Skip to content

Instantly share code, notes, and snippets.

@lxfly2000

lxfly2000/readmem.cpp

Created November 3, 2017 09:12
Show Gist options
  • Save lxfly2000/d7a2eba66c4038002b93e0dd94e81317 to your computer and use it in GitHub Desktop.
Save lxfly2000/d7a2eba66c4038002b93e0dd94e81317 to your computer and use it in GitHub Desktop.
Download ZIP
任意进程的内存读取/修改
Raw
readmem.cpp
#include<iostream>
#include<string>
#include<Windows.h>
#include<TlHelp32.h>
DWORD QueryFirstPIDOfProcessName(LPCWSTR pn)
{
PROCESSENTRY32 pe;
pe.dwSize = sizeof pe;
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
for (BOOL notend = Process32First(hProcessSnap, &pe); notend; notend = Process32Next(hProcessSnap, &pe))
{
if (lstrcmp(pn, pe.szExeFile) == 0)
return pe.th32ProcessID;
}
return 0;
}
int main()
{
DWORD pid;
DWORD_PTR addr = 1;
std::wstring input;
std::cout << "PID:";
std::getline(std::wcin, input);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid = QueryFirstPIDOfProcessName(input.c_str()));
BYTE membuf[8];
std::cout << pid << std::endl;
std::cin.setf(std::ios::hex, std::ios::basefield);
while (addr != 0)
{
std::cin >> addr;
if (!ReadProcessMemory(hProcess, (void*)addr, membuf, sizeof membuf, NULL))
std::cout << "[FALSE]" << GetLastError();
//可用WriteProcessMemory写入,参数与ReadProcessMemory一样。
printf("%p %016llx\n", (void*)addr, *(int64_t*)membuf);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment