内存修改原理 

#include<windows.h>
#include<iostream.h>
#include<stdio.h>
HANDLE g_hProcess;
DWORD dwGoalAddr[1024],count;
int CompareAPage(DWORD dwBase,DWORD goal)
{
    DWORD i;
    BYTE arBytes[4096];
    if(!::ReadProcessMemory(g_hProcess,(LPVOID)dwBase,arBytes,4096,NULL))
    {
        return FALSE;
    }
    DWORD * lpDw;
    for(i=0;i<4096-3;i++)
    {
        lpDw=(DWORD*)&arBytes[i];
        if(count>=1024) return FALSE;
        if(*lpDw==goal) 
            dwGoalAddr[count++]=dwBase+i;
    }
    return count;
}
int FirstFind(DWORD goal)
{
    const DWORD dwOneGB=1024*1024*1024;
    const DWORD dwOnePage=4*1024;
    DWORD dwBaseAddr;
    OSVERSIONINFO vi;
    ::GetVersionEx(&vi);

    if(vi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)
        dwBaseAddr=4*1024*1024;
    else
        dwBaseAddr=64*1024;
    count=0;
    for(;dwBaseAddr<2*dwOneGB;dwBaseAddr+=dwOnePage)
    {
        CompareAPage(dwBaseAddr,goal);
    }
    return 0;
}
int ShowAddr(int k)
{
    int i;
    for(i=0;i<k;i++)
        printf("%08lX\n",dwGoalAddr[i]);
        return 1;
}
int FindNext(DWORD goal)
{
    int i,k=0;
    LPVOID lpAddr;
    DWORD gValue;
    for(i=0;i<(int)count;i++)
    {
        lpAddr=(LPVOID)dwGoalAddr[i];
        ::ReadProcessMemory(g_hProcess,(LPVOID*) dwGoalAddr[i],&gValue,sizeof(DWORD),NULL);
        if(gValue==goal) dwGoalAddr[k++]=dwGoalAddr[i];
    }
    return k;
}
int main()
{
    DWORD goal;
    char fileName[]="D:\\VC\\02testor\\Debug\\main.exe";
    STARTUPINFO si={sizeof(STARTUPINFO)};
    PROCESS_INFORMATION ps;

    if(!::CreateProcess(NULL,fileName,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&ps))
    {
        printf("创建进程失败!\n");
        return 0;
    }
    ::CloseHandle(ps.hThread);
    g_hProcess=ps.hProcess;

        if(g_hProcess==INVALID_HANDLE_VALUE)
    {
        printf("进程创建失败!\n");
        return 0;
    }
    printf("请输入你要查找的值:");
    scanf("%ld",&goal);
        FirstFind(goal);

    //ShowAddr(count);
    while(count>1)
    {
        printf("本次查找有%d个目标,请输入下一次要查找的值:",count);
        scanf("%ld",&goal);
        count=FindNext(goal);
    }
    if(count==0)
    {
        printf("没有查找到目标!\n");
        return FALSE;
    }
    else
    {
        printf("请输入你要修改的值:");
        scanf("%ld",&goal);
    }
    if(!::WriteProcessMemory(g_hProcess,(LPVOID)dwGoalAddr[0],&goal,sizeof(DWORD),NULL))
    {
        printf("修改内存失败!\n");
        return FALSE;
    }
        ::ReadProcessMemory(g_hProcess,(LPVOID)dwGoalAddr[0],&goal,sizeof(DWORD),NULL);
    printf("最种修改为:%ld\n",goal);
    //DWORD exitCode;
    //GetExitCodeProcess(g_hProcess,&exitCode);
    //TerminateProcess(g_hProcess,exitCode);
    ::CloseHandle(g_hProcess);
        return 0;
}

以上程序需要调用以下代码生成的的可执行文件,从而产生另一个进程,然后修改g_nNum的内存

CloseHandle(),TerminateThread(),ExitThread()的区别 看以下博客:

http://blog.csdn.net/anye3000/article/details/7470674
#include<iostream>
#include<windows.h>
int g_nNum;
int main()
{
    int i;
    g_nNum=1003; i=0;
    while(1)
    {
        printf("i=%d,  &i=0X%08lX,  g_nNum=%d,  &g_nNum=0X%08lX\n",i++,&i,++g_nNum,&g_nNum);
        getchar();
    }
    return 0;
}
posted @ 2012-05-23 12:57  书山有路,学海无涯  阅读(577)  评论(0编辑  收藏  举报