C++内存查找实例

// MemRepair.cpp : 定义控制台应用程序的入口点。 
// 
 
#include "stdafx.h" 
#include <Windows.h> 
 
BOOL FindFirst(DWORD dwValue); 
BOOL FindNext(DWORD dwValue); 
HANDLE g_hProcess; 
DWORD g_arList[1024]; 
DWORD g_nListCnt; 
 
BOOL CompareAPage(DWORD dwBaseAddr, DWORD dwValue) 
{ 
    //读取一页内存 
    BYTE arBytes[4096]; 
    BOOL bRead = ::ReadProcessMemory(g_hProcess, (LPVOID)dwBaseAddr, arBytes, 4096,NULL); 
    if (bRead == FALSE) 
    { 
        return FALSE; 
    } 
    DWORD *pdw; 
    for (int i=0;i<4096-4;i++) 
    { 
         
        pdw = (DWORD*)&arBytes[i];  
        if (pdw[0] == dwValue) 
        { 
            g_arList[g_nListCnt++] = dwBaseAddr+i; 
        } 
        /*出错，应该将地址先转换成DWORD*,即指向DWORD的地址，然后再取[0]
        if ((DWORD)&arBytes[i] == dwValue)
        {
            g_arList[g_nListCnt++] = dwBaseAddr+i;
        }
        */ 
    } 
    if (g_nListCnt > 1024) 
    { 
        printf("the position is large than 1024.."); 
        return FALSE; 
    } 
    return TRUE; 
} 
 
BOOL FindFirst(DWORD dwValue) 
{ 
    const DWORD dwOneGB = 1 * 1024 *1024 *1024; // 1GB 
    const DWORD dwOnePage = 4* 1024; // 4K 
    DWORD dwBase; 
    OSVERSIONINFO versionInfo={0}; 
    versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 
 
    ::GetVersionEx(&versionInfo); 
    if (versionInfo.dwPlatformId ==  VER_PLATFORM_WIN32_WINDOWS ) //win98 
    { 
        dwBase = 4 * 1024 *1024; // 4MB 
    } 
    else 
    { 
        dwBase = 64 * 1024; // 64KB 
    } 
    //从开始地址到2GB的空间查找 
    for (;dwBase<2*dwOneGB;dwBase+=dwOnePage) 
    { 
        CompareAPage(dwBase,dwValue); 
    } 
    return TRUE; 
} 
 
BOOL FindNext(DWORD dwValue) 
{ 
    DWORD dwOriCnt = g_nListCnt; 
    DWORD dwReadValue; 
    BOOL bRet = FALSE; 
 
    g_nListCnt = 0; 
    for (int i=0;i<dwOriCnt;i++) 
    { 
        if (::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),0)) 
        { 
            if (dwReadValue == dwValue) 
            { 
                g_arList[g_nListCnt++] = g_arList[i]; 
                bRet = TRUE;             
            } 
        } 
    } 
    return bRet; 
} 
 
void ShowList() 
{ 
    for (int i=0;i<g_nListCnt;i++) 
    { 
        printf("%08lX\n", g_arList[i]); 
    } 
} 
BOOL WriteMemory(DWORD dwAddr, DWORD dwValue) 
{ 
    //出错的情况：写入的是&dwValue，而不是（LPVOID）dwValue 
    return WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL); 
} 
int _tmain(int argc, _TCHAR* argv[]) 
{ 
    g_nListCnt = 0; 
    memset(g_arList,0,sizeof(g_arList)); 
 
    char szCommandLine[]="c:\\testor.exe"; 
    STARTUPINFO si={sizeof(STARTUPINFO)}; 
    si.dwFlags = STARTF_USESHOWWINDOW; 
    si.wShowWindow = TRUE; 
 
    PROCESS_INFORMATION pi; 
    BOOL bRet = CreateProcess(NULL, szCommandLine,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi); 
    if (bRet == FALSE) 
    { 
        printf("createProcess failed..."); 
        return -1; 
    } 
    ::CloseHandle(pi.hThread); 
    g_hProcess = pi.hProcess; 
    //输入修改值 
    int iVal; 
    printf("Input iVal="); 
    scanf("%d", &iVal); 
    //进行第一次查找 
    FindFirst(iVal); 
    //打印结果 
    ShowList(); 
 
    //再次查找 
    while (g_nListCnt > 1) 
    { 
        printf("input iVal:\n"); 
        scanf("%d",&iVal); 
        FindNext(iVal); 
        ShowList(); 
    } 
 
    //修改值 
    printf("input new value:\n"); 
    scanf("%d",&iVal); 
    if (WriteMemory(g_arList[0],iVal)) 
    { 
        printf("write suc..."); 
    } 
     
    ::CloseHandle(g_hProcess); 
    return 0; 
}

#include "stdafx.h" 
#include <stdio.h> 
 
int g_nNum = 1003; 
int _tmain(int argc, _TCHAR* argv[]) 
{ 
    int i = 200; 
    while(1) 
    { 
        printf("i=%d,&i=%08lX...g_nNum=%d,&g_nNum=%08lX\n\n",i--,&i,--g_nNum,&g_nNum); 
        getchar(); 
    } 
     
    return 0; 
}