当然这个在书上已经有了很多的解释,今天也太晚了,所以不再赘述,直接贴代码了。
我的和书上的是不大一样的,这个是你可以输入你想要修改的程序名称,之后查找值,最后修改。
如下:
1 #include<stdio.h> 2 #include<string.h> 3 #include<stdlib.h> 4 #include<windows.h> 5 #include<tlhelp32.h> 6 7 //预定义区 8 #define ONEPAGE 4096 9 #define ONEGB 1024*1024*1024 10 11 //全局定义区 12 HANDLE g_hProcess; 13 DWORD g_arList[1024]; 14 DWORD g_nList; 15 bool FindFirst(DWORD dwValue); 16 bool FindNext(DWORD dwValue); 17 18 //一般函数区 19 bool CompareAPage(DWORD dwAddrBase,DWORD dwValue) 20 { 21 BYTE arList[4096]; 22 bool bRet = false; 23 if(g_hProcess == NULL) 24 { 25 return bRet; 26 } 27 if( !::ReadProcessMemory(g_hProcess,(LPCVOID)dwAddrBase,arList,4096,NULL) ) 28 return bRet; 29 for(int i = 0;i<ONEPAGE-3;i++) 30 { 31 int temp = *((int*)(arList+i)); 32 if( temp == dwValue ) 33 { 34 g_arList[g_nList++] = (DWORD)(dwAddrBase+i); 35 bRet = true; 36 } 37 } 38 return bRet; 39 } 40 bool FindFirst(DWORD dwValue) 41 { 42 const DWORD OnePage = 4*1024; 43 const DWORD OneGb = 1024*1024*1024; 44 OSVERSIONINFO vi = {sizeof(vi)}; 45 bool bRet = false; 46 ::GetVersionEx(&vi); 47 for( 48 DWORD dwBase = (vi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS?4*1024*1024:64*1024); 49 dwBase<2*OneGb; 50 dwBase += OnePage 51 ) 52 { 53 if(CompareAPage(dwBase,dwValue)) 54 { 55 bRet = true; 56 } 57 } 58 59 return bRet; 60 } 61 bool FindNext(DWORD dwValue) 62 { 63 DWORD m_nList = g_nList; 64 g_nList = 0; 65 bool bRet = false; 66 DWORD dwTemp; 67 for(int i = 0;i<m_nList;i++) 68 { 69 if(::ReadProcessMemory(g_hProcess,(LPCVOID)g_arList[i],&dwTemp,sizeof(dwTemp),NULL)) 70 { 71 if(dwTemp == dwValue) 72 { 73 g_arList[g_nList++] = g_arList[i]; 74 bRet = true; 75 } 76 } 77 } 78 79 return bRet; 80 } 81 void ShowList() 82 { 83 for(int i = 0;i<g_nList;i++) 84 { 85 printf("%08X ",g_arList[i]); 86 } 87 } 88 bool WriteMemory(LPVOID lpvAddr,DWORD dwValue) 89 { 90 return ::WriteProcessMemory(g_hProcess,lpvAddr,(LPCVOID)&dwValue,sizeof(dwValue),NULL); 91 } 92 HANDLE SearchFromName(const char*cName) 93 { 94 PROCESSENTRY32 pe32; 95 pe32.dwSize = sizeof(pe32); 96 HANDLE hSnapshotProcess = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 97 if(hSnapshotProcess == INVALID_HANDLE_VALUE) 98 { 99 return NULL; 100 } 101 bool bMore = ::Process32First(hSnapshotProcess,&pe32); 102 printf("%s ",pe32.szExeFile); 103 while(bMore) 104 { 105 printf("%s ",pe32.szExeFile); 106 if(strcmp(pe32.szExeFile,cName) == 0) 107 { 108 return ::OpenProcess(PROCESS_ALL_ACCESS,false,pe32.th32ProcessID); 109 } 110 bMore = ::Process32Next(hSnapshotProcess,&pe32); 111 } 112 return NULL; 113 } 114 int main(int argc,char* argv[]) 115 { 116 char szNameExeFile[30]; 117 DWORD dwValue; 118 scanf("%s",szNameExeFile); 119 g_hProcess = SearchFromName(szNameExeFile); 120 if(g_hProcess == NULL) 121 { 122 printf("Not useful handle! "); 123 system("pause"); 124 return 0; 125 } 126 scanf("%d",&dwValue); 127 g_nList = 0; 128 FindFirst(dwValue); 129 ShowList(); 130 while(g_nList > 2) 131 { 132 scanf("%d",&dwValue); 133 FindNext(dwValue); 134 ShowList(); 135 } 136 printf("Success! And The Value you want to change is:"); 137 scanf("%d",&dwValue); 138 WriteMemory((LPVOID)g_arList[0],dwValue); 139 return 0; 140 }
测试程序是这个:
1 #include<stdio.h> 2 int g_nNum; 3 int main(int argc,char* argv[]) 4 { 5 int i = 198; 6 g_nNum = 1003; 7 8 while(1) 9 { 10 printf("i = %d,addr = %08X; g_nNum = %d,addr = %08X ",++i,&i,--g_nNum,&g_nNum); 11 getchar(); 12 } 13 return 0; 14 }