Windows编程_Lesson008_内存_内存修改器
###内存修改器
修改指定进程名字中的内存
####单线程版本
#include
#include
#include
// 第一次查找
void FirstFind(HANDLE hProcess, BYTE *pBuffer, DWORD dwPageSize, DWORD dwVal, std::vector &vecAddr)
{
DWORD dwOneGB = 1024 * 1024 * 1024;
for (DWORD dwBaseAddr = 0; dwBaseAddr < dwOneGB*2; dwBaseAddr += dwPageSize)
{
// 读取一页大小的内存空间
if (ReadProcessMemory(hProcess, (LPCVOID)dwBaseAddr, pBuffer, dwPageSize, nullptr))
{
// 从一页地址中查找相等的值,并记录
DWORD *pdw = nullptr;
for (DWORD i = 0; i < dwPageSize - 3; ++i)
{
pdw = (DWORD *)&pBuffer[i];
if (pdw[0] == dwVal)
{
vecAddr.push_back(dwBaseAddr + i);
}
}
}
}
}
// 下一次查找
void NextFind(HANDLE hProcess, DWORD dwPageSize, DWORD dwVal, std::vector &vecAddr)
{
DWORD dwCount = 0;
DWORD dwSize = vecAddr.size();
DWORD dwReadVal = 0;
for (DWORD i=0; i vecAddr;
DWORD dwVal = 0;
printf("The value to find:");
scanf_s("%d", &dwVal);
DWORD dwPrevTime = GetTickCount();
FirstFind(hProcess, pByte, dwPageSize, dwVal, vecAddr);
printf("The first find used time:%d ms\r\n", GetTickCount() - dwPrevTime);
while (vecAddr.size() > 1)
{
printf("The value to find:");
scanf_s("%d", &dwVal);
NextFind(hProcess, dwPageSize, dwVal, vecAddr);
}
printf("The value to modify:");
scanf_s("%d", &dwVal);
WriteProcessMemory(hProcess, (LPVOID)vecAddr[0], &dwVal, sizeof(DWORD), nullptr);
}
while (false);
system("pause");
return 0;
}
####多线程版本
#include
#include
#include
#include
typedef struct _tagParam
{
DWORD dwPageSize;
DWORD dwStartAddr;
DWORD dwEndAddr;
DWORD dwFindVal;
HANDLE hProcess;
std::vector vecAddr;
}Param;
unsigned int __stdcall ThreadFunc(void *lParam)
{
Param *pParam = (Param *)lParam;
BYTE *pByte = new BYTE[pParam->dwPageSize];
for (DWORD dwStartAddr=pParam->dwStartAddr; dwStartAddrdwEndAddr; dwStartAddr+=pParam->dwPageSize)
{
if (ReadProcessMemory(pParam->hProcess, (LPCVOID)dwStartAddr, pByte, pParam->dwPageSize, nullptr))
{
DWORD *pDword = nullptr;
for (DWORD i=0; idwPageSize-3; ++i)
{
pDword = (DWORD *)&pByte[i];
if (pDword[0] == pParam->dwFindVal)
{
pParam->vecAddr.push_back(dwStartAddr + i);
}
}
}
}
delete[] pByte;
return 0;
}
// 第一次查找
void FirstFind(HANDLE hProcess, BYTE *pBuffer, DWORD dwPageSize, DWORD dwVal, std::vector &vecAddr)
{
DWORD dwOneGB = 1024 * 1024 * 1024;
for (DWORD dwBaseAddr = 0; dwBaseAddr < dwOneGB*2; dwBaseAddr += dwPageSize)
{
// 读取一页大小的内存空间
if (ReadProcessMemory(hProcess, (LPCVOID)dwBaseAddr, pBuffer, dwPageSize, nullptr))
{
// 从一页地址中查找相等的值,并记录
DWORD *pdw = nullptr;
for (DWORD i = 0; i < dwPageSize - 3; ++i)
{
pdw = (DWORD *)&pBuffer[i];
if (pdw[0] == dwVal)
{
vecAddr.push_back(dwBaseAddr + i);
}
}
}
}
}
// 下一次查找
void NextFind(HANDLE hProcess, DWORD dwPageSize, DWORD dwVal, std::vector &vecAddr)
{
DWORD dwCount = 0;
DWORD dwSize = vecAddr.size();
DWORD dwReadVal = 0;
for (DWORD i=0; i vecAddr;
DWORD dwVal = 0;
printf("The value to find:");
scanf_s("%d", &dwVal);
DWORD dwPrevTime = GetTickCount();
//FirstFind(hProcess, pByte, dwPageSize, dwVal, vecAddr);
DWORD dwStartAddr = 0;
DWORD dwOneGB = 1024 * 1024 * 1024;
DWORD dwSizePerThread = 16 * 1024 * 1024; // 每个线程读取16MB的空间
HANDLE *hThreads = new HANDLE[system_info.dwNumberOfProcessors];
Param *pParams = new Param[system_info.dwNumberOfProcessors];
for (DWORD i = 0; i < system_info.dwNumberOfProcessors; ++i)
{
pParams[i].dwStartAddr = dwStartAddr;
dwStartAddr += dwSizePerThread;
pParams[i].dwEndAddr = dwStartAddr;
pParams[i].hProcess = hProcess;
pParams[i].dwPageSize = system_info.dwPageSize;
pParams[i].dwFindVal = dwVal;
pParams[i].vecAddr.clear();
hThreads[i] = (HANDLE)_beginthreadex(nullptr, 0, ThreadFunc, &pParams[i], 0, nullptr);
}
for (; dwStartAddr 1)
{
printf("The value to find:");
scanf_s("%d", &dwVal);
NextFind(hProcess, system_info.dwPageSize, dwVal, vecAddr);
}
printf("The value to modify:");
scanf_s("%d", &dwVal);
WriteProcessMemory(hProcess, (LPVOID)vecAddr[0], &dwVal, sizeof(DWORD), nullptr);
delete[] pByte;
}
while (false);
system("pause");
return 0;
}