如何在C++中获取进程的起始地址/基地址
How to get the starting/base address of a process in C++?
我正在微软的Spider Solitaire上使用它来测试整个基本/静态指针。所以我得到了玩家使用的"移动"数量的基本指针,作弊引擎告诉我它是"SpiderSolitaire.exe+B5F78"。所以现在我陷入了如何弄清楚SpiderSoletaire.exe的起始地址(当然,每次程序启动时,这都会改变)。如何找到SpiderSolitaire.exe的起始地址,以便添加偏移量并获得"moves"值的实际地址(当然是在c++中)?
这里有另一种方法,用Visual Studio 2015编写,但应该向后兼容。
void GetBaseAddressByName(DWORD processId, const _TCHAR *processName)
{
_TCHAR szProcessName[MAX_PATH] = _TEXT("<unknown>");
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processId);
if (NULL != hProcess)
{
HMODULE hMod;
DWORD cbNeeded;
if (EnumProcessModulesEx(hProcess, &hMod, sizeof(hMod),
&cbNeeded, LIST_MODULES_32BIT | LIST_MODULES_64BIT))
{
GetModuleBaseName(hProcess, hMod, szProcessName,
sizeof(szProcessName) / sizeof(_TCHAR));
if (!_tcsicmp(processName, szProcessName)) {
_tprintf(_TEXT("0x%pn"), hMod);
}
}
}
CloseHandle(hProcess);
}
int notmain(void)
{
DWORD aProcesses[1024];
DWORD cbNeeded;
DWORD cProcesses;
// Get the list of process identifiers.
if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
return 1;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Check the names of all the processess (Case insensitive)
for (int i = 0; i < cProcesses; i++) {
GetBaseAddressByName(aProcesses[i], _TEXT("SpiderSolitaire.exe"));
}
return 0;
}
以下是一些代码,用于查找给定进程的基地址。
请注意,此代码使用多字节字符集;在VS2012中,这是从属性>配置属性>项目默认值>字符集>使用多字节字符集设置的。
#define _CRT_SECURE_NO_WARNINGS
#define UNINITIALIZED 0xFFFFFFFF
#include <iostream>
#include <iomanip>
#include <Windows.h>
#include <TlHelp32.h> //PROCESSENTRY
/* The name of the process */
const char* processName_ = "REPLACETHIS.exe" ;
void main(void)
{
DWORD processID_ = NULL ;
DWORD processBaseAddress_ = UNINITIALIZED;
/* Get the process ID */
{
PROCESSENTRY32 processEntry_ ; // Entry into process you wish to inject to
HANDLE hProcSnapshot_ = NULL ;
/* Takes a snapshot of the system's processes */
hProcSnapshot_ = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) ; //?
/* While process has not been found, keep looking for it */
while(!processID_)
{
/* If a process on the system exists */
if(Process32First(hProcSnapshot_, &processEntry_)) //?
{
/* Check all processes in the system's processes snapshot */
do
{
/* Compare the name of the process to the one we want */
if( !strcmp(processEntry_.szExeFile, processName_) ) //?
{
/* Save the processID and break out */
processID_ = processEntry_.th32ProcessID ;
break ;
}
}
while(Process32Next(hProcSnapshot_, &processEntry_)) ;
}
/* Didnt find process, sleep for a bit */
if( !processID_ )
{
system("CLS") ;
std::cout << "Make sure " << processName_ << " is running." << std::endl ;
Sleep(200) ;
}
}
/* Process found */
std::cout << "Found Process: " << processName_ << std::endl ;
}
/* Find Base Address of process */
{
HANDLE moduleSnapshotHandle_ = INVALID_HANDLE_VALUE;
MODULEENTRY32 moduleEntry_;
/* Take snapshot of all the modules in the process */
moduleSnapshotHandle_ = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, processID_ );
/* Snapshot failed */
if( moduleSnapshotHandle_ == INVALID_HANDLE_VALUE )
{
std::cout << "Module Snapshot error" << std::endl ;
return ;
}
/* Size the structure before usage */
moduleEntry_.dwSize = sizeof( MODULEENTRY32 );
/* Retrieve information about the first module */
if( !Module32First( moduleSnapshotHandle_, &moduleEntry_ ) )
{
std::cout << "First module not found" << std::endl ;
CloseHandle( moduleSnapshotHandle_ );
return ;
}
/* Find base address */
while(processBaseAddress_ == UNINITIALIZED)
{
/* Find module of the executable */
do
{
/* Compare the name of the process to the one we want */
if( !strcmp(moduleEntry_.szModule, processName_) ) //?
{
/* Save the processID and break out */
processBaseAddress_ = (unsigned int)moduleEntry_.modBaseAddr ;
break ;
}
} while( Module32Next( moduleSnapshotHandle_, &moduleEntry_ ) );
if( processBaseAddress_ == UNINITIALIZED )
{
system("CLS") ;
std::cout << "Failed to find module" << processName_ << std::endl ;
Sleep(200) ;
}
}
/* Found module and base address successfully */
std::cout << "Base Address: " << std::hex << processBaseAddress_ << std::dec << std::endl ;
CloseHandle( moduleSnapshotHandle_ );
}
您应该查看可执行文件中的结构IMAGE_OPTIONAL_HEADER。我还建议您阅读这本伟大的指南:http://msdn.microsoft.com/en-us/library/ms809762.aspx
相关文章:
- 空基优化子对象的地址
- 在C++中打印指向不同基元数据类型的指针的内存地址
- 子类地址等于虚拟基类地址?
- 使用基地址和偏移量获取变量的地址
- static_casting基对象的地址到派生类的指针
- 如果我有指向基类对象的指针,如何获取虚拟方法的地址?
- 使用成员的地址初始化基类是否合法?
- 通过C 中的构造函数将地址参数传递给基类指针
- 通过指向非多态类型的基类的指针获取已分配内存的地址
- 尝试将派生类对象地址分配给基类指针的向量
- 为什么基类型指针不能获取派生类对象的地址值?
- 当基类不是多态但派生时,"this"地址不匹配是
- 验证电子邮件地址和地址中的句点数
- 如何在C++中获取进程的起始地址/基地址
- 在DLL的基地址处Win API ReadProcessMemory返回意外数据
- QHost地址集地址不起作用
- 函数地址和函数地址的地址没有区别吗?
- 从exe c++中获取基地址
- 数组地址的地址
- 模块句柄通过基地址
