类似CE的read/writeIntger函数(外部) 完整版项目在这里
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <vector>
#include <regex>
#include <sstream>
#include <string>
// global
DWORD pid = 0;
HANDLE hProcess = 0;
// 获取进程名的pid
DWORD getPID(const wchar_t* name)
{
DWORD pid = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
if (Process32First(hSnap, &pe))
{
do {
if (!_wcsicmp(pe.szExeFile, name)) {
pid = pe.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &pe));
}
}
CloseHandle(hSnap);
return pid;
}
// 获取模块基址
uintptr_t getModuleBaseAddress(DWORD pid, const wchar_t* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 me;
me.dwSize = sizeof(me);
if (Module32First(hSnap, &me))
{
do {
if (!_wcsicmp(me.szModule, modName)) {
modBaseAddr = (uintptr_t)me.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &me));
}
}
CloseHandle(hSnap);
return modBaseAddr;
}
std::string replaceString(std::string origenString, std::string replaceString, std::string newValue)
{
int startIndex = origenString.find(replaceString);
int endIndex = replaceString.size();
return origenString.replace(startIndex - 1, endIndex + 2, newValue);
}
uintptr_t hexStr2Hex(std::string hexStr)
{
uintptr_t r;
std::stringstream(hexStr) >> std::hex >> r;
return r;
}
struct SplitListItem
{
std::string key;
std::string value;
};
std::vector<SplitListItem> splitString(std::string origenString, std::regex pattern)
{
std::smatch result;
std::string::const_iterator iterStart = origenString.begin();
std::string::const_iterator iterEnd = origenString.end();
std::vector<std::string> splitList = {};
std::vector<std::string> splitKeys = {};
std::vector<SplitListItem> resultSplitList = {};
while (regex_search(iterStart, iterEnd, result, pattern))
{
splitList.emplace_back(iterStart, result[0].first);
splitKeys.push_back(result[0].str());
iterStart = result[0].second;
}
splitList.emplace_back(iterStart, iterEnd);
for (size_t i = 0; i < splitList.size(); i++)
{
resultSplitList.push_back(SplitListItem{ i > 0 ? splitKeys[i - 1] : "", splitList[i] });
}
return resultSplitList;
}
uintptr_t getOffsetsAddress(std::string address, uintptr_t nextValue = 0)
{
std::string str = std::regex_replace(address, (std::regex)"\s", "") ;
std::smatch result;
std::regex pattern(".*\[([^\[\]]+)\].*");
std::regex_match(str, result, pattern);
if (result.size() == 0)
{
if (str.size() == 0) {
return nextValue;
}
std::vector<SplitListItem> r = splitString(str, (std::regex)"[+-]");
uintptr_t a = hexStr2Hex(r[0].value);
if (a == 0 && r[0].value != "0")
{
// 符号
a = getModuleBaseAddress(
pid,
std::wstring(r[0].value.begin(), r[0].value.end()).c_str()
);
}
uintptr_t b = hexStr2Hex(r[1].value);
if (r[1].key == "+") a += b;
if (r[1].key == "-") a -= b;
return a;
}
std::vector<SplitListItem> r = splitString(result[1], (std::regex)"[+-]");
uintptr_t data = 0;
for (size_t i = 0; i < r.size(); i++)
{
uintptr_t v = hexStr2Hex(r[i].value);
if (v == 0 && r[i].value != "0")
{
// 符号
data += getModuleBaseAddress(
pid,
std::wstring(r[i].value.begin(), r[i].value.end()).c_str()
);
}
else
{
if (r[i].key == "+") data += v;
if (r[i].key == "-") data -= v;
ReadProcessMemory(hProcess, (LPCVOID)data, &data, 4, 0);
}
}
std::stringstream hexData;
hexData << std::hex << data;
std::string newOrigenString = replaceString(str, result[1], hexData.str());
return getOffsetsAddress(newOrigenString, data);
}
uintptr_t readIntger(std::string address)
{
uintptr_t r = getOffsetsAddress(address);
if (r == 0) return 0;
ReadProcessMemory(hProcess, (LPCVOID)r, &r, 4, 0);
return r;
}
uintptr_t writeIntger(std::string address, uintptr_t newInt)
{
uintptr_t r = getOffsetsAddress(address);
if (r == 0) return 0;
WriteProcessMemory(hProcess, (LPVOID)r, (LPCVOID)&newInt, 4, 0);
return r;
}
int main()
{
// 地址: [game.exe+009E820C]+338
std::string mainname = "game.exe";
pid = getPID(std::wstring(mainname.begin(), mainname.end()).c_str());
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess == NULL) return 0;
std::cout << readIntger("game.exe+009E820C") << std::endl;
std::cout << readIntger("[game.exe + 009E820C] + 338") << std::endl;
writeIntger("[game.exe+ 009E820C] + 338", 20);
CloseHandle(hProcess);
return 0;
}
原文链接: https://www.cnblogs.com/ajanuw/p/13360898.html
欢迎关注
微信关注下方公众号,第一时间获取干货硬货;公众号内回复【pdf】免费获取数百本计算机经典书籍;
也有高质量的技术群,里面有嵌入式、搜广推等BAT大佬
原创文章受到原创版权保护。转载请注明出处:https://www.ccppcoding.com/archives/369576
非原创文章文中已经注明原地址,如有侵权,联系删除
关注公众号【高性能架构探索】,第一时间获取最新文章
转载文章受原作者版权保护。转载请注明原作者出处!
