第一个程序,用于提供一个值(这里是12345)来让第二个程序搜索到
#include<stdio.h>
#include<stdlib.h>
int main()
{
int a = 12345;
printf("%d\n", a);
system("PAUSE");
return 0;
}
第二个程序,用于搜索第一个程序的内存地址空间中的指定值(这里是12345)的地址
#include<stdio.h>
#include<stdlib.h>
#include<Windows.h>
DWORD dwAdapteRecord[1024]; //used to entry the record that is eligibility
int iPosition=0; //used to indicate the position in the array dwAdapteRecord
int count=0;
HANDLE CreateTheTestProcess() //create the process of the first programme used as a test
{
STARTUPINFO si = { sizeof(&si) };
PROCESS_INFORMATION pi;
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = TRUE;
wchar_t szCommandLine[] = L"C:\\Users\\Adminstrator\\Documents\\Visual Studio 2012\\Projects\\ConsoleApplication1\\Debug\\ConsoleApplication1.exe";
CreateProcess(NULL, szCommandLine, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
return pi.hProcess;
}
void ComparePage(HANDLE hProcess,DWORD dwValue,DWORD dwBaseAddress) //compare the memory in one page to the given value
{
byte bOnePage[4 * 1024];
if (!ReadProcessMemory(hProcess, (LPVOID)dwBaseAddress, bOnePage, 4 * 1024, NULL));
DWORD *pdw;
count++;
printf("%d\n", count);
pdw = (DWORD*)bOnePage;
for (int i=0; i < 1024;i++)
{
if (iPosition >= 1024)
{
printf("the array is out of its size\n");
exit(0);
}
else if (dwValue == *pdw) //if the 4 Byte value in the memory is equal to the given value ,
{ //then entry the address of it
dwAdapteRecord[iPosition] = dwBaseAddress+i;
iPosition++;
}
}
}
void Find(HANDLE hProcess,DWORD dwValue) //compare the 2GB memory that the first programme have,in this function
//will call the ComparePage function{
DWORD dwBaseAddress = 64 * 1024;
DWORD dwOnePage = 4 * 1024;
DWORD dwOneGb = 1024 * 1024 * 1024;
for (int i = 0; i < ((2 * dwOneGb) / dwOnePage); i++)
ComparePage(hProcess, dwValue, dwBaseAddress + i*dwOnePage);
printf("The search is finish\n");
}
void ShowList() //show the result
{
printf("The result is:\n");
for (int i = 0; i < ::iPosition; i++)
{
printf("%d\n", ::dwAdapteRecord[i]);
}
printf("The value of the variable iPosition is:\n", ::iPosition);
};
int main()
{
printf("%d\n", iPosition);
system("PAUSE");
HANDLE hProcess = CreateTheTestProcess();
Find(hProcess, 12345);
ShowList();
system("PAUSE");
return 0;
}
搜索结果出来,却是一个也没有,即使搜索不到内存值为12345的地址,希望大神指点指点。