c++ readIntger writeIntger

类似CE的read/writeIntger函数(外部) 完整版项目在这里

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <vector>
#include <regex>
#include <sstream>
#include <string>

// global
DWORD pid = 0;
HANDLE hProcess = 0;

// 获取进程名的pid
DWORD getPID(const wchar_t* name)
{
	DWORD pid = 0;
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hSnap != INVALID_HANDLE_VALUE)
	{
		PROCESSENTRY32 pe;
		pe.dwSize = sizeof(pe);
		if (Process32First(hSnap, &pe))
		{
			do {
				if (!_wcsicmp(pe.szExeFile, name)) {
					pid = pe.th32ProcessID;
					break;
				}
			} while (Process32Next(hSnap, &pe));
		}
	}
	CloseHandle(hSnap);
	return pid;
}

// 获取模块基址
uintptr_t getModuleBaseAddress(DWORD pid, const wchar_t* modName)
{
	uintptr_t modBaseAddr = 0;
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid);

	if (hSnap != INVALID_HANDLE_VALUE)
	{
		MODULEENTRY32 me;
		me.dwSize = sizeof(me);
		if (Module32First(hSnap, &me))
		{
			do {
				if (!_wcsicmp(me.szModule, modName)) {
					modBaseAddr = (uintptr_t)me.modBaseAddr;
					break;
				}
			} while (Module32Next(hSnap, &me));
		}
	}
	CloseHandle(hSnap);
	return modBaseAddr;
}

std::string replaceString(std::string origenString, std::string replaceString, std::string newValue)
{
	int startIndex = origenString.find(replaceString);
	int endIndex = replaceString.size();
	return origenString.replace(startIndex - 1, endIndex + 2, newValue);
}

uintptr_t hexStr2Hex(std::string hexStr)
{
	uintptr_t r;
	std::stringstream(hexStr) >> std::hex >> r;
	return r;
}

struct SplitListItem
{
	std::string key;
	std::string value;
};

std::vector<SplitListItem> splitString(std::string origenString, std::regex pattern)
{
	std::smatch result;
	std::string::const_iterator iterStart = origenString.begin();
	std::string::const_iterator iterEnd = origenString.end();


	std::vector<std::string> splitList = {};
	std::vector<std::string> splitKeys = {};
	std::vector<SplitListItem> resultSplitList = {};

	while (regex_search(iterStart, iterEnd, result, pattern))
	{
		splitList.emplace_back(iterStart, result[0].first);
		splitKeys.push_back(result[0].str());
		iterStart = result[0].second;
	}
	splitList.emplace_back(iterStart, iterEnd);


	for (size_t i = 0; i < splitList.size(); i++)
	{
		resultSplitList.push_back(SplitListItem{ i > 0 ? splitKeys[i - 1] : "",  splitList[i] });
	}
	return resultSplitList;
}

uintptr_t getOffsetsAddress(std::string address, uintptr_t nextValue = 0)
{

	std::string str = std::regex_replace(address, (std::regex)"\\s", "") ;
	std::smatch result;
	std::regex pattern(".*\\[([^\\[\\]]+)\\].*");
	std::regex_match(str, result, pattern);
	if (result.size() == 0)
	{
		if (str.size() == 0) {
			return nextValue;
		}

		std::vector<SplitListItem>  r = splitString(str, (std::regex)"[+-]");

		uintptr_t a = hexStr2Hex(r[0].value);
		if (a == 0 && r[0].value != "0")
		{
			// 符号
			a = getModuleBaseAddress(
				pid,
				std::wstring(r[0].value.begin(), r[0].value.end()).c_str()
			);
		}
		uintptr_t b = hexStr2Hex(r[1].value);

		if (r[1].key == "+") a += b;
		if (r[1].key == "-") a -= b;
		return a;
	}



	std::vector<SplitListItem>  r = splitString(result[1], (std::regex)"[+-]");
	uintptr_t data = 0;
	for (size_t i = 0; i < r.size(); i++)
	{

		uintptr_t v = hexStr2Hex(r[i].value);

		if (v == 0 && r[i].value != "0")
		{
			// 符号
			data += getModuleBaseAddress(
				pid,
				std::wstring(r[i].value.begin(), r[i].value.end()).c_str()
			);
		}
		else
		{
			if (r[i].key == "+") data += v;
			if (r[i].key == "-") data -= v;
			ReadProcessMemory(hProcess, (LPCVOID)data, &data, 4, 0);
		}
	}

	std::stringstream hexData;
	hexData << std::hex << data;
	std::string newOrigenString = replaceString(str, result[1], hexData.str());
	return getOffsetsAddress(newOrigenString, data);
}

uintptr_t readIntger(std::string address)
{
	uintptr_t r = getOffsetsAddress(address);
	if (r == 0) return 0;
	ReadProcessMemory(hProcess, (LPCVOID)r, &r, 4, 0);
	return r;
}

uintptr_t writeIntger(std::string address, uintptr_t newInt)
{
	uintptr_t r = getOffsetsAddress(address);
	if (r == 0) return 0;
	WriteProcessMemory(hProcess, (LPVOID)r, (LPCVOID)&newInt, 4, 0);
	return r;
}

int main()
{

	// 地址: [game.exe+009E820C]+338

	std::string mainname = "game.exe";

	pid = getPID(std::wstring(mainname.begin(), mainname.end()).c_str());


	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	if (hProcess == NULL) return 0;


	std::cout << readIntger("game.exe+009E820C") << std::endl;
	std::cout << readIntger("[game.exe + 009E820C] + 338") << std::endl;

	writeIntger("[game.exe+ 009E820C] + 338", 20);
	

	CloseHandle(hProcess);
	return 0;
}
posted @ 2020-07-22 15:16  Ajanuw  阅读(192)  评论(0编辑  收藏  举报