如何在另一个过程存储器中扫描INT值
[英]How do I scan for an INT value in another process memory
问题描述
I have been trying to find a good way to scan another programs memory on a specific value (int). 
我一直在尝试寻找一种扫描特定值(int)的另一个程序内存的好方法。 What I have now does work but I am sure there are way better ways and way faster ways. 我现在拥有的东西确实可以工作,但是我确信有更好的方法和更快的方法。
DWORD pid;
DWORD Money = 0x04661128; //Address of money in-game
int MyMoney;
int MyMoneyReal;
int main()
{
HWND hWnd = FindWindowA(0, ("Euro Truck Simulator 2"));
GetWindowThreadProcessId(hWnd, &pid);
HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
cout << "Please input your exact current money value!" << pid << endl;
cin >> MyMoneyReal;
for (int i = 0; i < 0x7FFFFFFF; i++) {
ReadProcessMemory(pHandle, (LPVOID)i, &MyMoney, sizeof(MyMoney), 0);
if (MyMoney == MyMoneyReal) {
cout << "Found a match: " << MyMoney << MyMoneyReal << " With HEX value: " << hex << i << endl;
}
}
cout << "Processing...";
}
So as you can see, I make an int MyMoney and MyMoneyReal. 如您所见,我将一个整数MyMoney和MyMoneyReal。 Then I proceed to scan from 0 to 0x7FFFFFFF in the program memory to find all addressess containing MyMoneyReal. 然后,我从程序存储器中的0扫描到0x7FFFFFFF,以查找包含MyMoneyReal的所有地址。 This takes a very long time to complete and I'm sure there are better ways, I have no clue how though. 这需要很长时间才能完成,我敢肯定还有更好的方法,但是我不知道如何做到。
I should add: I am very new to C++ so any extra help is always nice :) 我应该补充:我是C ++的新手,所以任何额外的帮助总是很不错的:)
1 个解决方案
解决方案1
1 2017-02-26 06:24:39
Your loop calls ReadProcessMemory 2147483647 times. 您的循环调用ReadProcessMemory 2147483647次。
Every time it's called it has to verify that the memory is readable and then it copies sizeof(int) bytes into the buffer. 每次调用它时,都必须验证内存是可读的,然后将sizeof(int)个字节复制到缓冲区中。 It has its cost... 它有它的成本...
You can read for example 1MB chunks of memory so you've got fewer calls to ReadProcessMemory . 例如,您可以读取1MB的内存块,因此对ReadProcessMemory的调用减少了。 Then you can process each chunk locally just like you do it now. 然后,您可以像现在一样在本地处理每个块。 Simplified version: 简化版:
constexpr unsigned CHUNK_SIZE = 0x100000;
constexpr unsigned MAX_ADDRESS = 0x7FFFFFFF;
//remember to make sure stack is big enough or allocate it on heap
char buffer[CHUNK_SIZE];
for (unsigned i = 0; i < MAX_ADDRESS; i += CHUNK_SIZE) {
if (ReadProcessMemory(hProcess, (LPVOID)i, buffer, sizeof(buffer), nullptr)) {
for (int j = 0; j <= CHUNK_SIZE - sizeof(int); ++j) {
int something;
memcpy(&something, buffer + j, sizeof(int));
//...
}
}
}
As you can see in the inner for we read up until CHUNK_SIZE - sizeof(int) because we don't want to read past the end of buffer. 正如您在内部看到的那样for我们一直读取到CHUNK_SIZE - sizeof(int)因为我们不想读取缓冲区的末尾。 However outer loop in my example doesn't handle it properly and we skip some bytes. 但是,在我的示例中,外循环无法正确处理它,因此我们跳过了一些字节。 It's easy to fix, I leave it up to you. 修复起来很容易,由您自己决定。
Of course your buffer can be bigger/smaller. 当然,您的缓冲区可以更大或更小。 You have to try and measure. 您必须尝试测量。
Note: This is still a lot of operations. 注意:这仍然是很多操作。 We just limit the number of calls to potentially expensive ReadProcessMemory . 我们只是将调用次数限制为可能昂贵的ReadProcessMemory 。 You should try to limit your address range. 您应该尝试限制地址范围。 I'm pretty sure most of this calls to ReadProcessMemory just fail. 我非常确定对ReadProcessMemory大多数调用都会失败。 As suggested in comments, one is to use VirtualQueryEx 如评论中所建议,一种方法是使用VirtualQueryEx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.