#include <windows.h>
#include <iostream>
using namespace std;
HANDLE g_hProcess;
BOOL ChangeMemory(DWORD dwValue)
{
const DWORD dwOneGB = 1024*1024*1024;//1GB
const DWORD dwOnePage = 4*1024;//4KB
if(g_hProcess == NULL)
{
cout<<"打开进程失败"<<endl;
return false;
}
DWORD dwBase = 64*1024;//winNT为应用程序预留的是640KB到2GB的地址空间
for(;dwBase<2*dwOneGB;dwBase += dwOnePage)
{
BYTE arBytes[4096];//一页内存4KB
if(!::ReadProcessMemory(g_hProcess,(LPVOID)dwBase,arBytes,4096,NULL))//最后一个参数是返回的实际读取的字节数
{
cout<<"此页内存不可读"<<endl;
return false;
}
DWORD* pdw;
for(int i=0;i<(int)4*1024-3;i++)
{
pdw = (DWORD*)&arBytes[i];
if(pdw[0] == 2600)
{
::WriteProcessMemory(g_hProcess,(LPVOID)(dwBase+i),&dwValue,sizeof(DWORD),NULL);//最后一个参数是成功写入的字节数
}
}
}
return true;
}
int main()
{
PROCESS_INFORMATION pi;
char szCommandLine[] = "cmd";
STARTUPINFO si;
::ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = TRUE;
BOOL bRet = ::CreateProcess(
NULL,
szCommandLine,
NULL,
NULL,
FALSE,
CREATE_NEW_CONSOLE,
NULL,
NULL,
&si,
&pi
);
if(bRet)
{
cout<<"创建进程成功,注意新进程的win版本号"<<endl;
g_hProcess = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,pi.dwProcessId);
ChangeMemory(9999);
::Sleep(6000);
}
::CloseHandle(pi.hThread);
::CloseHandle(pi.hProcess);
char a;
cin>>a;
}