(一)内存扫描器(面向过程版) - c++编程基础

TOP

(一)内存扫描器(面向过程版)(五)

2023-07-23 13:35:36 【大中小】浏览:105次

break; case COND_INCREASE: is_match = (temp_val > prev_val); break; case COND_DECREASE: is_match = (temp_val < prev_val); break; default: break; } if (is_match) { mb->matches++; } else { REMOVE_FROM_SEARCH(mb, (total_read + offset)); } } } } memcpy(mb->buffer + total_read, tempbuf, bytes_read); bytes_left -= bytes_read; total_read += bytes_read; } mb->size = total_read; } } void free_memblock(MEMBLOCK* mb) { if (mb) { if (mb->buffer) { free(mb->buffer); } if (mb->searchmask) { free(mb->searchmask); } free(mb); } } MEMBLOCK* create_scan(int pid, int data_size) { MEMBLOCK* mb_list = NULL; MEMORY_BASIC_INFORMATION meminfo; PVOID addr = 0; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); if (hProcess) { while (1) { //查询失败，返回 if (!VirtualQueryEx(hProcess, addr, &meminfo, sizeof(meminfo))) { break; } #define WRITABLE (PAGE_READWRITE|PAGE_WRITECOPY|PAGE_EXECUTE_READWRITE|PAGE_EXECUTE_WRITECOPY) if ((meminfo.State & MEM_COMMIT) && (meminfo.Protect & WRITABLE)) { MEMBLOCK* mb = create_memblock(hProcess, &meminfo, data_size); //头插法将扫描的内存块存入内存块列表中 if (mb) { mb->next = mb_list; mb_list = mb; } } addr = (LPVOID)((SIZE_T)meminfo.BaseAddress + meminfo.RegionSize); } } return mb_list; } void update_scan(MEMBLOCK* mb_list, SEARCH_CONDITION condition, int val) { MEMBLOCK* mb = mb_list; while (mb) { update_memblock(mb, condition, val); mb = mb->next; } } void free_scan(MEMBLOCK* mb_list) { CloseHandle(mb_list->hProcess); while (mb_list) { MEMBLOCK* mb = mb_list; mb_list = mb_list->next; free_memblock(mb); } } void dump_scan_info(MEMBLOCK* mb_list) { MEMBLOCK* mb = mb_list; while (mb) { //打印内存块 printf("0x%08x 0x%08x\r\n", mb->addr, mb->size); mb = mb->next; //打印内存块中数据 for (int i = 0; i < mb->size; i++) { printf("0x%02x ", mb->buffer[i]); if (i % 16 == 0) printf("\r\n"); } printf("\r\n"); } } void poke(HANDLE hProcess, int data_size, PVOID addr, int val)//写内存 { if (!WriteProcessMemory(hProcess, addr, &val, data_size, NULL)) { printf("poke failed\r\n"); } } int peek(HANDLE hProcess, int data_size, PVOID addr) { int val = 0; if (!ReadProcessMemory(hProcess, addr, &val, data_size, NULL)) { printf("peek failed\r\n"); } return val; } void print_matches(MEMBLOCK* mb_list) { MEMBLOCK* mb = mb_list; while (mb) { for (int offset = 0; offset < mb->size; offset += mb->data_size) { if (IS_IN_SEARCH(mb, offset)) { int val = peek(mb->hProcess, mb->data_size, (PVOID)((SIZE_T)mb->addr + offset)); printf("0x%08x : %d\r\n", (SIZE_T)mb->addr + offset, val); } } mb = mb->next; } } int get_match_count(MEMBLOCK* mb_list) { MEMBLOCK* mb = mb_list; int count = 0; while (mb) { count += mb->matches; mb = mb->next; } return count; } int str2int(char*

首页上一页 2 3 4 5 下一页尾页 5/5/5
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】

上一篇：(二)内存扫描器(面向对象版)	下一篇：【Visual Leak Detector】在 QT ..