本文整理汇总了C++中ReadProcessMemory函数的典型用法代码示例。如果您正苦于以下问题:C++ ReadProcessMemory函数的具体用法?C++ ReadProcessMemory怎么用?C++ ReadProcessMemory使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ReadProcessMemory函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: DumpBtn
void DumpBtn( const char * filename )
{
if ( IsOk( ) && GetBtnAddr( ) > 1000 )
{
FILE *fp;
fopen_s( &fp , filename , "wb" );
if ( fp )
{
unsigned char buffer[ 520 ];
if ( ReadProcessMemory( GetCurrentProcess( ) , ( void * ) ( GetBtnAddr( ) ) , &buffer , 520 , 0 ) )
{
fwrite( buffer , 1 , 520 , fp );
}
fclose( fp );
}
}
}
开发者ID:Karaulov,项目名称:War3Frame,代码行数:17,代码来源:WarcraftButtonClass.cpp
示例2: writeBreak
void CEException::dumpContext(HANDLE file, HANDLE hProcess, CONTEXT *context) {
char tempo[200];
unsigned char memoryDump[100];
DWORD size;
unsigned int i;
#ifdef ARM
writeBreak(file);
writeString(file, "Context dump");
sprintf(tempo, "R0=%.8x R1=%.8x R2=%.8x R3=%.8x R4=%.8x", context->R0, context->R1,
context->R2, context->R3, context->R4);
writeString(file, tempo);
sprintf(tempo, "R5=%.8x R6=%.8x R7=%.8x R8=%.8x R9=%.8x", context->R5, context->R6,
context->R7, context->R8, context->R9);
writeString(file, tempo);
sprintf(tempo, "R10=%.8x R11=%.8x R12=%.8x", context->R10, context->R11,
context->R12);
writeString(file, tempo);
sprintf(tempo, "Sp=%.8x Lr=%.8x Pc=%.8x Psr=%.8x", context->Sp, context->Lr,
context->Pc, context->Psr);
writeString(file, tempo);
writeBreak(file);
sprintf(tempo, "Memory dump at %.8x", context->Pc - (sizeof(memoryDump) / 2));
writeString(file, tempo);
if (ReadProcessMemory(hProcess, (LPCVOID)(context->Pc - (sizeof(memoryDump) / 2)), memoryDump, sizeof(memoryDump), &size)) {
for (i = 0; i < size; i += 8) {
int j;
char digit[4];
int max;
max = size - i;
if (max > 8)
max = 8;
tempo[0] = '\0';
for (j = 0; j < max; j++) {
sprintf(digit, "%.2x ", memoryDump[i + j]);
strcat(tempo, digit);
}
writeString(file, tempo);
}
}
#else
writeBreak(file);
writeString(file, "Context dump only available on ARM devices");
#endif
}
开发者ID:St0rmcrow,项目名称:scummvm,代码行数:46,代码来源:CEException.cpp
示例3: CT_cbMagicValue
void CT_cbMagicValue()
{
DeleteHardwareBreakPoint(UE_DR1);
unsigned int retrieve_addr=GetContextData(UE_EBP)-magic_ebp_sub-4;
unsigned int magic_values[2]= {0};
if(!ReadProcessMemory(fdProcessInfo->hProcess, (void*)retrieve_addr, magic_values, 8, 0))
{
CT_FatalError(rpmerror());
return;
}
CT_cert_data->magic1=magic_values[0];
CT_cert_data->magic2=magic_values[1];
if(end_big_loop)
SetBPX(magic_byte, UE_BREAKPOINT, (void*)CT_cbMagicJump);
else
CT_RetrieveSaltValue();
}
开发者ID:cdaze,项目名称:akt,代码行数:17,代码来源:CertTool_debugger.cpp
示例4: getProcessImageInformation
void ProcessLister::getProcessImageInformation( HANDLE hProcess, Process* process )
{
DWORD_PTR readImagebase = 0;
process->imageBase = 0;
process->imageSize = 0;
if (hProcess && process->pebAddress)
{
PEB_CURRENT * peb = (PEB_CURRENT *)process->pebAddress;
if (ReadProcessMemory(hProcess, &peb->ImageBaseAddress, &readImagebase, sizeof(DWORD_PTR), 0))
{
process->imageBase = readImagebase;
process->imageSize = (DWORD)ProcessAccessHelp::getSizeOfImageProcess(hProcess, process->imageBase);
}
}
}
开发者ID:msly,项目名称:Scylla,代码行数:17,代码来源:ProcessLister.cpp
示例5: memset
char *getSourceName(HWND hwnd)
{
HANDLE hProcess;
DWORD processid;
char filename[MAX_PATH], *pname;
SIZE_T bread;
//HWND hdlgPE;
memset(filename, 0, MAX_PATH);
GetWindowThreadProcessId(hwnd, &processid);
hProcess = OpenProcess(PROCESS_VM_READ, FALSE, processid);
// hdlgPE=SendMessage(hwnd,WM_WA_IPC,IPC_GETWND_PE,IPC_GETWND);
pname=(char*)SendMessage(hwnd,WM_WA_IPC,SendMessage(hwnd,WM_WA_IPC,0,IPC_GETLISTPOS),IPC_GETPLAYLISTFILE);
ReadProcessMemory(hProcess, pname, filename, MAX_PATH, &bread);
CloseHandle(hProcess);
return strdup(filename);
}
开发者ID:BOTCrusher,项目名称:sagetv,代码行数:17,代码来源:Out_faac.cpp
示例6: OpenProcess
void InspectMemory::OnInspectbut()
{
// TODO: Add your control notification handler code here
char address_str[9];
m_edit1.GetWindowText(address_str, 9);
if (address_str[0]==0) return;
char size_str[9];
m_edit_2.GetWindowText(size_str, 9);
if (size_str[0]==0) return;
unsigned int caddress = GenericPurposeMethods::ConvertHexStringToInt(address_str);
int size = GenericPurposeMethods::StringToNumber(size_str);
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, processid);
if (hProcess==NULL)
return;
unsigned long dwTotalRead;
char* valuestr = new char[1];
valuestr[0] = 00;
unsigned char* valbytes = new unsigned char[size];
int isok = ReadProcessMemory(hProcess, (LPVOID)caddress, valbytes,
size, &dwTotalRead);
if (isok != 0) // if read didn't failed
{
valuestr = GenericPurposeMethods::BytesToString(valbytes, size, CString(_T("bytes")).GetBuffer(0), CString(_T("hexadecimal")).GetBuffer(0));
}
else
{
valuestr = _T("Read failed!!!");
}
m_result_edit.SetWindowText(valuestr);
}
开发者ID:CodeCrackerSND,项目名称:MemoryHacker,代码行数:46,代码来源:InspectMemory.cpp
示例7: LLOG
bool Pdb::AddBp(adr_t address)
{
LLOG("AddBp: " << Hex(address));
if(bp_set.Find(address) >= 0)
return true;
byte prev;
if(!ReadProcessMemory(hProcess, (LPCVOID) address, &prev, 1, NULL))
return false;
LLOG("ReadProcessMemory OK");
byte int3 = 0xcc;
if(!WriteProcessMemory(hProcess, (LPVOID) address, &int3, 1, NULL))
return false;
LLOG("WriteProcessMemory OK");
// FlushInstructionCache (hProcess, (LPCVOID)address, 1);
bp_set.Put(address, prev);
return true;
}
开发者ID:Sly14,项目名称:upp-mirror,代码行数:17,代码来源:Debug.cpp
示例8: GetBody
void CBody::Write(HANDLE hProcess,void* entrypiont,const char* dllname)
{
m_process=hProcess;
m_entrypoint=(DWORD)entrypiont;
GetBody(dllname);
DBGTRACE("infect %d %08x,'%s' witch %d\n",hProcess,entrypiont,dllname,m_body.size());
DWORD old;
VirtualProtectEx(hProcess,(LPVOID)entrypiont,m_body.size(),PAGE_EXECUTE_READWRITE,&old);
DWORD read,write;
m_bodybak.resize(m_body.size());
ReadProcessMemory(hProcess,(LPVOID)entrypiont,&m_bodybak.front(),m_bodybak.size(),&read);
WriteProcessMemory(hProcess,(LPVOID)entrypiont,&m_body.front(),m_body.size(),&write);
VirtualProtectEx(hProcess,(LPVOID)entrypiont,m_body.size(),old,&old);
}
开发者ID:axet,项目名称:fluke,代码行数:17,代码来源:body.cpp
示例9: DbgProcessRequest
/**
* Process session request
*
* This service implements the OS independent API for sending requests to the environment.
* This session is Windows specific and so will call the operating system. The NDBG executive
* session manager would send requests over PIPE to NDBG executive debugger server instead.
*
* \param request Session request
* \param session Debug session
* \param addr Optional data address
* \param data Optional data buffer
* \param size Optional data buffer size
* \ret The number of bytes read or written OR TRUE on success, FALSE on failure depending on request
*
*/
unsigned long DbgProcessRequest (IN dbgProcessReq request, IN dbgSession* session,
IN OPT void* addr, IN OUT OPT void* data, IN OPT size_t size) {
switch(request) {
case DBG_REQ_READ: {
unsigned long bytesRead = 0;
ReadProcessMemory ((HANDLE)session->process.process,(LPCVOID) addr,data,size, &bytesRead);
if (bytesRead==0)
DbgDisplayError("Unable to read process memory. Error code: 0x%x", GetLastError());
return bytesRead;
}
case DBG_REQ_WRITE: {
unsigned long bytesRead = 0;
WriteProcessMemory ((HANDLE)session->process.process,(LPCVOID) addr,data,size, &bytesRead);
if (bytesRead==0)
DbgDisplayError("Unable to write process memory. Error code: 0x%x", GetLastError());
return bytesRead;
}
case DBG_REQ_GETCONTEXT: {
CONTEXT context;
context.ContextFlags = CONTEXT_ALL;
if (! GetThreadContext ((HANDLE)session->process.thread, &context))
return FALSE;
DbgContextFromWin32 (&context, (dbgContext*)data);
return TRUE;
}
case DBG_REQ_SETCONTEXT: {
return SetThreadContext ((HANDLE)session->process.thread, (LPCONTEXT)data);
}
case DBG_REQ_CONTINUE: {
if (ResumeThread ((HANDLE)session->process.thread) == -1)
return FALSE;
return TRUE;
}
case DBG_REQ_BREAK: {
return DebugBreakProcess ((HANDLE)session->process.process);
}
case DBG_REQ_STOP:
default:
printf ("\nDBG_REQ_STOP Not implemented");
return 0;
};
}
开发者ID:mwt5175,项目名称:ndbg,代码行数:60,代码来源:session.c
示例10: uc
JsBuffer* JsDbg::BufReadProcessMemory(BYTE* address, SIZE_T length)
{
BYTE* buffer = NULL;
DWORD old = 0;
try
{
UnprotectMemory uc(p_hnd, address, length, PAGE_EXECUTE_READWRITE);
buffer = (BYTE*) malloc(sizeof(BYTE) * length);
assert(buffer != NULL);
printf("C++: memory alloc'ed\n");
{
SIZE_T current_length = length, count = 0;
BYTE* ptr_buffer = buffer;
while(current_length > 0){
if(!ReadProcessMemory(p_hnd, address, ptr_buffer, current_length, &count)){
if(count == 0){
throw "Error reading process'es memory!";
} // else: all data ok!
}
current_length -= count;
ptr_buffer += count;
address += count;
}
}
} catch (char* s) {
printf("C++: Caught exception %s!\n", s);
if(buffer != NULL)
{
free(buffer);
}
}
if(buffer != NULL && length > 0) {
return new JsBuffer(buffer, length);
} else {
return NULL;
}
}
开发者ID:fabriceleal,项目名称:JsDbg,代码行数:45,代码来源:JsDbg.Native.Mem.cpp
示例11: main
int main(){
int pid = 0;
HANDLE hproc = 0;
int buf;
int nRead, nWrite;
char *s = "Hello.exe";
if (argc < 2) {
printf("Usage: %s pid\n", argv[0]);
return -1;
}
pid = atoi(argv[1]);
if (pid <= 0) {
printf("[E]: pid must be positive (pid>0)!\n");
return -2;
}
hproc = OpenProcess(PROCESS_QUERY_INFORMATION
| PROCESS_VM_READ
| PROCESS_VM_WRITE
| PROCESS_VM_OPERATION, 0, pid);
if (!ReadProcessMemory(hproc,
pRemote, &buf, 4, &nRead)) {
printf("[E]: Read DWORD from remote process failed at 0x%08x!\n", pRemote);
}
else {
printf("[I]: Read DWORD from remote process (%d) from 0x%08x --> 0x%08x \n", pid, pRemote, buf);
}
printf("nRead:%08x\n",nRead);
if (!WriteProcessMemory(hproc,
pRemote, s, strlen(s)+1, &nWrite)) {
printf("[E]: Write string to remote process failed at 0x%08x!\n", pRemote);
} else {
printf("[I]: Write string (size: %d) to remote process at 0x%08x.\n", nWrite, pRemote);
}
if (!CloseHandle(hproc)) {
printf("[E]: Process (%d) cannot be closed !\n", pid);
return 2;
};
printf("[I]: Process (%d) is closed. \n", pid);
return 0;
}
开发者ID:jiangxilong,项目名称:Virus-and-Windows-API-Programing,代码行数:45,代码来源:inject.cpp
示例12: FindSignature
Address FindSignature(BYTE* signature, const std::string& mask, const Address start, const Address end, bool search_rewind, HANDLE my_proc)
{
Address curr_addr = start;
size_t mask_size = mask.size();
BYTE buf[BUF_SCAN_SIZE];
size_t current_size = 0;
while(curr_addr < end)
{
MEMORY_BASIC_INFORMATION mbi;
if(!VirtualQueryEx(my_proc, reinterpret_cast<PVOID>(curr_addr), &mbi, sizeof(MEMORY_BASIC_INFORMATION))) {
return NULL;
}
Address end = reinterpret_cast<Address>(mbi.BaseAddress) + mbi.RegionSize;
size_t remainder = end - curr_addr;
if(remainder > BUF_SCAN_SIZE) {
remainder = BUF_SCAN_SIZE;
}
if(mbi.State == MEM_COMMIT)
{
if(current_size < remainder) {
current_size = remainder;
}
if(!ReadProcessMemory(my_proc, reinterpret_cast<PVOID>(curr_addr), buf, remainder, NULL)) {
curr_addr += remainder;
continue;
}
BYTE* ptr = _FindPattern(buf, remainder, signature, mask, search_rewind);
Address actptr = (curr_addr+(ptr-buf));
if(ptr != NULL) {
return actptr;
}
}
curr_addr += remainder;
}
return NULL;
}
开发者ID:killbug2004,项目名称:Frozlunky,代码行数:45,代码来源:signature.cpp
示例13: HookFunction
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
BYTE jmp[6] = { 0xe9, //jmp
0x00, 0x00, 0x00, 0x00, //address
0xc3
}; //retn
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5); //((to)-(from)-5)
memcpy(&jmp[1], &dwCalc, 4); //build the jmp
WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);
return dwAddr;
}
开发者ID:jgericke,项目名称:RCE,代码行数:18,代码来源:apihook.c
示例14: ReadProcessMemory
/// <summary>
/// Get WOW64 TEB
/// </summary>
/// <param name="ppeb">Retrieved TEB</param>
/// <returns>TEB pointer</returns>
ptr_t NativeWow64::getTEB( HANDLE hThread, _TEB32* pteb )
{
// Target process is x64. TEB32 is not available.
if (_wowBarrier.targetWow64 == false)
{
return 0;
}
else
{
_THREAD_BASIC_INFORMATION_T<DWORD> tbi = { 0 };
ULONG bytes = 0;
if (NT_SUCCESS( SAFE_NATIVE_CALL( NtQueryInformationThread, hThread, (THREADINFOCLASS)0, &tbi, (ULONG)sizeof( tbi ), &bytes ) ) && pteb)
ReadProcessMemory( _hProcess, (LPCVOID)((uintptr_t)tbi.TebBaseAddress), pteb, sizeof( _TEB32 ), nullptr );
return static_cast<ptr_t>(tbi.TebBaseAddress);
}
}
开发者ID:CreepGin,项目名称:Blackbone,代码行数:23,代码来源:Wow64Subsystem.cpp
示例15: sigar_rtl_get
static int sigar_rtl_get(sigar_t *sigar, HANDLE proc,
RTL_USER_PROCESS_PARAMETERS *rtl)
{
PEB peb;
int status = sigar_pbi_get(sigar, proc, &peb);
DWORD size=sizeof(*rtl);
if (status != SIGAR_OK) {
return status;
}
if (ReadProcessMemory(proc, peb.ProcessParameters, rtl, size, NULL)) {
return SIGAR_OK;
}
else {
return GetLastError();
}
}
开发者ID:40a,项目名称:sigar,代码行数:18,代码来源:peb.c
示例16: ReadRemoteLoaderData
PPEB_LDR_DATA ReadRemoteLoaderData(HANDLE hProcess, PPEB pPEB)
{
PPEB_LDR_DATA pLoaderData = new PEB_LDR_DATA();
BOOL bSuccess = ReadProcessMemory
(
hProcess,
pPEB->LoaderData,
pLoaderData,
sizeof(PEB_LDR_DATA),
0
);
if (!bSuccess)
return 0;
return pLoaderData;
}
开发者ID:hustqy,项目名称:iat-hooking-revisited,代码行数:18,代码来源:IATHookingRevisited.cpp
示例17: dumpFPtr
static void dumpFPtr(HMODULE lib, IMAGE_THUNK_DATA* oft, IMAGE_THUNK_DATA* ft)
{
while(oft->u1.Function) {
char *f = (char*)((BYTE*)lib + (DWORD)oft->u1.AddressOfData+2);
char buf[5];
BOOL r = ReadProcessMemory(GetCurrentProcess(), f, buf, 4, NULL);
if(r)
dbg(" \\_ import: <%s>", f);
else
dbg(" \\_ Cannot access import name!", f);
/*if(oft->u1.AddressOfData < 0x80000000)
dbg(" \\_ import: <%s>", f);*/
oft++;
ft++;
}
return;
}
开发者ID:KimimaroTsukimiya,项目名称:SoftTH,代码行数:18,代码来源:win32hooks.cpp
示例18: GetTreeRegWnd
HTREEITEM GetTreeRegWnd(HTREEITEM hItemParentWnd,CHAR *szRegPath)//查找SafeBoot句柄
{
if(!hItemParentWnd)
{
return 0;
}
HTREEITEM hItemChildWnd=(HTREEITEM)SendMessage(hSysTreeViewWnd, TVM_GETNEXTITEM,TVGN_CHILD,(LPARAM)hItemParentWnd);
if (!hItemChildWnd)
{
return 0;
}
while ( 1 )
{
CHAR ReadBuffer[0X100];
memset(ReadBuffer,0,0x100);
TVITEM Tvitem;
_tmemset((PTCHAR)&Tvitem,0,sizeof(TVITEM));
Tvitem.mask=TVIF_HANDLE|TVIF_TEXT;
Tvitem.hItem=hItemChildWnd;
Tvitem.pszText=(LPTSTR)pbuf3;
Tvitem.cchTextMax=MAX_PATH;
WriteProcessMemory(hProcess,pbuf1,(LPVOID)&Tvitem, sizeof(TVITEM),0);
SendMessage(hSysTreeViewWnd,TVM_GETITEMA,0,(LPARAM)pbuf1);//获取句柄内容
ReadProcessMemory(hProcess,pbuf3,ReadBuffer, 0x100, 0);
//__asm int 3
if ( !strcmp(szRegPath,ReadBuffer))
break;
hItemChildWnd = (HTREEITEM)SendMessage(hSysTreeViewWnd, TVM_GETNEXTITEM,TVGN_NEXT,(LPARAM)hItemChildWnd);
if ( !hItemChildWnd ) return 0;
}
return hItemChildWnd;
}
开发者ID:cugxiangzhenwei,项目名称:TSP_Zhenwei,代码行数:44,代码来源:TSPLoader1.cpp
示例19: while
HRESULT STDMETHODCALLTYPE
LiveProcDataTarget::ReadVirtual(
/* [in] */ CLRDATA_ADDRESS address,
/* [length_is][size_is][out] */ PBYTE buffer,
/* [in] */ ULONG32 request,
/* [optional][out] */ ULONG32 *done)
{
// ReadProcessMemory will fail if any part of the
// region to read does not have read access. This
// routine attempts to read the largest valid prefix
// so it has to break up reads on page boundaries.
HRESULT status = S_OK;
ULONG32 totalDone = 0;
SIZE_T read;
ULONG32 readSize;
while (request > 0)
{
// Calculate bytes to read and don't let read cross
// a page boundary.
readSize = OS_PAGE_SIZE - (ULONG32)(address & (OS_PAGE_SIZE - 1));
readSize = min(request, readSize);
if (!ReadProcessMemory(m_process, (PVOID)(ULONG_PTR)address,
buffer, readSize, &read))
{
if (totalDone == 0)
{
// If we haven't read anything indicate failure.
status = E_FAIL;
}
break;
}
totalDone += (ULONG32)read;
address += read;
buffer += read;
request -= (ULONG32)read;
}
*done = totalDone;
return status;
}
开发者ID:Anupam-,项目名称:shared-source-cli-2.0,代码行数:44,代码来源:dacutil.cpp
示例20: allocBreakPoint
void allocBreakPoint(HANDLE hProcess, BREAKPOINT *pt)
{
unsigned char bf;
if (!pt->active && pt->addresses)
{
int i =0,j;
int *p;
for (p = pt->addresses; *p !=0; ++p)
i++;
if (!pt->tempvals)
{
pt->tempvals = calloc(i, sizeof(int));
}
strcpy(pt->name, "unknown");
for (i=0, p = pt->addresses; *p !=0; ++p, ++i)
{
DWORD len;
if (ReadProcessMemory(hProcess, (LPVOID)pt->addresses[i], (LPVOID) &bf, 1,
&len))
{
if (!len)
return ;
if (bf == 0xcc)
{
pt->tempvals[i] = -1;
}
else
{
WriteBreakPoint(hProcess, pt->addresses[i], 0xcc);
pt->active = TRUE;
pt->tempvals[i] = bf;
}
}
if (i == 0)
{
char name[256];
DWORD n = FindFunctionName(name, pt->addresses[i], NULL, NULL);
if (n)
sprintf(pt->name, "%s + 0x%x", name, pt->addresses[i]-n);
}
}
}
}
开发者ID:bencz,项目名称:OrangeC,代码行数:44,代码来源:brkcode.c
注:本文中的ReadProcessMemory函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论