本文介绍了一种通过精妙的内存操作实现特征码定位的C++代码,利用VirtualQueryEx和ReadProcessMemory,避开API,直接处理底层内存,以提高搜索速度。展示了对底层知识的深入理解和应用。
快速实现特征码定位
void FindMemory(DWORD pid)
{
MEMORY_BASIC_INFORMATION mbi;
DWORD memoryAddress = 0x400000;
BYTE *dataBuffer = NULL;
BOOL readReturn = 0;
HANDLE pHandle=OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
while (VirtualQueryEx(pHandle, (LPVOID)memoryAddress, &mbi, sizeof(mbi)))
{
if (mbi.Type == MEM_PRIVATE && mbi.Protect != PAGE_EXECUTE && mbi.Protect != PAGE_NOACCESS && mbi.Protect != 128)
{
dataBuffer = (BYTE*)malloc(mbi.RegionSize);
readReturn=ReadProcessMemory(pHandle, (LPVOID)memoryAddress, dataBuffer, mbi.RegionSize, 0);
if (readReturn != 0)
{
//在dataBuffer寻找字节集返回找到位置+memoryAddress=实际地址
for (int i = 0; i < mbi.RegionSize; i++)
{
//寻找自定义字节自己写把
if (dataBuffer[i] == 144 && dataBuffer[i+1] == 108)
{
cout <<"找到"<< hex << memoryAddress+i << endl;
}
}
}
}
memoryAddress = memoryAddress + mbi.RegionSize;
}
CloseHandle(pHandle);
}从代码上看,就是 第一步 进行内存属性过滤,第二步 就是拷贝内存到自身进程进行for循环遍历,这样速度不快才怪!搜索内存底层没用API函数,直接是纯汇编了。
代码整体很精妙,也是对底层知识的理解和运用!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
