使用 winapi 查找进程 ID 和基地址
[英]Finding process ID and base address using winapi
问题描述
我正在 Code::Blocks 中编写一个程序,它只会打印应用程序的进程 ID 和基地址。 正确找到了 PID,但我在使用基地址时遇到了困难,我也在使用 GNU GCC 编译器(x64)。 我的猜测是错误在于HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); 因为它返回INVALID_HANDLE_VALUE 。 但我仍然无法解决这个问题。 IDE 不显示任何错误或警告。 GetLastError() 返回 5(拒绝访问)
控制台 output:
Process ID = 2656 INVALID_HANDLE_VALUE returned BaseAddr = 0
这是完整的代码:
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <string.h>
DWORD GetProcId(const char* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (lstrcmpi(procEntry.szExeFile, procName) == 0) {
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_stricmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
} else {
std::cout << "INVALID_HANDLE_VALUE returned" << std::endl;
}
CloseHandle(hSnap);
return modBaseAddr;
}
int main()
{
DWORD procId = GetProcId("Game.exe");
std::cout << "Process ID = " << procId << std::endl;
uintptr_t baseAddr = GetModuleBaseAddress(procId, "Game.exe");
std::cout << "BaseAddr = " << baseAddr << std::endl;
std::getchar();
return 0;
}
1 个解决方案
解决方案1
-1 2020-04-05 19:10:54
好吧,在将其放入代码块之后,我只是将 GetModuleBaseAddress function 中的 _stricmp 更改为 strcmp 也是这一行
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
对此
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procId);
试试这个代码:
#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <iostream>
using namespace std;
HANDLE _process = NULL;
DWORD pid = 0;
DWORD baseAddr = 0;
bool getID(string process)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 entry;
entry.dwSize = sizeof(entry);
do
{
if(!strcmp(entry.szExeFile,process.c_str()))
{
pid = entry.th32ProcessID;
CloseHandle(hHandle);
_process = OpenProcess(PROCESS_ALL_ACCESS,false,pid);
return true;
}
} while(Process32Next(hHandle,&entry));
return false;
}
bool getModuleBaseAddress(string module)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
MODULEENTRY32 mentry;
mentry.dwSize = sizeof(mentry);
do
{
if(!strcmp(mentry.szModule,module.c_str()))
{
CloseHandle(hHandle);
baseAddr = (DWORD)mentry.modBaseAddr;
return true;
}
} while(Module32Next(hHandle,&mentry));
return false;
}
int main()
{
while(!getID("popo.exe")) {Sleep(10);}
while(!getModuleBaseAddress("popo.exe")) {Sleep(10);}
cout << "PID: " << pid << endl << "Base Address: " << baseAddr;
return 0;
}
如何使用 WinAPI 函数检查当前进程是否作为 Windows 服务运行?
[英]How to check that the current process is running as Windows Service using WinAPI functions?
使用 ReadProcessMemory 从进程读取相对于基地址的地址
[英]Reading an address relative to the base address from a process with ReadProcessMemory
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.