内存管理例程错误

Memory management routine error

本文关键字:错误 管理例程 内存      更新时间:2023-10-16

我试图使用FP例程,但它不起作用…为什么?这是我的代码:

int output = FindPattern(0x0042A000, 0x2000, "x68x00x00x00x00xFFx76x08x89x46x44", "x????xxxxxx"); 
                if (output > -1) { 
                    ReadProcessMemory(hProcHandle, (PVOID)address, &value2, sizeof(value2), NULL);                  
                } 
Function:
int FindPattern(int start_offset, int size, const char * pattern, const char * mask) 
{ 
    int pos = 0; 
    for (int retAddress = start_offset; retAddress < start_offset + size; retAddress++) 
    { 
        if (*(const char*)retAddress == pattern[pos] || mask[pos] == '?') 
        { 
            if (mask[pos+1] == '') 
                return retAddress+1; 
            pos++; 
        } 
        else 
            pos = 0; 
    } 
    return -1; 
}

我也试过:

DWORD output = FindPattern(hProcHandle, "x68x00x00x00x00xFFx76x08x89x46x44", "x????xxxxxx");

bool VerifyAddress(HANDLE hwnd, DWORD dwAddress, char *bMask, char *szMask )
{
    PBYTE *pTemp = { 0 };
    for ( int i = 0; *szMask; ++szMask, ++bMask, ++i )
    {
        if ( !ReadProcessMemory( hwnd, reinterpret_cast<LPCVOID>(dwAddress + i), &pTemp, sizeof(pTemp), 0 ) ){
            return false;
        }
        if ( *szMask == 'x' && (char)pTemp != *bMask){
            return false;
        }
    }
    return true;
}
DWORD FindPattern(HANDLE hwnd, char* bMask, char *szMask )
{
    for ( DWORD dwCurrentAddress = 0x4FFFFFF; dwCurrentAddress < 0x7FFFFFF; dwCurrentAddress++ ){
        if ( VerifyAddress( hwnd, dwCurrentAddress, bMask, szMask )) {
            return dwCurrentAddress;
        }
    }

但是这些代码总是

Program.exe中0x01034BB1的未处理异常:0xC0000005: Access违规读取位置0x02343DA2.

代码:

int output = FindPattern(0x0042A000, 0x2000,

表明您正在使用进程本地地址0x0042A000,因此您正在迭代进程中的一些随机地址,这些地址为未定义行为并以异常结束。

ReadProcessMemory将指定的内存从其他进程复制到您的进程,并将其存储在您在此函数调用中提供的内存缓冲区中,作为lpBuffer参数。

相关文章: