- 包含头文件
1 //进程快照 2 #include<TlHelp32.h>
- 进程名
1 //进程名 2 #define exename "PlantsVsZombies.exe"
- 创建进程快照
1 HANDLE hpro=NULL; 2 3 //存储进程快照信息 4 PROCESSENTRY32 pe32 = { 0 }; 5 6 //设置进程快照结构体大小 7 pe32.dwSize = sizeof(pe32); 8 9 //创建进程快照 10 HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- 遍历进程快照
//遍历进程快照 BOOL bmore = Process32First(hprocess, &pe32); while (bmore) { //如果找到打开进程 if (strcmp(exename, pe32.szExeFile) == 0) { hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); break; } //遍历下一个 bmore = Process32Next(hprocess, &pe32); }
- 初始化指向的地址并读取
1 //用于读取 2 int *p = malloc(4); 3 //指向的地址 4 int *pfind = 0x09121D88; 5 //标识读取了几个字节 6 int size = 0; 7 //读取内存 8 ReadProcessMemory(hpro, pfind, p, 4, &size); 9 10 printf("%d", *p);
- 初始化指向的地址并写入
1 int *p = malloc(4); 2 *p = 888; 3 4 //指向的地址 5 int *pfind = 0x09121D88; 6 //标识写入了几个字节 7 int size = 0; 8 //写入 9 WriteProcessMemory(hpro, pfind, p, 4, &size);
- 关闭进程
1 TerminateProcess(hpro, 0);
完整代码
1 #include<stdio.h> 2 #include <stdlib.h> 3 #include<Windows.h> 4 //进程快照 5 #include<TlHelp32.h> 6 //进程名 7 #define exename "PlantsVsZombies.exe" 8 9 //读取进程 10 void read() 11 { 12 HANDLE hpro=NULL; 13 14 //存储进程快照信息 15 PROCESSENTRY32 pe32 = { 0 }; 16 17 //设置进程快照结构体大小 18 pe32.dwSize = sizeof(pe32); 19 20 //创建进程快照 21 HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 22 23 //遍历进程快照 24 BOOL bmore = Process32First(hprocess, &pe32); 25 while (bmore) 26 { 27 //如果找到打开进程 28 if (strcmp(exename, pe32.szExeFile) == 0) 29 { 30 hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); 31 break; 32 } 33 34 //遍历下一个 35 bmore = Process32Next(hprocess, &pe32); 36 } 37 //用于读取 38 int *p = malloc(4); 39 //指向的地址 40 int *pfind = 0x09121D88; 41 //标识读取了几个字节 42 int size = 0; 43 //读取内存 44 ReadProcessMemory(hpro, pfind, p, 4, &size); 45 46 printf("%d", *p); 47 } 48 49 //写入内存 50 void write() 51 { 52 //用于遍历进程 53 HANDLE hpro = NULL; 54 55 //存储进程快照信息 56 PROCESSENTRY32 pe32 = { 0 }; 57 58 //设置进程快照结构体大小 59 pe32.dwSize = sizeof(pe32); 60 61 //创建进程快照 62 HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 63 64 //遍历进程快照 65 BOOL bmore = Process32First(hprocess, &pe32); 66 while (bmore) 67 { 68 //如果找到打开进程 69 if (strcmp(exename, pe32.szExeFile) == 0) 70 { 71 hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); 72 break; 73 } 74 75 //遍历下一个 76 bmore = Process32Next(hprocess, &pe32); 77 } 78 int *p = malloc(4); 79 *p = 888; 80 81 //指向的地址 82 int *pfind = 0x09121D88; 83 //标识写入了几个字节 84 int size = 0; 85 //写入 86 WriteProcessMemory(hpro, pfind, p, 4, &size); 87 88 printf("%d", *p); 89 } 90 91 void main() 92 { 93 read(); 94 write(); 95 96 system("pause"); 97 }