windows api学习笔记-读写其他进程的内存

liulun

发布于 2022-05-09 11:40:19

4860

发布于 2022-05-09 11:40:19

文章被收录于专栏：liulunliulun

#include <windows.h>
#include <iostream>
using namespace std;


HANDLE g_hProcess;

BOOL ChangeMemory(DWORD dwValue)
{
	const DWORD dwOneGB = 1024*1024*1024;//1GB
	const DWORD dwOnePage = 4*1024;//4KB
	if(g_hProcess == NULL)
	{
		cout<<"打开进程失败"<<endl;
		return false;
	}
	DWORD dwBase = 64*1024;//winNT为应用程序预留的是640KB到2GB的地址空间
	for(;dwBase<2*dwOneGB;dwBase += dwOnePage)
	{
		BYTE arBytes[4096];//一页内存4KB
		if(!::ReadProcessMemory(g_hProcess,(LPVOID)dwBase,arBytes,4096,NULL))//最后一个参数是返回的实际读取的字节数
		{
			cout<<"此页内存不可读"<<endl;
			return false;
		}
		DWORD* pdw;
		for(int i=0;i<(int)4*1024-3;i++)
		{
			pdw = (DWORD*)&arBytes[i];
			if(pdw[0] == 2600)
			{
				::WriteProcessMemory(g_hProcess,(LPVOID)(dwBase+i),&dwValue,sizeof(DWORD),NULL);//最后一个参数是成功写入的字节数
			}
		}
	}
	return true;
}
int main()
{
	PROCESS_INFORMATION pi;
	char szCommandLine[] = "cmd";
	STARTUPINFO si;
	::ZeroMemory(&si,sizeof(si));
	si.cb = sizeof(si);
	si.dwFlags = STARTF_USESHOWWINDOW;
	si.wShowWindow = TRUE;
	BOOL bRet = ::CreateProcess(
		NULL,
		szCommandLine,
		NULL,
		NULL,
		FALSE,
		CREATE_NEW_CONSOLE,
		NULL,
		NULL,
		&si,
		&pi
		);
	if(bRet)
	{
		cout<<"创建进程成功，注意新进程的win版本号"<<endl;
		g_hProcess = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,pi.dwProcessId);
		ChangeMemory(9999);
		::Sleep(6000);
	}
	::CloseHandle(pi.hThread);
	::CloseHandle(pi.hProcess);
	char a;
	cin>>a;
}

本文参与腾讯云自媒体分享计划，分享自作者个人站点/博客。

原始发表：2010-02-04，如有侵权请联系 cloudcommunity@tencent.com 删除

api