搜索一个程序的内存地址空间中的指定值的程序,却搜索不到结果,求指教

第一个程序,用于提供一个值(这里是12345)来让第二个程序搜索到

 #include<stdio.h>
#include<stdlib.h>

int main()
{
    int a = 12345;
    printf("%d\n", a);

    system("PAUSE");
    return 0;

}

第二个程序,用于搜索第一个程序的内存地址空间中的指定值(这里是12345)的地址

#include<stdio.h>
#include<stdlib.h>
#include<Windows.h>

DWORD dwAdapteRecord[1024];                      //used to entry the record that is eligibility
int iPosition=0;                                 //used to indicate the position in the array dwAdapteRecord
int count=0;

HANDLE CreateTheTestProcess()                           //create the process of the first programme used as a test 
{
    STARTUPINFO si = { sizeof(&si) };
    PROCESS_INFORMATION pi;

    si.dwFlags = STARTF_USESHOWWINDOW;
    si.wShowWindow = TRUE;

    wchar_t szCommandLine[] = L"C:\\Users\\Adminstrator\\Documents\\Visual Studio 2012\\Projects\\ConsoleApplication1\\Debug\\ConsoleApplication1.exe";
    CreateProcess(NULL, szCommandLine, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);

    return pi.hProcess;



}


void ComparePage(HANDLE hProcess,DWORD dwValue,DWORD dwBaseAddress)                  //compare the memory in one page to the given value
{
    byte bOnePage[4 * 1024];
    if (!ReadProcessMemory(hProcess, (LPVOID)dwBaseAddress, bOnePage, 4 * 1024, NULL));

    DWORD *pdw;

    count++;
    printf("%d\n", count);


    pdw = (DWORD*)bOnePage;
    for (int i=0; i < 1024;i++)
    {

        if (iPosition >= 1024)
        {
            printf("the array is out of its size\n");
            exit(0);
        }
        else if (dwValue == *pdw)                              //if the 4 Byte value in the memory is equal to the given value ,
        {                                                      //then entry the address of it
            dwAdapteRecord[iPosition] = dwBaseAddress+i;
            iPosition++;
        }


    }
}


void Find(HANDLE hProcess,DWORD dwValue)                                     //compare the 2GB memory that the first programme have,in this function
                                                                             //will call the ComparePage function{
    DWORD dwBaseAddress = 64 * 1024;
    DWORD dwOnePage = 4 * 1024;
    DWORD dwOneGb = 1024 * 1024 * 1024;

    for (int i = 0; i < ((2 * dwOneGb) / dwOnePage); i++)
        ComparePage(hProcess, dwValue, dwBaseAddress + i*dwOnePage);
    printf("The search is finish\n");
}


void ShowList()                       //show the result
{
    printf("The result is:\n");
    for (int i = 0; i < ::iPosition; i++)
    {
        printf("%d\n", ::dwAdapteRecord[i]);
    }
    printf("The value of the variable iPosition is:\n", ::iPosition);
};


int main()
{
    printf("%d\n", iPosition);
    system("PAUSE");
    HANDLE hProcess = CreateTheTestProcess();
    Find(hProcess, 12345);
    ShowList();

    system("PAUSE");
    return 0;
}

搜索结果出来,却是一个也没有,即使搜索不到内存值为12345的地址,希望大神指点指点。

1个回答

考虑端序了么?12345转换成16进制是00 00 30 39,在intel机器上是39 30 00 00
http://download.csdn.net/detail/caozhy/1859731 这个看下

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐