内存修改器

最新推荐文章于 2021-11-11 11:02:27 发布

wumn29

最新推荐文章于 2021-11-11 11:02:27 发布

阅读量333

点赞数 1

本文链接：https://blog.csdn.net/wumn29/article/details/17099849

版权

// ModifyMemery.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <iostream>
using namespace std;
#include <Psapi.h>
#pragma comment (lib,"Psapi.lib")

bool AdjustProcessTokenPrivilege()
{
  LUID luidTmp;
  HANDLE hToken;
 TOKEN_PRIVILEGES tkp;

 if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
 {
	 cout<<"AdjustProcessTokenPrivilege OpenProcessToken Failed ! \n"<<endl;

	 return false;
 }

 if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidTmp))
 {
	 cout<<"AdjustProcessTokenPrivilege LookupPrivilegeValue Failed ! \n"<<endl;

	 CloseHandle(hToken);

	 return FALSE;
 }

 tkp.PrivilegeCount = 1;
 tkp.Privileges[0].Luid = luidTmp;
 tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

 if(!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
 {
	 cout<<"AdjustProcessTokenPrivilege AdjustTokenPrivileges Failed ! \n"<<endl;

	 CloseHandle(hToken);

	 return FALSE;
 }
 return true;
}

void EquSearch(char *lpBuf, MEMORY_BASIC_INFORMATION &mbi, char* tar, HANDLE hProcess, DWORD pv)
{
	SIZE_T nMax = mbi.RegionSize - strlen(tar);
	char HopeStr[128] = "abcdefghi";
	for (SIZE_T i = 0; i <= nMax; i++)
	{
		if (0 == memcmp(tar, &lpBuf[i], strlen(tar)-1))
		{
			cout<<(DWORD)(pv+i)<<endl;
			WriteProcessMemory(hProcess, (LPVOID)(pv+i), HopeStr, 9, 0);
			i += strlen(tar)-1;
		}
	}
}

int _tmain(int argc, _TCHAR* argv[])
{
	AdjustProcessTokenPrivilege();

	HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,15628); 
	
	HMODULE module[256];
    DWORD size = 0;
	EnumProcessModules(hProcess,module,_countof(module),&size);

	cout<<(DWORD)module[0]<<endl;
	
	SYSTEM_INFO sysInfo;
	GetSystemInfo(&sysInfo);

	cout<<sysInfo.lpMinimumApplicationAddress<<endl<<sysInfo.lpMaximumApplicationAddress<<endl;


	MEMORY_BASIC_INFORMATION mbi;
	PBYTE  pAddress		  = (PBYTE)sysInfo.lpMinimumApplicationAddress;
	char*  lpBuf = NULL;

	while(true)
	{
		if(pAddress > (PBYTE)sysInfo.lpMaximumApplicationAddress)
		{
			break;
		}
		if(sizeof(mbi) != VirtualQueryEx(hProcess, pAddress, &mbi, sizeof(mbi)))
		{
			break;
		}
		if (MEM_COMMIT != mbi.State || 0 == mbi.Protect
			|| (PAGE_GUARD & mbi.Protect) != 0
			|| (PAGE_NOACCESS & mbi.Protect) != 0)
		{
			pAddress = ((PBYTE)mbi.BaseAddress + mbi.RegionSize);
			continue;
		}

		if(lpBuf == NULL && mbi.RegionSize > 0)
		{
			lpBuf = new char[mbi.RegionSize];
			memset(lpBuf, 0, mbi.RegionSize);
		}
		else
		{
			continue;
		}
		if (TRUE == ReadProcessMemory(hProcess, mbi.BaseAddress,
			lpBuf, (DWORD)mbi.RegionSize, NULL))
		{
			//cout<<lpBuf<<endl;
			EquSearch(lpBuf, mbi, "123456789", hProcess, (DWORD)mbi.BaseAddress);
		
		}

		pAddress = ((PBYTE)mbi.BaseAddress + mbi.RegionSize);
		
		delete [] lpBuf;
		lpBuf = NULL;
	}

	char ssdfdf[1024] = {0};
	ReadProcessMemory(hProcess, (LPCVOID)2489016,
			ssdfdf, 9, NULL);
	cout<<ssdfdf<<endl;

	system("pause");
	return 0;
}