle,actualAddress);
std :: cout<<< readValue<< std :: endl;
CloseHandle(processHandle);
return 0;
}
正如你可以看到的代码中的问号我真的不确定ReadProcessMemory的缓冲区和大小参数我真的
解决方案这里是一个例子你的
ReadMemoryInt )函数:int ReadMemoryInt(HANDLE processHandle,LPCVOID address){
int buffer = 0;
SIZE_T NumberOfBytesToRead = sizeof(buffer); //这等于4
SIZE_T NumberOfBytesActuallyRead;
BOOL err = ReadProcessMemory(processHandle,address,& buffer,NumberOfBytesToRead,& NumberOfBytesActuallyRead);
if(err || NumberOfBytesActuallyRead!= NumberOfBytesToRead)
/ *发生错误* /;
return buffer;
}
&
在
ReadMemoryString()中,您不能知道该变量的地址。你需要阅读的实际大小,你可以读一个大块(大小999)或读取许多小块,直到你得到一个包含\0。
如果你想知道它是否工作,你可以在调试器中启动它,并查看是否返回你期望的值。
I'd like to have a function that allows me to read the memory of another process. I was thinking about something like this (pseudo code):
staticAddress = 0x026E0DC4 processId = GetProcessIdByName(processName) processHandle = GetProcessHandle(processId) processBaseAddress = GetBaseAddress(processHandle) addressToRead = processBaseAddress+staticAddress readValueAsInt = ReadMemoryInt(processHandle, addressToRead) readValueAsFloat = ReadMemoryFloat(processHandle, addressToRead) readValueAsString = ReadMemoryString(processHandle, addressToRead)Would that even be possible? Here is what I got so far:
#include <Windows.h> #include <conio.h> #include <tlhelp32.h> #include <string> #include <psapi.h> #pragma comment( lib, "psapi" ) int GetProcessId(char* ProcName) { PROCESSENTRY32 pe32; HANDLE hSnapshot = NULL; pe32.dwSize = sizeof( PROCESSENTRY32 ); hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if( Process32First( hSnapshot, &pe32 ) ) { do { if( strcmp( pe32.szExeFile, ProcName ) == 0 ) break; } while( Process32Next( hSnapshot, &pe32 ) ); } if( hSnapshot != INVALID_HANDLE_VALUE ) CloseHandle( hSnapshot ); return pe32.th32ProcessID; } int GetModuleBase(HANDLE processHandle, string &sModuleName) { HMODULE *hModules; char szBuf[50]; DWORD cModules; DWORD dwBase = -1; //------ EnumProcessModules(processHandle, hModules, 0, &cModules); hModules = new HMODULE[cModules/sizeof(HMODULE)]; if(EnumProcessModules(processHandle, hModules, cModules/sizeof(HMODULE), &cModules)) { for(int i = 0; i < cModules/sizeof(HMODULE); i++) { if(GetModuleBaseName(processHandle, hModules[i], szBuf, sizeof(szBuf))) { if(sModuleName.compare(szBuf) == 0) { dwBase = (DWORD)hModules[i]; break; } } } } delete[] hModules; return dwBase; } int ReadMemoryInt(HANDLE processHandle, LPCVOID address) { //LPVOID buffer = ??; //SIZE_T size = ??; SIZE_T NumberOfBytesToRead = 4; //?? ReadProcessMemory(processHandle, address, buffer, size, NumberOfBytesToRead) return buffer; //?? } int ReadMemoryFloat(HANDLE processHandle, LPCVOID address) { //LPVOID buffer = ??; //SIZE_T size = ??; SIZE_T NumberOfBytesToRead = 8; //?? ReadProcessMemory(processHandle, address, buffer, size, NumberOfBytesToRead) return buffer; //?? } int ReadMemoryString(HANDLE processHandle, LPCVOID address) { //LPVOID buffer = ??; //SIZE_T size = ??; SIZE_T NumberOfBytesToRead = 999; //?? ReadProcessMemory(processHandle, address, buffer, size, NumberOfBytesToRead) return buffer; //?? } int main() { //read an integer from "Program.exe"+0x05D8A3C4 int address = 0x05D8A3C4; char* processName = "Program.exe"; int processId = GetProcessId(processName); HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId); int processBaseAddress = GetModuleBase(processHandle, (string)"Program.exe"; LPCVOID actualAddress = processBaseAddress+address; int readValue = ReadMemory(processHandle, actualAddress); std::cout << readValue << std::endl; CloseHandle(processHandle); return 0; }As you can see form the question marks in the code I'm really unsure about the "buffer" and "size" parameters of ReadProcessMemory. I'd really appreciate it if someone could help me figuring this out.
解决方案Here is an example for your
ReadMemoryInt()function:int ReadMemoryInt(HANDLE processHandle, LPCVOID address) { int buffer = 0; SIZE_T NumberOfBytesToRead = sizeof(buffer); //this is equal to 4 SIZE_T NumberOfBytesActuallyRead; BOOL err = ReadProcessMemory(processHandle, address, &buffer, NumberOfBytesToRead, &NumberOfBytesActuallyRead); if (err || NumberOfBytesActuallyRead != NumberOfBytesToRead) /*an error occured*/ ; return buffer; }The
&mean that the address of the variable is passed instead its value.And in
ReadMemoryString()you cannot know the actual size you need to read, you could either read a big block (size 999) or read many little blocks till you get one containing \0.And if you want to know if it works, you can start it in a debugger and look if the values you expect are returned.
这篇关于C ++:读取另一个进程的内存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
