前段日子因為學習內存把王艷平老師的書看了一遍綜合了其他書籍,簡單學習做了一個內存修改器,下面是我覺得比較重要的知識,從書上摳了下來
代碼:
類的形式寫的代碼:
// HelloGame.cpp : 定義控制台應用程序的入口點。
//
#include "stdafx.h"
#include"HelloGame.h"
Game::Game(DWORD ProcessID)
{
m_GameCount = 0;
IsOK = TRUE;
ToAimProcessHandle = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION,
FALSE, ProcessID);
}
Game::~Game()
{
if (ToAimProcessHandle!=NULL)
{
CloseHandle(ToAimProcessHandle);
ToAimProcessHandle = NULL;
}
}
BOOL Game::CompareAPage(DWORD BaseAddress, DWORD Value)//搜索內存
{
BYTE PageBytes[4096];
BOOL IsOK;
IsOK = ReadProcessMemory(ToAimProcessHandle, (LPVOID)BaseAddress, PageBytes, 4096, NULL);
if (IsOK == FALSE)
{
return NULL;
}
DWORD *Buffer;
for (int i = 0; i < 4 * 1024 - 3; i++)
{
Buffer = (DWORD*)&PageBytes[i];//這樣才是地址的地址
if (Buffer[0] == Value)
{
m_AddressList[m_GameCount++] = BaseAddress + i;//不懂??
}
}
return TRUE;
}
BOOL Game:: FindFirst(DWORD Value)
{
const DWORD OneGB = 1024 * 1024 * 1024; // 1GB
const DWORD OnePage = 4 * 1024; // 4KB
if (ToAimProcessHandle == NULL)
return FALSE;
// 查看操作系統類型,以決定開始地址
DWORD BaseAddress;
OSVERSIONINFO vi = { sizeof(vi) };
::GetVersionEx(&vi);
if (vi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
BaseAddress = 4 * 1024 * 1024; // Windows 98系列,4MB
else
BaseAddress = 640 * 1024; // Windows NT系列,64KB
// 在開始地址到2GB的地址空間進行查找
for (; BaseAddress < 2 * OneGB; BaseAddress += OnePage)
{
// 比較1頁大小的內存
CompareAPage(BaseAddress, Value);
}
IsOK = FALSE;
return TRUE;
}
BOOL Game::FindNext(DWORD Value)
{/*第二次不是從原先進程內存中查找所以直接是進行一個計數而已*/
// 保存m_arList數組中有效地址的個數,初始化新的m_nListCnt值
int Count = m_GameCount;//有效個數
m_GameCount = 0;
// 在m_arList數組記錄的地址處查找
BOOL IsOK = FALSE; // 假設失敗
DWORD ReadValue;
for (int i = 0; i<Count; i++)
{
if (::ReadProcessMemory(ToAimProcessHandle, (LPVOID)m_AddressList[i], &ReadValue, sizeof(DWORD), NULL))
{
if (ReadValue == Value)
{
m_AddressList[m_GameCount++] = m_AddressList[i];
IsOK = TRUE;
}
}
}
return TRUE;
}
BOOL Game::WriteMemory(DWORD Address, DWORD Value)
{
return WriteProcessMemory(ToAimProcessHandle, (LPVOID)Address, (LPCVOID)Value, sizeof(Value), NULL);
}
main函數中的代碼:
#include"HelloGame.h"
#include<Windows.h>
#include<iostream>
using namespace std;
Game GamePlay;
DWORD m_AddressList[4096];
ULONG GameListCount;
HANDLE ProcessHandle;
int main()
{
WCHAR FileName[] = L"..\\debug\\02testor.exe";
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
BOOL IsOK=CreateProcess(NULL, FileName, NULL, NULL, FALSE,
CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
if (IsOK == FALSE)
{
return NULL;
}
// 關閉線程句柄,既然我們不使用它
::CloseHandle(pi.hThread);
GamePlay.ToAimProcessHandle = pi.hProcess;
int ChangeValue;
printf("輸入改變的值");
scanf("%d", &ChangeValue);
GamePlay.FindFirst(ChangeValue);
GamePlay.ShowData();
while (GamePlay.m_GameCount > 1)
{
printf("二次查詢:%d\r\n");
scanf("%d", &ChangeValue);
// 進行下次搜索
GamePlay.FindNext(ChangeValue);
// 顯示搜索結果
GamePlay.ShowData();
}
}