时间:2013-03-22 14:21:01 来源:互联网 阅读次数:16777215
//在这页中查找
DWORD* pageDword;
for(int i=0; i<(int)4*1024; i++)
{
pageDword = (DWORD*)&pageByte[i];
if (pageDword[0] == valueChange)
{
if (addrCount >= 1024)
{
return FALSE;
}
//添加到全局变量中
addrList[addrCount] = baseAddr + i;
addrCount++;
}
}
}
BOOL CMemoRepairDlg::FirstFind(DWORD valueChange)
{
const DWORD dwOneGB = 1024*1024*1024;
const DWORD dwOnePage = 4096;
if (hProcess == NULL)
{
return FALSE;
}
//操作系统类型
DWORD systemBase;
OSVERSIONINFO vinfo ={sizeof(vinfo)};
::GetVersionEx(&vinfo);
if (vinfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
{
systemBase = 4*1024*1024;
}
else
{
systemBase = 640*1024;
}
//在开始地址到2GB的地址空间查找
for (; systemBase < 2*dwOneGB; systemBase += dwOnePage)
{
ComparePage(systemBase, valueChange);
}
return TRUE;
}
BOOL CMemoRepairDlg::NextFind(DWORD valueChange)
{
//保存地址个数,初始化addrCount的值
int mOrgCnt = addrCount;
addrCount = 0;
BOOL bRet = FALSE;
DWORD dwReadValue;
for (int i=0; i
if (::ReadProcessMemory(hProcess,(LPVOID)addrList[i],&dwReadValue,sizeof(DWORD),NULL))
{
if (dwReadValue == valueChange)
{
addrList[addrCount] = addrList[i];
addrCount++;
bRet = TRUE;
}
}
}
return bRet;
}
void CMemoRepairDlg::ShowList()
{
editStr ="";
CString str="";
UpdateData(FALSE);
editStr.Format("%d个相同的地址.",addrCount);
for(int i=0; i
str.Format("%s %d '\n';",editStr, addrList[i]);
editStr = str;
}
UpdateData(FALSE);
}
BOOL CMemoRepairDlg::WriteMemory(DWORD valueAddr, DWORD valueChange)
{
return ::WriteProcessMemory(hProcess, (LPVOID)valueAddr, &valueChange, sizeof(DWORD), NULL);
}
再就是新建一个程序,作为启动的进程程序:Testor
这个程序的Testor.exe文件将影响到上面启动进程的路径。 Testor.cpp:
#include
using namespace std; int ChangeNum = 0; //全局变量
int main()
{
int insideNum = 200; //局部变量
ChangeNum = 1600;
while (true)
{
printf(" insideNum = %d, addr = %X; ChangeNum = %d, addr = %X \n",
++insideNum, &insideNum, ++ChangeNum, &ChangeNum);
getchar();
}
return 0;
}
};
