C++内存查找实例

本文实例讲述了C++内存查找的方法，分享给大家供大家参考。具体如下：

windows程序设计中的内存查找功能，主程序代码如下：

复制代码代码如下:

// MemRepair.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <Windows.h>

BOOL FindFirst(DWORD dwValue);
BOOL FindNext(DWORD dwValue);
HANDLE g_hProcess;
DWORD g_arList[1024];
DWORD g_nListCnt;

BOOL CompareAPage(DWORD dwBaseAddr, DWORD dwValue)
{
//读取一页内存
BYTE arBytes[4096];
BOOL bRead = ::ReadProcessMemory(g_hProcess, (LPVOID)dwBaseAddr, arBytes, 4096,NULL);
if (bRead == FALSE)
{
return FALSE;
}
DWORD *pdw;
for (int i=0;i<4096-4;i++)
{

pdw = (DWORD*)&arBytes[i];
if (pdw[0] == dwValue)
{
g_arList[g_nListCnt++] = dwBaseAddr+i;
}
/*出错，应该将地址先转换成DWORD*,即指向DWORD的地址，然后再取[0]
if ((DWORD)&arBytes[i] == dwValue)
{
g_arList[g_nListCnt++] = dwBaseAddr+i;
}
*/
}
if (g_nListCnt > 1024)
{
printf("the position is large than 1024..");
return FALSE;
}
return TRUE;
}

BOOL FindFirst(DWORD dwValue)
{
const DWORD dwOneGB = 1 * 1024 *1024 *1024; // 1GB
const DWORD dwOnePage = 4* 1024; // 4K
DWORD dwBase;
OSVERSIONINFO versionInfo={0};
versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

::GetVersionEx(&versionInfo);
if (versionInfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS ) //win98
{
dwBase = 4 * 1024 *1024; // 4MB
}
else
{
dwBase = 64 * 1024; // 64KB
}
//从开始地址到2GB的空间查找
for (;dwBase<2*dwOneGB;dwBase+=dwOnePage)
{
CompareAPage(dwBase,dwValue);
}
return TRUE;
}

BOOL FindNext(DWORD dwValue)
{
DWORD dwOriCnt = g_nListCnt;
DWORD dwReadValue;
BOOL bRet = FALSE;

g_nListCnt = 0;
for (int i=0;i<dwOriCnt;i++)
{
if (::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),0))
{
if (dwReadValue == dwValue)
{
g_arList[g_nListCnt++] = g_arList[i];
bRet = TRUE;
}
}
}
return bRet;
}

void ShowList()
{
for (int i=0;i<g_nListCnt;i++)
{
printf("%08lX\\n", g_arList[i]);
}
}
BOOL WriteMemory(DWORD dwAddr, DWORD dwValue)
{
//出错的情况：写入的是&dwValue，而不是（LPVOID）dwValue
return WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);
}
int _tmain(int argc, _TCHAR* argv[])
{
g_nListCnt = 0;
memset(g_arList,0,sizeof(g_arList));

char szCommandLine[]="c:\\\\testor.exe";
STARTUPINFO si={sizeof(STARTUPINFO)};
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = TRUE;

PROCESS_INFORMATION pi;
BOOL bRet = CreateProcess(NULL, szCommandLine,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if (bRet == FALSE)
{
printf("createProcess failed…");
return -1;
}
::CloseHandle(pi.hThread);
g_hProcess = pi.hProcess;
//输入修改值
int iVal;
printf("Input iVal=");
scanf("%d", &iVal);
//进行第一次查找
FindFirst(iVal);
//打印结果
ShowList();

//再次查找
while (g_nListCnt > 1)
{
printf("input iVal:\\n");
scanf("%d",&iVal);
FindNext(iVal);
ShowList();
}

//修改值
printf("input new value:\\n");
scanf("%d",&iVal);
if (WriteMemory(g_arList[0],iVal))
{
printf("write suc…");
}

::CloseHandle(g_hProcess);
return 0;
}

测试用的程序代码如下：

复制代码代码如下:

#include "stdafx.h"
#include <stdio.h>

int g_nNum = 1003;
int _tmain(int argc, _TCHAR* argv[])
{
int i = 200;
while(1)
{
printf("i=%d,&i=%08lX…g_nNum=%d,&g_nNum=%08lX\\n\\n",i–,&i,–g_nNum,&g_nNum);
getchar();
}

return 0;
}

希望本文所述对大家的C++程序设计有所帮助。