VC++信息安全编程（8）实现扫描内存，实现内存读写

最新推荐文章于 2022-09-09 11:11:00 发布

尹成

最新推荐文章于 2022-09-09 11:11:00 发布

阅读量5.7k

点赞数 2

CC 4.0 BY-SA版权

分类专栏： VC++编程技术 Visual C++2010编程技术 Visual Studio2012 Windows8 VisualC++信息安全编程文章标签： vc++ 编程 header null access dos

本文链接：https://blog.csdn.net/itcastcpp/article/details/7072410

本文探讨了在VC++中实现内存扫描和读写的重要技术，这对于开发杀毒软件至关重要。通过引用并分析美国专家编写的PSAPI.DLL，展示了具体的代码实现过程。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

扫描内存，实现内存读写是杀毒软件必备的功能，这个功能如何实现呢，

请见代码实现与分析

调用美国大牛写的PSAPI.DLL

#include "stdafx.h"
#include "DoProcess.h"
#include "DoProcessDlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
char ch[]="zhao1234";
/////////////////////////////////////////////////////////////////////////////
// CDoProcessDlg dialog

CDoProcessDlg::CDoProcessDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CDoProcessDlg::IDD, pParent)
{
	//{
  
  {AFX_DATA_INIT(CDoProcessDlg)
	m_Code = _T("zhao1234");
	m_Ebase = _T("");
	m_Esize = _T("");
	m_Eaddress = _T("");
	m_Edata = _T("");
	m_EAdd_Change = _T("");
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CDoProcessDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{
  
  {AFX_DATA_MAP(CDoProcessDlg)
	DDX_Control(pDX, IDC_LIST2, m_list);
	DDX_Control(pDX, IDC_ScanProcess, m_Scan);
	DDX_Text(pDX, IDC_Code, m_Code);
    DDX_Control(pDX, IDC_LIST1, m_lCtrl);
	DDX_Text(pDX, IDC_Ebase, m_Ebase);
	DDX_Text(pDX, IDC_Esize, m_Esize);
	DDV_MaxChars(pDX, m_Esize, 2000);
	DDX_Text(pDX, IDC_Eaddress, m_Eaddress);
	DDX_Text(pDX, IDC_Edata, m_Edata);
	DDX_Text(pDX, IDC_EAdd_Change, m_EAdd_Change);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CDoProcessDlg, CDialog)
	//{
  
  {AFX_MSG_MAP(CDoProcessDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_GetProcess, OnGetProcess)
	ON_BN_CLICKED(IDC_GetProcess2, OnGetProcess2)
	ON_BN_CLICKED(IDC_KillProcess, OnKillProcess)
	ON_BN_CLICKED(IDC_ScanProcess, OnScanProcess)
	ON_BN_CLICKED(IDC_ReadMem, OnReadMem)
	ON_EN_CHANGE(IDC_Code, OnChangeCode)
	ON_EN_CHANGE(IDC_Ebase, OnChangeEbase)
	ON_EN_CHANGE(IDC_Esize, OnChangeEsize)
	ON_NOTIFY(NM_DBLCLK, IDC_LIST1, OnDblclkList1)
	ON_EN_CHANGE(IDC_Eaddress, OnChangeEaddress)
	ON_EN_CHANGE(IDC_Edata, OnChangeEdata)
	ON_BN_CLICKED(IDC_BWriteMem, OnBWriteMem)
	ON_BN_CLICKED(IDC_BEnumAllDLL, OnBEnumAllDLL)
	ON_BN_CLICKED(IDC_BChangeAttr, OnBChangeAttr)
	ON_EN_CHANGE(IDC_EAdd_Change, OnChangeEAddChange)
	ON_BN_CLICKED(IDC_BgetModule, OnBgetModule)
	ON_BN_CLICKED(IDC_BGetAllDLL2, OnBGetAllDLL)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CDoProcessDlg message handlers

BOOL CDoProcessDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	// TODO: Add extra initialization here

    ListView_SetExtendedListViewStyleEx(m_lCtrl.m_hWnd, LVS_EX_FULLROWSELECT|
		LVS_SORTDESCENDING, 0xFFFFFFFF); 	
    m_lCtrl.InsertColumn(0,"序号",HDF_LEFT,50,0);
    m_lCtrl.InsertColumn(1,"进程ID",HDF_LEFT,60,0);	
    m_lCtrl.InsertColumn(2,"路径",HDF_LEFT,560,0);	
    m_lCtrl.InsertColumn(3,"基地址",HDF_LEFT,60,0);
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CDoProcessDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CDoProcessDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CDoProcessDlg::OnGetProcess() 
{
m_list.ResetContent();
m_lCtrl.DeleteAllItems();
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
//枚举系统进程ID列表
if(!EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )return;
// Calculate how many process identifiers were returned.
//计算进程数量
cProcesses = cbNeeded / sizeof(DWORD);
// 输出每个进程的名称和ID
for ( i = 0; i < cProcesses; i++ )PrintProcessNameAndID( aProcesses[i],i);

}


void CDoProcessDlg::PrintProcessNameAndID( DWORD processID ,int n)
{
char szProcessName[MAX_PATH] = "unknown";

//取得进程的句柄
HANDLE hProcess=OpenProcess( PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,processID);
//取得进程名称
if ( hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
if(EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
  //GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName) );
//该函数得到进程文件名
  GetModuleFileNameEx(hProcess,hMod,szProcessName, sizeof(szProcessName));
//该函数得到进程全文件名路径
 //回显进程名称和ID
CString inf0,inf1,inf2,inf3;

CFile fp;
if(fp.Open(szProcessName,CFile::modeRead)){
	IMAGE_DOS_HEADER      dos_header;
	IMAGE_NT_HEADERS      nt_header;
	fp.Read(&dos_header,sizeof(dos_header));
	fp.Seek(dos_header.e_lfanew,CFile::begin);
    fp.Read(&nt_header,sizeof(nt_header));
	fp.Close();
    inf3.Format("%X",nt_header.OptionalHeader.ImageBase);

}
else inf3="unknown";

inf0.Format("%d",n);
inf1.Format("%s",szProcessName);
inf2.Format("%d",processID);
m_lCtrl.InsertItem(0,"");//插入行
m_lCtrl.SetItemText(0,0,inf0);
m_lCtrl.SetItemText(0,1,inf2);//设置该行的不同列的显示字符
m_lCtrl.SetItemText(0,2,inf1);
m_lCtrl.SetItemText(0,3,inf3);
CloseHandle( hProcess );
}
}

void CDoProcessDlg::OnGetProcess2() 
{
//m_List.ResetContent();
//m_List