【发布时间】:2011-10-13 09:27:27
【问题描述】:
好的,所以我正在尝试在此处执行旧的破解计算器教程: http://www.youtube.com/watch?v=I0zPwg4iUDk 但是通过添加一个表单和一个按钮将新值注入到计算器中,让我自己旋转一下。但它不断吐出“无法写入内存”错误。现在我不知道为什么,但我认为这是因为我试图写入的内存地址来自 64 位操作系统。谁能告诉我为什么这不起作用?
#include <iostream>
#include <windows.h>
#define IDBUTTON 102
//prototypes
void injectValue();
using namespace std;
/* Declare Windows procedure */
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "CodeBlocksWindowsApp";
HINSTANCE g_hInst;
int newValue = 500;
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nCmdShow)
{
HWND hwnd; /* This is the handle for our window */
MSG messages; /* Here messages to the application are saved */
WNDCLASSEX wincl; /* Data structure for the windowclass */
/* The Window structure */
g_hInst = hThisInstance;
wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName;
wincl.lpfnWndProc = WindowProcedure; /* This function is called by windows */
wincl.style = CS_DBLCLKS; /* Catch double-clicks */
wincl.cbSize = sizeof (WNDCLASSEX);
/* Use default icon and mouse-pointer */
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL; /* No menu */
wincl.cbClsExtra = 0; /* No extra bytes after the window class */
wincl.cbWndExtra = 0; /* structure or the window instance */
/* Use Windows's default colour as the background of the window */
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;
/* Register the window class, and if it fails quit the program */
if (!RegisterClassEx (&wincl))
return 0;
/* The class is registered, let's create the program*/
hwnd = CreateWindowEx (
0, /* Extended possibilites for variation */
szClassName, /* Classname */
"Calculator Trainer", /* Title Text */
WS_OVERLAPPEDWINDOW, /* default window */
CW_USEDEFAULT, /* Windows decides the position */
CW_USEDEFAULT, /* where the window ends up on the screen */
544, /* The programs width */
375, /* and height in pixels */
HWND_DESKTOP, /* The window is a child-window to desktop */
NULL, /* No menu */
hThisInstance, /* Program Instance handler */
NULL /* No Window Creation data */
);
/* Make the window visible on the screen */
ShowWindow (hwnd, nCmdShow);
/* Run the message loop. It will run until GetMessage() returns 0 */
while (GetMessage (&messages, NULL, 0, 0))
{
/* Translate virtual-key messages into character messages */
TranslateMessage(&messages);
/* Send message to WindowProcedure */
DispatchMessage(&messages);
}
/* The program return-value is 0 - The value that PostQuitMessage() gave */
return messages.wParam;
}
/* This function is called by the Windows function DispatchMessage() */
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HWND hwndButton;
switch (message) /* handle the messages */
{
case WM_COMMAND:
if(((HWND)lParam) && (HIWORD(wParam) == BN_CLICKED)){
switch(LOWORD(wParam)){
case IDBUTTON:{
injectValue();
break;
}
default:
break;
}
}
break;
case WM_CREATE:
hwndButton = CreateWindowEx(0, /* more or ''extended'' styles */
TEXT("BUTTON"), /* GUI ''class'' to create */
TEXT("Inject Value"), /* GUI caption */
WS_CHILD|WS_VISIBLE|BS_DEFPUSHBUTTON, /* control styles separated by | */
10, /* LEFT POSITION (Position from left) */
10, /* TOP POSITION (Position from Top) */
200, /* WIDTH OF CONTROL */
30, /* HEIGHT OF CONTROL */
hwnd, /* Parent window handle */
(HMENU)IDBUTTON, /* control''s ID for WM_COMMAND */
g_hInst, /* application instance */
NULL);
break;
case WM_DESTROY:
PostQuitMessage (0); /* send a WM_QUIT to the message queue */
break;
default: /* for messages that we don't deal with */
return DefWindowProc (hwnd, message, wParam, lParam);
}
return 0;
}
void injectValue(){
cout << "button pushed" << endl;
HWND chwnd = FindWindow(0, "Calculator");
if(chwnd == 0)
cerr << "HWND not found!" << endl;
else{
DWORD pID;
GetWindowThreadProcessId(chwnd, &pID);
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if(!hProc)
cerr << "Can't open hProc!" << endl;
else{
int success = WriteProcessMemory(hProc, (LPVOID) 0xA4283C508C, &newValue, (DWORD_PTR) sizeof(newValue), NULL);
if(success > 0)
cout << "wrote to memory" << endl;
else
cerr << "Can't write to memory" << endl;
}
}
}
【问题讨论】:
-
你确定 0xA4283C508C 是正确的吗?也许首先检查您是否可以从中读取,然后再写一些新的东西。如果你想写入 64 位进程,那么我认为你应该在 64 位模式下编译你的应用程序,这样你就可以对大指针进行操作。
-
是的,地址是正确的。我也在使用 code::blocks。如何在 64 位模式下编译我的程序?
-
您需要有 64 位 mingw 或 64 位版本的 Visual Studio(例如来自 Windwos SDK 7.1)。如果您的计算器是 64 位版本,则此地址肯定是错误的。此示例中使用的 CheatEngine 正在 32 位版本的计算器上工作,因此指针长度为 4 字节,而对于 64 位操作系统,您需要找到长度为 8 字节的指针。我不确定 CheatEngine 是否适用于 64 位应用程序,因此您很难找到此指针。
-
CheatEngine 6 及更高版本支持 64 位。此外,calc.exe 很可能支持 ASLR,因此它的镜像库可以在每次重新启动时更改。
标签: windows winapi memory 64-bit