如何在另一个进程的内存中searchstring?

目前我正在使用这个function,通过在互联网上阅读几个松散相关的问题拼凑起来。 我遇到的问题是,我第一次运行它返回了一个错误,但不幸的是,我一直无法重现它。 现在当我运行它时,它每次只返回0。

DWORD GetAddressOfString(char *input) { unsigned char *p = NULL; MEMORY_BASIC_INFORMATION info; HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, _processID); for (p = NULL; VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info); p += info.RegionSize) { if (info.State == MEM_COMMIT && (info.Type == MEM_MAPPED || info.Type == MEM_PRIVATE)) { char *buffer = new char[info.RegionSize]; SIZE_T bytesRead; ReadProcessMemory(process, p, &buffer, info.RegionSize, &bytesRead); for (int i = 0; i <= (info.RegionSize - sizeof(input)); i++) { if (memcmp(input, &buffer[i], sizeof(input)) == 0) { return i; } } } } } 

Solutions Collecting From Web of "如何在另一个进程的内存中searchstring?"

这是一个快速而脏的版本,它自己搜索数据。 如果打开Notepad ++,输入“SomeDataToFind”,用正确的值替换pid,运行它,它也应该找到数据。 它可能会给你一些开始和润色,以满足您的需求。

你的代码寻找错误的长度,返回错误的偏移量,像筛子一样泄漏内存,而不是总是返回一个未定义行为的值。

 #include <Windows.h> #include <iostream> #include <string> #include <vector> char* GetAddressOfData(DWORD pid, const char *data, size_t len) { HANDLE process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid); if(process) { SYSTEM_INFO si; GetSystemInfo(&si); MEMORY_BASIC_INFORMATION info; std::vector<char> chunk; char* p = 0; while(p < si.lpMaximumApplicationAddress) { if(VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info)) { p = (char*)info.BaseAddress; chunk.resize(info.RegionSize); SIZE_T bytesRead; if(ReadProcessMemory(process, p, &chunk[0], info.RegionSize, &bytesRead)) { for(size_t i = 0; i < (bytesRead - len); ++i) { if(memcmp(data, &chunk[i], len) == 0) { return (char*)p + i; } } } p += info.RegionSize; } } } return 0; } int main() { const char someData[] = "SomeDataToFind"; std::cout << "Local data address: " << (void*)someData << "\n"; //Pass whatever process id you like here instead. DWORD pid = GetCurrentProcessId(); char* ret = GetAddressOfData(pid, someData, sizeof(someData)); if(ret) { std::cout << "Found: " << (void*)ret << "\n"; } else { std::cout << "Not found\n"; } return 0; }