本文介绍了如何使用Java JNA库从内存中搜索指定的16进制数据,包括含有问号通配符的查询以及在特定偏移量处查找连续的两个16进制值。
void test(ActionEvent event) {
//00419A61
//00419B2F
String feature1 = "66 83 78 0A 00";
// JnaProcess.searchStr(processID,feature1, 0x401000,0x453ffe);
JnaProcess.searchStr(processID,feature1,"E8 E8 F6 FF FF", 0x401000,0x453ffe,206);
}
output:
执行FindWindow成功:0
执行GetWindowThreadProcessId成功,进程ID:317496
执行OpenProcess成功,进程句柄:317496
count is 339966
copied memory size :339966
found the start binary :6683780a00
that is what i want,e:e8e8f6ffff
first address is 419a61
found the start binary :6683780a00
found the start binary :6683780a00
spend time is :1
根据起始地址查询指定的16进制数据,指定的数据中有?号
public static List<String> searchStr1(WinNT.HANDLE processID, String hexstring, int startaddress, int endaddress) {
List<String> list = new ArrayList<>();
String[] hexstringArray = hexstring.split(" ");
int count = endaddress - startaddress;
System.out.println("count is " + count);
Platform.runLater(new Runnable() {
@Override
public void run() {
long startt = System.currentTimeMillis();
Memory memory = new Memory(count);
MyKernel32.INSTANCE.ReadProcessMemory(processID, startaddress, memory, count, null);
System.out.println("copied memory size :" + memory.size());
for (int ii = 0; ii < count; ii += 1) {
String s = "";
for (int i = 0; i < hexstringArray.length; i++) {
if (ii + i < count) {
if (Integer.toHexString(memory.getByte(ii + i)).replaceAll("ffffff", "").length() == 1) {
s = s + "0" + Integer.toHexString(memory.getByte(ii + i)).replaceAll("ffffff", "");
} else {
s = s + Integer.toHexString(memory.getByte(ii + i)).replaceAll("ffffff", "");
}
if (hexstring.replaceAll(" ", "").toLowerCase().contains("?")) {
String pattern = hexstring.replaceAll(" ", "").toLowerCase().replaceAll("\\?", ".");
boolean isMatch = Pattern.matches(pattern, s);
if (isMatch) {
list.add(Integer.toHexString(startaddress + ii + i + 1 - hexstringArray.length));
System.out.println("found items:" + ii + "==" + Integer.toHexString(startaddress + ii + i + 1 - hexstringArray.length));
}
} else {
if (hexstring.replaceAll(" ", "").toLowerCase().equals(s)) {
list.add(Integer.toHexString(startaddress + ii + i + 1 - hexstringArray.length));
System.out.println("found items:" + ii + "==" + Integer.toHexString(startaddress + ii + i + 1 - hexstringArray.length));
}
}
} else {
int n = count - ii - i;
for (int iii = 0; iii < n; iii++) {
if (Integer.toHexString(memory.getByte(ii + iii)).replaceAll("ffffff", "").length() == 1) {
s = s + "0" + Integer.toHexString(memory.getByte(ii + iii)).replaceAll("ffffff", "");
} else {
s = s + Integer.toHexString(memory.getByte(ii + iii)).replaceAll("ffffff", "");
}
if (hexstring.replaceAll(" ", "").toLowerCase().contains("?")) {
String pattern = hexstring.replaceAll(" ", "").toLowerCase().replaceAll("\\?", ".");
boolean isMatch = Pattern.matches(pattern, s);
if (isMatch) {
list.add(Integer.toHexString(startaddress + ii + iii + 1 - hexstringArray.length));
System.out.println("found items:" + ii + "==" + Integer.toHexString(startaddress + ii + iii + 1 - hexstringArray.length));
}
} else {
if (hexstring.replaceAll(" ", "").toLowerCase().equals(s)) {
list.add(Integer.toHexString(startaddress + ii + iii + 1 - hexstringArray.length));
System.out.println("found items:" + ii + "==" + Integer.toHexString(startaddress + ii + iii + 1 - hexstringArray.length));
}
}
}
}
}
}
long endd = System.currentTimeMillis();
System.out.println("spend time is :" + (endd - startt) / 1000);
}
});
return list;
}
根据起始地址查询指定的16进制数据
public static List<String> searchStr(WinNT.HANDLE processID, String hexstring, int startaddress, int endaddress){
List<String> list=new ArrayList<>();
String[] hexstringArray = hexstring.split(" "
最低0.47元/天 解锁文章
扫一扫
153
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
