1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#include <Windows.h>
#include <iostream>
#include <string>
#include <vector>
BYTE* GetAddressOfData(DWORD pid, const BYTE *data, size_t len)
{
HWND hWnd = FindWindow(0, "TESTE");
GetWindowThreadProcessId(hWnd, &pid);
HANDLE process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
if(process)
{
SYSTEM_INFO si;
GetSystemInfo(&si);
MEMORY_BASIC_INFORMATION info;
std::vector<BYTE> chunk;
BYTE* p = 0;
while(p < si.lpMaximumApplicationAddress)
{
if(VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info))
{
p = (BYTE*)info.BaseAddress;
chunk.resize(info.RegionSize);
SIZE_T bytesRead;
if(ReadProcessMemory(process, p, &chunk[0], info.RegionSize, &bytesRead))
{
for(size_t i = 0; i < (bytesRead - len); ++i)
{
if(memcmp(data, &chunk[i], len) == 0)
{
return (BYTE*)p + i;
}
}
}
p += info.RegionSize;
}
}
}
return 0;
}
int main()
{
const BYTE someData[3] = {0x00, 0x00, 0x01};
DWORD pid = GetCurrentProcessId();
BYTE* ret = GetAddressOfData(pid, someData, sizeof(someData));
if(ret)
{
std::cout << "Found: " << (void*)ret << "\n";
}
else
{
std::cout << "Not found\n";
}
system("pause");
return 0;
} |
Comment chercher une chaine byte of array dans la memoire d'une autre application
Répondre avec citation
Partager