我想从一个16 MB(FFFFFF)的进程中读取内存并将其存储在一个数组中,这样当我在数组内部搜索时,如:array [i],我将成为真正的内存地址。
假设我想从000000到FFFFFF进行搜索,我想要跳转sizeof(value),从该地址获取地址并将其存储在var中。
然后if(var == value)返回地址。
我有这个: ReadProcessMemory(phandle,(无效*)地址,缓冲器,0XFFFFFF,0);
编辑:
我有这个(通过BlueWanderer回答):
class offset_buffer{ private: char *buf; int offset; public: offset_buffer(char *in_buf, int in_offset) : buf(in_buf), offset(in_offset){ } char & operator[](int in_index){ return buf[in_index - offset]; } void setOffset(int off){ offset=off; } void ReadMemory(){ LPBYTE point; DWORD primeiroAddress = 0x000000; DWORD finalAddress = 0xFFFFFF; //LPBYTE buffer = new BYTE[finalAddress-primeiroAddress]; HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,TargetPID); ReadProcessMemory(phandle,(void*)primeiroAddress, buf, sizeof(buf), 0); CloseHandle(phandle); } }; main(){ char *buffer = new char[0xFFFFFFF-0x0000000]; int address = 0x0000000; offset_buffer b(buffer,address); std::ostringstream ss; int i=0; TListItem *ListIt; b.ReadMemory(); for(address=0x0000000;address<0xFFFFFFF;address+=sizeof(int)){ if(b[address]==StrToInt(Edit1->Text.c_str())){ ss << std::hex << address; showValue(); ss.str(std::string()); } }
有什么不对?有人能帮我吗?为什么它不起作用
答案 0 :(得分:1)
你想要这样的东西吗?
class offset_buffer
{
private:
char *buf;
int offset;
public:
offset_buffer(char *in_buf, int in_offset)
: buf(in_buf), offset(in_offset)
{
}
char & operator[](int in_index)
{
return buf[in_index - offset];
}
};
它会将您的real address映射到数组中的索引
offset_buffer b(buffer, address);
if (b[0x0C2F8E3] == 123) return 0x0C2F8E3;