|
|
发表于 2017-4-12 18:33:35
|
显示全部楼层
这是我写的一个游戏的WG读写类,包含了一些基本的读写内存,申请内存的方法,希望可以帮到你!
这是MemoryRW.h文件
#pragma once
#include <Windows.h>
#include <iostream>
#include <qvector.h>
#include<math.h>
#include<stdio.h>
#include <stdarg.h>
#define BIT(num, n, m) ((num & (m << n * 4)) > 0)
class MemoryRW
{
public:
MemoryRW(DWORD ProcessID, QString ProcessName);
~MemoryRW();
bool read(int address, LPVOID temp, int count);
bool write(int address, LPVOID temp, int count);
int readInt(int address);
bool writeInt(int address, int temp);
float readDecimal(int address);
bool writeDecimal(int address, float value);
void readWchar(int address, LPVOID temp, int count);
void callFunc(LPVOID mFunc, DWORD mFuncSize, LPVOID Param, DWORD ParamSize);
LPVOID applyMemory(int count, DWORD protect = PAGE_EXECUTE_READWRITE, DWORD type = MEM_COMMIT);
bool freeMemory(LPVOID address, DWORD Size = 0, DWORD type = MEM_RELEASE);
std::vector<int> SearchConditioncode(std::vector<byte> Conditioncode);
private:
HWND hWindows = NULL;
HANDLE hProcess = NULL;
DWORD ThreadID = NULL;
DWORD ProcessID = NULL;
unsigned long SearchBegin = 0x400000;
unsigned long SearchEnd = 0x7ffeffff;
};
这是.cpp文件#include "MemoryRW.h"
MemoryRW::MemoryRW(DWORD ProcessID, QString ProcessName)
{
char str[50];
QByteArray ba = ProcessName.toLatin1();
char * mm = ba.data();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessID);
sprintf_s(str, "process %s---processid %d", mm, ProcessID);
MessageBoxA(NULL, str, "nice", MB_OK);
}
MemoryRW::~MemoryRW()
{
}
std::vector<int> MemoryRW::SearchConditioncode(std::vector<byte> Conditioncode) {
BYTE * Conditioncode_array = new BYTE[Conditioncode.size()];
for (int i = 0; i < Conditioncode.size(); i++) {
Conditioncode_array[i] = Conditioncode[i];
}
int Conditioncode_num = Conditioncode.size();
int i, j;
std::vector<int> temp;
MEMORY_BASIC_INFORMATION mbInfo = { 0 };
const SIZE_T BaseInfoLen = sizeof(MEMORY_BASIC_INFORMATION);
BYTE *lpBuf = new BYTE[1];
DWORD dwBufSize = 1;
for (i = SearchBegin; i < SearchEnd;) {
VirtualQueryEx(hProcess, (LPCVOID)i, &mbInfo, BaseInfoLen);
if (lpBuf != NULL) {
delete[] lpBuf;
lpBuf = NULL;
}
if (BIT(mbInfo.State, 3, 1) && (BIT(mbInfo.Protect, 1, 1) || BIT(mbInfo.Protect, 1, 2) || BIT(mbInfo.Protect, 1, 4))) {
dwBufSize = mbInfo.RegionSize;
lpBuf = new BYTE[dwBufSize];
if (ReadProcessMemory(hProcess, (LPCVOID)i, lpBuf, dwBufSize, 0)) {
for (j = 0; j <= mbInfo.RegionSize - Conditioncode_num; j++) {
for (int k = 0; k < Conditioncode_num; k++) {
if (lpBuf[j + k] != Conditioncode_array[k]) {
goto s;
}
}
temp.push_back(i + j);
if (lpBuf != NULL) {
delete[] lpBuf;
lpBuf = NULL;
}
//return temp;
s:;
}
}
}
i = (int)mbInfo.BaseAddress + mbInfo.RegionSize;
}
if (lpBuf != NULL) {
delete[] lpBuf;
lpBuf = NULL;
}
delete[]Conditioncode_array;
return temp;
}
bool MemoryRW::read(int address, LPVOID temp, int count) {
if (ReadProcessMemory(hProcess, (LPCVOID)address, temp, count, 0)) {
return true;
}
else {
return false;
}
}
bool MemoryRW::write(int address, LPVOID temp, int count) {
if (WriteProcessMemory(hProcess, (LPVOID)address, temp, count, 0)) {
return true;
}
else {
return false;
}
}
int MemoryRW::readInt(int address) {
int temp = 0;
ReadProcessMemory(hProcess, (LPCVOID)address, &temp, 4, 0);
return temp;
}
bool MemoryRW::writeInt(int address, int temp) {
if (WriteProcessMemory(hProcess, (LPVOID)address, &temp, 4, 0)) {
return true;
}
else {
return false;
}
}
float MemoryRW::readDecimal(int address) {
float temp;
ReadProcessMemory(hProcess, (LPCVOID)address, &temp, 4, 0);
return temp;
}
bool MemoryRW::writeDecimal(int address, float value) {
if (WriteProcessMemory(hProcess, (LPVOID)address, &value, 4, 0)) {
return true;
}
else {
return false;
}
}
void MemoryRW::readWchar(int address, LPVOID temp, int count) {
int tempCount = 0;
wchar_t tempWchar = L'\0';
while (true)
{
wchar_t tempWchar = WORD(readInt(address + tempCount * 2));
*((WORD *)temp + tempCount) = tempWchar;
tempCount++;
if (tempWchar == L'\0' || tempCount == count - 1) {
*((WORD *)temp + tempCount) = L'\0';
break;
}
}
}
LPVOID MemoryRW::applyMemory(int count, DWORD protect, DWORD type) {
return VirtualAllocEx(hProcess, NULL, count, type, protect);
}
bool MemoryRW::freeMemory(LPVOID address, DWORD Size, DWORD type) {
return VirtualFreeEx(hProcess, address, Size, type);
}
//**************************************************************************************
//函数名:InfusionFunc
//功能 :封装远程注入的函数
//参数 1:进程ID
//参数 2:被注入函数指针<函数名>
//参数 3:参数
//参数 4:参数长度
//**************************************************************************************
void MemoryRW::callFunc(LPVOID mFunc, DWORD mFuncSize,LPVOID Param, DWORD ParamSize)
{
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
//打开被注入的进程句柄
//申请内存
mFuncAddr = applyMemory(mFuncSize);
ParamAddr = applyMemory(ParamSize);
//写内存
write((int)mFuncAddr, mFunc, mFuncSize);
write((int)ParamAddr, Param, ParamSize);
//创建远程线程
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr, 0, &NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
freeMemory(mFuncAddr);
freeMemory(ParamAddr);
//释放远程句柄
CloseHandle(hThread);
}
|
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
置顶卡
千斤顶
显身卡
发表于 2016-1-16 14:10:06
楼主
我@出来怎么没有下划线 ,我@的好用吗?
发表于 2016-1-16 15:21:43