Zim*_*Zim 6 c++ memory windows process base-address
我在微软的Spider Solitaire上使用它来测试整个基本/静态指针.所以我得到了玩家使用的"移动"量的基本指针,并且作弊引擎告诉我它是"SpiderSolitaire.exe + B5F78".所以现在我不知道如何弄清楚SpiderSolitaire.exe的起始地址是什么(当然每次程序启动时这都会改变).如何找到SpiderSolitaire.exe的起始地址,以便我可以添加偏移量并获取"移动"值的实际地址(当然是用c ++)?
这是另一种方式,用Visual Studio 2015编写,但应该向后兼容.
#define PSAPI_VERSION 1
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
// To ensure correct resolution of symbols, add Psapi.lib to TARGETLIBS
#pragma comment(lib, "psapi.lib")
void GetBaseAddressByName(DWORD processId, TCHAR *processName)
{
TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processId);
if (NULL != hProcess)
{
HMODULE hMod;
DWORD cbNeeded;
if (EnumProcessModulesEx(hProcess, &hMod, sizeof(hMod),
&cbNeeded, LIST_MODULES_32BIT | LIST_MODULES_64BIT))
{
GetModuleBaseName(hProcess, hMod, szProcessName,
sizeof(szProcessName) / sizeof(TCHAR));
if (!_tcsicmp(processName, szProcessName)) {
_tprintf(TEXT("0x%p\n"), hMod);
}
}
}
CloseHandle(hProcess);
}
int main(void)
{
DWORD aProcesses[1024];
DWORD cbNeeded;
DWORD cProcesses;
// Get the list of process identifiers.
if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
return 1;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Check the names of all the processess (Case insensitive)
for (int i = 0; i < cProcesses; i++) {
GetBaseAddressByName(aProcesses[i], TEXT("SpiderSolitaire.exe"));
}
return 0;
}
您应该查看可执行文件中的结构 IMAGE_OPTIONAL_HEADER。我还建议您阅读这个很棒的指南:http://msdn.microsoft.com/en-us/library/ms809762.aspx