0

我想从一个进程中读取 16 MB (FFFFFF) 的内存并将其存储在一个数组中,这样当我在数组中搜索时,例如:array[i],i 将是真正的内存地址。

假设我想从 000000 搜索到 FFFFFF,我想进行 sizeof(value) 跳转,从该地址获取地址并将其存储在 var 中。

然后 if(var==value) 返回地址。

我有这个:ReadProcessMemory(phandle,(void*)address,buffer,0xFFFFFF,0);

编辑:

我有这个(由 BlueWanderer 回答):

class offset_buffer{
private:
        char *buf;
        int offset;

public:
        offset_buffer(char *in_buf, int in_offset)
                : buf(in_buf), offset(in_offset){
        }

        char & operator[](int in_index){
                return buf[in_index - offset];
        }

        void setOffset(int off){
                offset=off;
        }

        void ReadMemory(){
                LPBYTE point;
                DWORD primeiroAddress = 0x000000;
                DWORD finalAddress = 0xFFFFFF;
                //LPBYTE buffer = new BYTE[finalAddress-primeiroAddress];
                HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,TargetPID);
                ReadProcessMemory(phandle,(void*)primeiroAddress, buf, sizeof(buf), 0);
                CloseHandle(phandle);
        }
};

main(){
char *buffer = new char[0xFFFFFFF-0x0000000];
int address = 0x0000000;
offset_buffer b(buffer,address);
std::ostringstream ss;
int i=0;
TListItem *ListIt;
b.ReadMemory();
for(address=0x0000000;address<0xFFFFFFF;address+=sizeof(int)){
        if(b[address]==StrToInt(Edit1->Text.c_str())){
                 ss << std::hex << address;
                 showValue();
                 ss.str(std::string());
        }
}

怎么了??有人能帮我吗?为什么它不起作用

4

1 回答 1

1

你想要这样的东西吗?

class offset_buffer
{
private: 
    char *buf;
    int offset;

public:
    offset_buffer(char *in_buf, int in_offset)
        : buf(in_buf), offset(in_offset)
    {
    }

    char & operator[](int in_index)
    {
        return buf[in_index - offset];
    }
};

它会将您映射real address到数组中的索引

offset_buffer b(buffer, address);

if (b[0x0C2F8E3] == 123) return 0x0C2F8E3;
于 2012-05-15T06:51:13.377 回答