搜索内存取得QQ号码

搜索内存取得QQ号码

这样的帖子,不知道可不可以放到首页..如果不行,麻烦管理员清理. 谢谢.

HANDLE GetQQProcess();
bool  SeachQQNumber(HANDLE _hProcess, string   & strQQ);
int  _tmain( int  argc, _TCHAR *  argv[])
{
    HANDLE hProces  =  GetQQProcess() ;
     if (hProces ==  NULL)
        cout  << " No run QQ! " << endl;

     string  strQQ;
    SeachQQNumber(hProces,strQQ);
    cout  << strQQ << endl;
    system( " pause " );
     return   0 ;
}

bool  SeachQQNumber(HANDLE _hProcess,  string   & strQQ)
{
    SuspendThread(_hProcess);
    
    DWORD dwBaseAddress; 
    MEMORY_BASIC_INFORMATION mbi;
     char   process_mem[ 4096 ]  =   { 0 } ;
    DWORD number_of_bytes_read  =   0 ;
    SYSTEM_INFO si; 
    GetSystemInfo( & si);
    dwBaseAddress  =  (DWORD)si.lpMinimumApplicationAddress; 
     while (dwBaseAddress  <  (DWORD)si.lpMaximumApplicationAddress) 
     { 
        mbi.BaseAddress  =  (LPVOID)dwBaseAddress; 
        VirtualQueryEx(_hProcess, (LPVOID)dwBaseAddress,  & mbi,  sizeof (mbi));
        dwBaseAddress  =  (DWORD)mbi.BaseAddress  +  mbi.RegionSize; 
         if (mbi.State  !=  MEM_COMMIT  ||  mbi.AllocationProtect  !=  PAGE_READWRITE)  // 跳过未分配或不可读写的区域 
         { 
             continue ; 
        }  
        
         // 搜索
         for (DWORD i  =  (DWORD)mbi.BaseAddress; i  <  dwBaseAddress; i += 4096 )
         {
             if ( ! ReadProcessMemory(_hProcess,LPCVOID(i),process_mem, 4096 , & number_of_bytes_read))
                 break ;            
             for ( int  j = 0 ;j < 4096   -   9 ;j ++ )
             {
                 if ( ! memcmp( & process_mem[j], " \\MsgEx.db " , 9 ) )
                 {
                     // printf("begin\n");
                     for ( int  k = j - 1 ; k  >  j - 12 ; k -- )
                     {
                         if (process_mem[k]  >=   ' 0 '   &&  process_mem[k]  <=   ' 9 ' )
                         {
                            strQQ  =   process_mem[k]  +  strQQ;
                        }
                         else
                             break ;
                    }
                     if (strQQ.length())
                     {
                        ResumeThread(_hProcess);
                         return   true ;
                    }             
                }
            }
        }
    }
    ResumeThread(_hProcess);
     return   false ;
}


HANDLE GetQQProcess()
{
    PROCESSENTRY32 pe;
    pe.dwSize  =   sizeof (PROCESSENTRY32);
    HANDLE hSnapshot  =  CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,  0 );
    Process32First(hSnapshot,  & pe);
     do {
         if ( ! _tcsicmp(pe.szExeFile,_T( " qq.exe " )))
         {
            CloseHandle(hSnapshot);
             return  OpenProcess(PROCESS_ALL_ACCESS,FALSE,pe.th32ProcessID);
        }
        pe.dwSize  =   sizeof (PROCESSENTRY32);
    } while (Process32Next(hSnapshot,  & pe));
    CloseHandle(hSnapshot);
     return  NULL;
}