64位进程地址的读内存

【问题标题】:Read memory of 64bit process address64位进程地址的读内存
【发布时间】:2020-03-08 08:36:53
【问题描述】:

我尝试在进程地址处读取内存 这就是代码:

std::cout << "Found Process " << procEntry32.szExeFile << " With process ID " << procEntry32.th32ProcessID << std::endl;
hProc == OpenProcess(PROCESS_ALL_ACCESS, FALSE, procEntry32.th32ProcessID);
pID = procEntry32.th32ProcessID;

if (hProc == NULL) {
    std::cout << "failed getting  handle" << std::endl;
}

CloseHandle(hProcSnap);
std::cout << "hProcSnap handle closed ... " << std::endl;
return true;

Code Output

我使用 DWORD64

如果我尝试读取 32 位进程但使用 64 位会出错,则此代码有效

【问题讨论】:

  • 我的猜测是,这与 32 位与 64 位无关。相反,失败的进程在不同的用户帐户下运行,或者在同一用户下运行但已提升,因此您的程序没有足够的权限来获取PROCESS_ALL_ACCESS 句柄。在OpenAccess 呼叫失败后检查GetLastError() - 我敢打赌它是ERROR_ACCESS_DENIED
  • 别忘了以管理员身份运行代码。
  • 没有正确的错误检查,没有答案

标签: c++ windows memory


【解决方案1】:

这可以帮助你:read_memory.cpp

这是一个个人项目,是我在电子游戏的记忆中读到的。

更新

bool Read_memory::initialize()
{
    string name = Thread::instance()->read("window_name");
    wstring name1(name.begin(), name.end());
    const wchar_t* name2 = name1.c_str();
    LPCTSTR window_name = name2;
    BOOL is_64bits;
    DWORD process_id;
    SYSTEM_INFO system_information;
    GetSystemInfo(&system_information);//GetSystemInfo at 32 bit
    hwnd = FindWindow(NULL, window_name);
    Thread::instance()->write("Information system found !", "console");
    proc_min_address = (int64_t) system_information.lpMinimumApplicationAddress;
    first_address = proc_min_address;
    proc_max_address = (int64_t) system_information.lpMaximumApplicationAddress;
    if(!hwnd)
    {
        Thread::instance()->write("Window not found !", "console");
        return false;
    }
    Thread::instance()->write("Window found", "console");
    GetWindowThreadProcessId(hwnd, &process_id);
    Thread::instance()->write((string)"process : " + std::to_string(process_id), "console");
    if(true)
    {
        if(true/*error == "5"*/)
        {
            if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &handle_token))
            {
                if (GetLastError() == ERROR_NO_TOKEN)
                {
                    if (!ImpersonateSelf(SecurityImpersonation))
                    {
                        Thread::instance()->write("ERROR 1 !!!", "console");
                        return false;
                    }

                    if(!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &handle_token))
                    {
                        Thread::instance()->write("ERROR 2 !!!", "console");
                        return false;
                    }
                }
                else
                {
                    Thread::instance()->write("ERROR 3 !!!", "console");
                    return false;
                }
            }
            if (!SetPrivilege(handle_token, SE_DEBUG_NAME, TRUE))
            {
                Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
                Thread::instance()->write("Error in AdjustTokenPrivileges", "console");
                return FALSE;
            }
            else
                Thread::instance()->write("Privilege modify", "console");

        }
        else
        {
            Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
            return false;
        }
    }
    handle = OpenProcess(PROCESS_ALL_ACCESS, false, process_id);
    if(!handle)
    {
        Thread::instance()->write((string)"error : " + std::to_string(GetLastError()), "console");
        Thread::instance()->write("SHIT !!!", "console");
        return false;
    }
    CloseHandle(handle_token);
    if(!IsWow64Process(handle, &is_64bits))
    {
        string error = (string)std::to_string(GetLastError());
        Thread::instance()->write("Could not use 64 bits process !", "console");
        Thread::instance()->write(error, "console");
        return false;
    }
    Thread::instance()->write("Use 32 bits process !", "console");
    Thread::instance()->write("Get handle !", "console");

    Thread::instance()->write((string)"Size of : " + std::to_string(sizeof(int64_t)), "console"); // 2^16
    Thread::instance()->write((string)"Min : " + std::to_string(proc_min_address), "console"); // 2^16
    Thread::instance()->write((string)"Max : " + std::to_string(proc_max_address), "console"); // 2^31 - 2^16
    SetForegroundWindow(hwnd);
    return true;
}

【讨论】:

  • 更具体的哪部分代码给出示例
  • 看方法Read_memory::initialize()第79行
  • 请不要这样链接代码。请在此处发布相关部分。
猜你喜欢
  • 2016-03-31
  • 1970-01-01
  • 1970-01-01
  • 2012-01-22
  • 2011-01-24
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2011-08-08
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode