OpenProcess
方法名称:OpenProcess
位置:Kernel32.dll
OpenProcess 函数用来打开一个已存在的进程对象,并返回进程的句柄。
HANDLE OpenProcess(
DWORD dwDesiredAccess, //渴望得到的访问权限(标志)
BOOL bInheritHandle, // 是否继承句柄
DWORD dwProcessId// 进程标示符
);
检索顶级窗口的句柄,该窗口的类名和窗口名与指定的字符串匹配。此函数不搜索子窗口。此函数不执行区分大小写的搜索。
要从指定的子窗口开始搜索子窗口,请使用FindWindowEx函数。
HWND FindWindowA(
[in, optional] LPCSTR lpClassName,
[in, optional] LPCSTR lpWindowName
);
具体参数介绍 FindWindowA function (winuser.h) - Win32 apps | Microsoft Docs
1.读取进程内存值
BOOL ReadProcessMemory(
HANDLE hProcess, // 被读取进程的句柄;
LPCVOID lpBaseAddress, // 读的起始地址;
LPVOID lpBuffer, // 存放读取数据缓冲区;
DWORD nSize, // 一次读取的字节数;
LPDWORD lpNumberOfBytesRead // 实际读取的字节数;
);
ReadProcessMemory是一个内存操作函数, 其作用为根据进程句柄读入该进程的某个内存空间;函数原型为BOOL ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead); 由布尔声明可以看出, 当函数读取成功时返回1, 失败则返回0, 具体参数含义将在下文中指出。
案例:
#include <iostream>
#include <Windows.h>
using namespace std;
int main(){
int readTest = 0; // We store the Value we read from the Process here
HWND hwnd = FindWindowA(NULL, "Tutorial-x86_64"); // HWND (Windows window) by Window Name
// Check if HWND found the Window
if (hwnd == NULL) {
cout << "Can't find Process." << endl;
Sleep(2000); // Sleep 2 seconds
exit(-1); // Exit the program if it did not find the Window
} else {
DWORD procID; // A 32-bit unsigned integer, DWORDS are mostly used to store Hexadecimal Addresses
GetWindowThreadProcessId(hwnd, &procID); // Getting our Process ID, as an ex. like 000027AC
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID); // Opening the Process with All Access
if (procID == NULL) {
cout << "Can't find Process." << endl;
Sleep(2000); // Sleep 2 seconds
exit(-1); // Exit the program if it did not find the Window
} else {
// Read the Process Memory, 03007640 is the Address, we read the Value from and save it in readTest
ReadProcessMemory(handle, (PBYTE*)0x03007640, &readTest, sizeof(readTest), 0);
cout << readTest << endl;
Sleep(5000); // Sleep 5 seconds
}
}
}2.写内存值
BOOL WriteProcessMemory(
HANDLE hProcess, //进程的句柄
LPVOID lpBaseAddress, // 写入进程的位置
LPVOID lpBuffer, //数据当前存放地址
DWORD nSize, //数据的长度
LPDWORD lpNumberOfBytesWritten //实际数据的长度
);
WriteProcessMemory是计算机语言中的一种函数。此函数能写入某一进程的内存区域(直接写入会出Access Violation错误),故需此函数入口区必须可以访问,否则操作将失败。
案例:
#include <iostream>
#include <Windows.h>
using namespace std;
int main() {
int newValue = 5000; // The new Value we set on the address
HWND hwnd = FindWindowA(NULL, "Tutorial-x86_64"); // HWND (Windows window) by Window Name
// Check if HWND found the Window
if (hwnd == NULL) {
cout << "Can't find Process." << endl;
Sleep(2000); // Sleep 2 seconds
exit(-1); // Exit the program if it did not find the Window
}
else {
DWORD procID; // A 32-bit unsigned integer, DWORDS are mostly used to store Hexadecimal Addresses
GetWindowThreadProcessId(hwnd, &procID); // Getting our Process ID, as an ex. like 000027AC
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID); // Opening the Process with All Access
if (procID == NULL) {
cout << "Can't find Process." << endl;
Sleep(2000); // Sleep 2 seconds
exit(-1); // Exit the program if it did not find the Window
}
else {
// Write the newValue into the Process Memory, 03007640 is the Address
WriteProcessMemory(handle, (PBYTE*)0x03007640, &newValue, sizeof(newValue), 0);
Sleep(5000); // Sleep 5 seconds
}
}
}
112
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
