从进程读取地址
[英]Read Address from Process
问题描述
I have a problem with this c++ code. 
我对此C ++代码有疑问。 When I use normal address, it works, but when I use a pointer address, it doesn't work. 当我使用普通地址时,它可以工作,但是当我使用指针地址时,它不能工作。 When I put the pointer address in, it just shows always a number, but with the normal address it's working. 当我把指针地址放进去时,它总是显示一个数字,但是使用普通地址就可以了。 What do I have to add that I can use pointers? 我必须添加什么才能使用指针?
#include <iostream>
#include <Windows.h>
#include <string>
#include <ctime>
using namespace std;
int main()
{
HWND hwnd = FindWindow(L"MyWindow", 0);
if (hwnd){
cout << "WINDOW FOUND" << endl;
}
else {
cout << "WINDOW NOT FOUND" << endl;
cout << hwnd << endl;
}
DWORD ProcessId;
ProcessId = GetProcessId(hwnd);
GetWindowThreadProcessId(hwnd, &ProcessId);
HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, ProcessId);
if (!hProcess)
{
Beep(1000, 1000);
}
else {
int address;
redo:
if (ReadProcessMemory(hProcess, (int *)0x733946D8, &address, 4, NULL))
{
cout << dec << address << endl;
goto redo;
}
else {
MessageBox(0, TEXT("Could not Read"), TEXT("Return"), MB_OK);
}
}
CloseHandle(hProcess);
cout << endl;
system("pause");
}
1 个解决方案
解决方案1
2 已采纳 2013-12-03 21:37:42
A (valid, non-null) pointer from another process only makes sense within that process's address space.
来自另一个进程的(有效,非空)指针仅在该进程的地址空间内有意义。 The OS virtualizes memory, giving each process its own memory map, so the same address almost always refers to a totally different physical memory location. 操作系统虚拟化内存,为每个进程提供自己的内存映射,因此相同的地址几乎总是指向完全不同的物理内存位置。 Or maybe to a location that's been swapped out, so it doesn't currently refer to physical memory at all. 也许到了换出的位置,所以它目前根本不涉及物理内存。 Or maybe it even points to a memory area that was never mapped in at all, and therefore will trigger a segfault when the alien process tries to use it. 也许它甚至指向根本没有映射过的内存区域,因此当外来进程尝试使用它时将触发段错误。 Point being, in order to use a pointer in another process, that pointer should in almost all cases have been obtained from the other process.
要点是,为了在另一个进程中使用指针,几乎在所有情况下都应该从另一个进程获得该指针。 And if you're looking at another process's pointers, they are useless within your own address space as anything but rather arbitrary numbers; 而且,如果您正在查看另一个进程的指针,那么它们在您自己的地址空间中毫无用处,只是任意数字; their only real use is as indexes into the other process's space. 它们唯一真正的用途是作为其他进程空间的索引。 In a 64-bit OS, pointers and ints are typically different sizes.
在64位操作系统中,指针和整数通常具有不同的大小。 If you're reading a pointer from the other process, you need to copy sizeof(your_pointer_type)bytes, not 4.如果要从其他进程读取指针,则需要复制sizeof(your_pointer_type)个字节,而不是4个字节。You'd better make sure if you're going to output a pointer value like you're doing with the int, that it's not a
char*-- otherwise, it'll be treated as a string, and will trigger a read of that address.您最好确定是否要像处理int一样输出指针值,它不是char*否则,它将被视为字符串,并会触发对的读取。该地址。 See #1 above for why that's a bad thing.请参阅上面的#1,以了解这是一件坏事的原因。 (If you actually want to read a C-string from the other process, you'll need to copy the string's bytes into your own memory. Then point at that.)
(如果您实际上想从其他进程读取C字符串,则需要将字符串的字节复制到自己的内存中。然后指向该位置。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.