|
发表于 2017-4-12 18:33:35
|
显示全部楼层
这是我写的一个游戏的WG读写类,包含了一些基本的读写内存,申请内存的方法,希望可以帮到你!
这是MemoryRW.h文件
- #pragma once
- #include <Windows.h>
- #include <iostream>
- #include <qvector.h>
- #include<math.h>
- #include<stdio.h>
- #include <stdarg.h>
- #define BIT(num, n, m) ((num & (m << n * 4)) > 0)
- class MemoryRW
- {
- public:
- MemoryRW(DWORD ProcessID, QString ProcessName);
- ~MemoryRW();
- bool read(int address, LPVOID temp, int count);
- bool write(int address, LPVOID temp, int count);
- int readInt(int address);
- bool writeInt(int address, int temp);
- float readDecimal(int address);
- bool writeDecimal(int address, float value);
- void readWchar(int address, LPVOID temp, int count);
- void callFunc(LPVOID mFunc, DWORD mFuncSize, LPVOID Param, DWORD ParamSize);
- LPVOID applyMemory(int count, DWORD protect = PAGE_EXECUTE_READWRITE, DWORD type = MEM_COMMIT);
- bool freeMemory(LPVOID address, DWORD Size = 0, DWORD type = MEM_RELEASE);
- std::vector<int> SearchConditioncode(std::vector<byte> Conditioncode);
- private:
- HWND hWindows = NULL;
- HANDLE hProcess = NULL;
- DWORD ThreadID = NULL;
- DWORD ProcessID = NULL;
- unsigned long SearchBegin = 0x400000;
- unsigned long SearchEnd = 0x7ffeffff;
- };
复制代码
这是.cpp文件
- #include "MemoryRW.h"
- MemoryRW::MemoryRW(DWORD ProcessID, QString ProcessName)
- {
- char str[50];
- QByteArray ba = ProcessName.toLatin1();
- char * mm = ba.data();
- hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);
- sprintf_s(str, "process %s---processid %d", mm, ProcessID);
- MessageBoxA(NULL, str, "nice", MB_OK);
- }
- MemoryRW::~MemoryRW()
- {
- }
- std::vector<int> MemoryRW::SearchConditioncode(std::vector<byte> Conditioncode) {
- BYTE * Conditioncode_array = new BYTE[Conditioncode.size()];
- for (int i = 0; i < Conditioncode.size(); i++) {
- Conditioncode_array[i] = Conditioncode[i];
- }
- int Conditioncode_num = Conditioncode.size();
- int i, j;
- std::vector<int> temp;
- MEMORY_BASIC_INFORMATION mbInfo = { 0 };
- const SIZE_T BaseInfoLen = sizeof(MEMORY_BASIC_INFORMATION);
- BYTE *lpBuf = new BYTE[1];
- DWORD dwBufSize = 1;
- for (i = SearchBegin; i < SearchEnd;) {
- VirtualQueryEx(hProcess, (LPCVOID)i, &mbInfo, BaseInfoLen);
- if (lpBuf != NULL) {
- delete[] lpBuf;
- lpBuf = NULL;
- }
- if (BIT(mbInfo.State, 3, 1) && (BIT(mbInfo.Protect, 1, 1) || BIT(mbInfo.Protect, 1, 2) || BIT(mbInfo.Protect, 1, 4))) {
- dwBufSize = mbInfo.RegionSize;
- lpBuf = new BYTE[dwBufSize];
- if (ReadProcessMemory(hProcess, (LPCVOID)i, lpBuf, dwBufSize, 0)) {
- for (j = 0; j <= mbInfo.RegionSize - Conditioncode_num; j++) {
- for (int k = 0; k < Conditioncode_num; k++) {
- if (lpBuf[j + k] != Conditioncode_array[k]) {
- goto s;
- }
- }
- temp.push_back(i + j);
- if (lpBuf != NULL) {
- delete[] lpBuf;
- lpBuf = NULL;
- }
- //return temp;
- s:;
- }
- }
- }
- i = (int)mbInfo.BaseAddress + mbInfo.RegionSize;
- }
- if (lpBuf != NULL) {
- delete[] lpBuf;
- lpBuf = NULL;
- }
- delete[]Conditioncode_array;
- return temp;
- }
- bool MemoryRW::read(int address, LPVOID temp, int count) {
- if (ReadProcessMemory(hProcess, (LPCVOID)address, temp, count, 0)) {
- return true;
- }
- else {
- return false;
- }
- }
- bool MemoryRW::write(int address, LPVOID temp, int count) {
- if (WriteProcessMemory(hProcess, (LPVOID)address, temp, count, 0)) {
- return true;
- }
- else {
- return false;
- }
- }
- int MemoryRW::readInt(int address) {
- int temp = 0;
- ReadProcessMemory(hProcess, (LPCVOID)address, &temp, 4, 0);
- return temp;
- }
- bool MemoryRW::writeInt(int address, int temp) {
- if (WriteProcessMemory(hProcess, (LPVOID)address, &temp, 4, 0)) {
- return true;
- }
- else {
- return false;
- }
- }
- float MemoryRW::readDecimal(int address) {
- float temp;
- ReadProcessMemory(hProcess, (LPCVOID)address, &temp, 4, 0);
- return temp;
- }
- bool MemoryRW::writeDecimal(int address, float value) {
- if (WriteProcessMemory(hProcess, (LPVOID)address, &value, 4, 0)) {
- return true;
- }
- else {
- return false;
- }
- }
- void MemoryRW::readWchar(int address, LPVOID temp, int count) {
- int tempCount = 0;
- wchar_t tempWchar = L'\0';
- while (true)
- {
- wchar_t tempWchar = WORD(readInt(address + tempCount * 2));
- *((WORD *)temp + tempCount) = tempWchar;
- tempCount++;
- if (tempWchar == L'\0' || tempCount == count - 1) {
- *((WORD *)temp + tempCount) = L'\0';
- break;
- }
- }
- }
- LPVOID MemoryRW::applyMemory(int count, DWORD protect, DWORD type) {
- return VirtualAllocEx(hProcess, NULL, count, type, protect);
- }
- bool MemoryRW::freeMemory(LPVOID address, DWORD Size, DWORD type) {
- return VirtualFreeEx(hProcess, address, Size, type);
- }
- //**************************************************************************************
- //函数名:InfusionFunc
- //功能 :封装远程注入的函数
- //参数 1:进程ID
- //参数 2:被注入函数指针<函数名>
- //参数 3:参数
- //参数 4:参数长度
- //**************************************************************************************
- void MemoryRW::callFunc(LPVOID mFunc, DWORD mFuncSize,LPVOID Param, DWORD ParamSize)
- {
- LPVOID mFuncAddr;//申请函数内存地址
- LPVOID ParamAddr;//申请参数内存地址
- HANDLE hThread; //线程句柄
- DWORD NumberOfByte; //辅助返回值
- //打开被注入的进程句柄
- //申请内存
- mFuncAddr = applyMemory(mFuncSize);
- ParamAddr = applyMemory(ParamSize);
- //写内存
- write((int)mFuncAddr, mFunc, mFuncSize);
- write((int)ParamAddr, Param, ParamSize);
- //创建远程线程
- hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)mFuncAddr,
- ParamAddr, 0, &NumberOfByte);
- WaitForSingleObject(hThread, INFINITE); //等待线程结束
- //释放申请有内存
- freeMemory(mFuncAddr);
- freeMemory(ParamAddr);
- //释放远程句柄
- CloseHandle(hThread);
- }
复制代码 |
|