freedom_wings4 2016-07-15 13:15 采纳率: 0%
浏览 946

搜索一个程序的内存地址空间中的指定值的程序,却搜索不到结果,求指教

第一个程序,用于提供一个值(这里是12345)来让第二个程序搜索到

 #include<stdio.h>
#include<stdlib.h>

int main()
{
    int a = 12345;
    printf("%d\n", a);

    system("PAUSE");
    return 0;

}

第二个程序,用于搜索第一个程序的内存地址空间中的指定值(这里是12345)的地址

#include<stdio.h>
#include<stdlib.h>
#include<Windows.h>

DWORD dwAdapteRecord[1024];                      //used to entry the record that is eligibility
int iPosition=0;                                 //used to indicate the position in the array dwAdapteRecord
int count=0;

HANDLE CreateTheTestProcess()                           //create the process of the first programme used as a test 
{
    STARTUPINFO si = { sizeof(&si) };
    PROCESS_INFORMATION pi;

    si.dwFlags = STARTF_USESHOWWINDOW;
    si.wShowWindow = TRUE;

    wchar_t szCommandLine[] = L"C:\\Users\\Adminstrator\\Documents\\Visual Studio 2012\\Projects\\ConsoleApplication1\\Debug\\ConsoleApplication1.exe";
    CreateProcess(NULL, szCommandLine, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);

    return pi.hProcess;



}


void ComparePage(HANDLE hProcess,DWORD dwValue,DWORD dwBaseAddress)                  //compare the memory in one page to the given value
{
    byte bOnePage[4 * 1024];
    if (!ReadProcessMemory(hProcess, (LPVOID)dwBaseAddress, bOnePage, 4 * 1024, NULL));

    DWORD *pdw;

    count++;
    printf("%d\n", count);


    pdw = (DWORD*)bOnePage;
    for (int i=0; i < 1024;i++)
    {

        if (iPosition >= 1024)
        {
            printf("the array is out of its size\n");
            exit(0);
        }
        else if (dwValue == *pdw)                              //if the 4 Byte value in the memory is equal to the given value ,
        {                                                      //then entry the address of it
            dwAdapteRecord[iPosition] = dwBaseAddress+i;
            iPosition++;
        }


    }
}


void Find(HANDLE hProcess,DWORD dwValue)                                     //compare the 2GB memory that the first programme have,in this function
                                                                             //will call the ComparePage function{
    DWORD dwBaseAddress = 64 * 1024;
    DWORD dwOnePage = 4 * 1024;
    DWORD dwOneGb = 1024 * 1024 * 1024;

    for (int i = 0; i < ((2 * dwOneGb) / dwOnePage); i++)
        ComparePage(hProcess, dwValue, dwBaseAddress + i*dwOnePage);
    printf("The search is finish\n");
}


void ShowList()                       //show the result
{
    printf("The result is:\n");
    for (int i = 0; i < ::iPosition; i++)
    {
        printf("%d\n", ::dwAdapteRecord[i]);
    }
    printf("The value of the variable iPosition is:\n", ::iPosition);
};


int main()
{
    printf("%d\n", iPosition);
    system("PAUSE");
    HANDLE hProcess = CreateTheTestProcess();
    Find(hProcess, 12345);
    ShowList();

    system("PAUSE");
    return 0;
}

搜索结果出来,却是一个也没有,即使搜索不到内存值为12345的地址,希望大神指点指点。

  • 写回答

1条回答 默认 最新

  • threenewbee 2016-07-15 15:17
    关注

    考虑端序了么?12345转换成16进制是00 00 30 39,在intel机器上是39 30 00 00
    http://download.csdn.net/detail/caozhy/1859731 这个看下

    评论

报告相同问题?

悬赏问题

  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站