1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
|
#include <Windows.h>
#include <iostream>
#include <string>
#include <vector>
#include <stdio.h>
#include <tlhelp32.h>
#include <cstdlib>
DWORD ProcId = 0;
void GetProcId(const char* ProcName)
{
PROCESSENTRY32 pe32;
HANDLE hSnapshot = NULL;
pe32.dwSize = sizeof( PROCESSENTRY32 );
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( Process32First( hSnapshot, &pe32 ) )
{
do{
if( strcmp( pe32.szExeFile, ProcName ) == 0 )
break;
}while( Process32Next( hSnapshot, &pe32 ) );
}
if( hSnapshot != INVALID_HANDLE_VALUE )
CloseHandle( hSnapshot );
ProcId = pe32.th32ProcessID;
}
char* GetAddressOfData(DWORD pid, const char *data, size_t len)
{
HANDLE process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, pid);
if(process)
{
SYSTEM_INFO si;
GetSystemInfo(&si);
MEMORY_BASIC_INFORMATION info;
std::vector<char> chunk;
char* p = 0;
std::cout << si.lpMaximumApplicationAddress;
while(p < si.lpMaximumApplicationAddress)
{
if(VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info))
{
chunk.resize(info.RegionSize);
SIZE_T bytesRead;
if(ReadProcessMemory(process, p, &chunk[0], info.RegionSize, &bytesRead))
{
for(size_t i = 0; i < (bytesRead - len); ++i)
{
if(memcmp(data, &chunk[i], len) == 0)
{
return (char*)p + i;
}
}
}
p += info.RegionSize;
std::cout << ".";
}
}
}
return 0;
}
int main(){
std::string ProcName;
ProcName = "javaw.exe";
GetProcId(ProcName.c_str());
std::string input;
input = "Test";
int pid = ProcId;
char* ret = GetAddressOfData(pid, input.c_str(), sizeof(input.c_str()));
if(ret){
std::cout << "Found Addr: " << (void*)ret << "\n";
}
else{
std::cout << "Not found\n";
}
return 0;
}
| |