/* Preprocessor directives : */
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
/* -------------------------------------------------------------------------------------------------- */
/* Contants : */
#define BASE_ADDRESS 0xFFFB0000
/* -------------------------------------------------------------------------------------------------- */
/* Struct for use in this small debugger */
typedef struct MEMORY_ADDRESSES
{
void * Addresses[10];
BYTE Storage[10];
} ProcessMem;
ProcessMem MyProcess[1] = {};
/* -------------------------------------------------------------------------------------------------- */
/* Function Prototypes : */
HANDLE GetProcess( char * ProcessName );
static void DebuggerInit( HANDLE MyProcess, ProcessMem * WriteToStruct, ProcessMem ReadStructInfo );
/* -------------------------------------------------------------------------------------------------- */
/* Main entry point */
int main( )
{
/* -------------------------------*/
/* Finds the minesweeper game */
HANDLE MineSweeper;
do
{
if ( ( MineSweeper = GetProcess( "MineSweeper.exe" ) ) != NULL ) { break; }
Sleep(1000);
} while (1);
/* -------------------------------*/
/* Initializes the information we need in our struct */
DebuggerInit( MineSweeper, &MyProcess[0], MyProcess[0] );
/* -------------------------------*/
/* Print out the information we gathered */
int offset = 0;
ProcessMem Referencer;
for(; offset < 10; offset++) { fprintf(stdout, "\t %p = %2X \n", &Referencer.Addresses[offset], Referencer.Storage[offset]); }
/* -------------------------------*/
/* Close the process handle to avoid nasty memory leaks */
CloseHandle( MineSweeper );
/* -------------------------------*/
/* Exit the proccess with 0, as required by the function declaration */
return 0;
}
/* -------------------------------------------------------------------------------------------------- */
HANDLE GetProcess( char * ProcessName )
{
HANDLE hProcessSnap;
HANDLE hProcess;
HANDLE DummyHandle = NULL;
PROCESSENTRY32 pe32;
/* Take a snapshot of all processes in the system. */
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
return DummyHandle;
}
/* Set the size of the structure before using it. */
pe32.dwSize = sizeof( PROCESSENTRY32 );
if( !Process32First( hProcessSnap, &pe32 ) )
{
CloseHandle( hProcessSnap );
exit(EXIT_FAILURE);
}
/* Walk through the snapshot, and return the process handle when
found. */
do
{
if (strcmp(pe32.szExeFile, ProcessName) == 0)
{
CloseHandle( hProcessSnap );
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
return hProcess;
}
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
return DummyHandle;
}
/* -------------------------------------------------------------------------------------------------- */
static void DebuggerInit( HANDLE MyProcess, ProcessMem * WriteToStruct, ProcessMem ReadStructInfo )
{
/* -------------------------------*/
DWORD dwErr;
BYTE abErrMsg[128];
/* -------------------------------*/
/* Stores 10 bytes from the process in tempStorage */
if ( !ReadProcessMemory( MyProcess, (PCVOID)BASE_ADDRESS, WriteToStruct->Storage, 10, NULL ) )
{
dwErr = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL,
dwErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) abErrMsg, sizeof(abErrMsg), NULL );
printf("\nError code %u : \n%s\n", (unsigned int)dwErr, abErrMsg);
exit(EXIT_FAILURE);
}
/* -------------------------------*/
/* Fills the structure with the starting addresses */
int offset = 0;
for (; offset < 10; offset++ ) { WriteToStruct->Addresses[offset] = (void *)BASE_ADDRESS + offset; }
/* -------------------------------*/
/* Return to main */
return;
}
/* -------------------------------------------------------------------------------------------------- */
上面的代码现在可以工作,但我仍然希望找到一种方法来搜索内存中的特定字节。我现在不确定如何处理这个问题,除非我只是用调试器定义地址并继续单步直到找到匹配(通过ReadProcessMemory)。这是一种有效的方法吗?或者,还有更好的方法?请帮我快速有效地找到一种方法。
答案 0 :(得分:0)
这行代码毫无意义。
/* -------------------------------*/
/* Get the process's base address */
void * BaseAddress = ( void * ) MyProcess;
进程句柄与基址不同。如果你调试你的程序,你会发现你的BaseAddress可能是一个像200这样的小数字,但如果你看一下扫雷程序的内存,你会发现地址200没有内存。
看起来你是Windows编程的新手。我建议你的第一个程序不是游戏作弊引擎,这是一个非常高级的话题。尝试更简单的事情。