main.cpp

内存扫描的源代码,自己建一个注入进程工具就可以实现进程内的内存扫描

// Main.cpp : 实现文件
//

#include "stdafx.h"
#include "inject_hook.h"
#include "Main.h"
#include ".\main.h"
#include <afxsock.h>

//#include <iterator>   
#include <algorithm>			//STL

#pragma comment(lib,"ws2_32.lib")

int HexToInt(char *hex);	//十六进制字符串转数值型
extern BOOL bMainVisible;		//主面板是否可见
extern HANDLE hProcess;			//游戏主程序进程句柄
int	HexToChar(BYTE *pData,char *ReBuff,DWORD DataSize);

//调试用
char	OutMessBuff[0x10000]={0};
char	ChBuff[0x10000]={0};


// CMain 对话框

IMPLEMENT_DYNAMIC(CMain, CDialog)
CMain::CMain(CWnd* pParent /*=NULL*/)
	: CDialog(CMain::IDD, pParent)
	, m_viewLength(0)
	, m_scanValue(0)
	, m_memValue(_T(""))
	, m_strScanValue(_T(""))
{
	m_mid=100;
	m_address=NULL;
	m_midSecond=100;
	m_myMbi[0].BaseAddress=0;
	m_myMbi[0].RegionSize=0;
	m_isNum=0;
	cout=0;
	//m_address=(DWORD *)malloc(m_mid*sizeof(DWORD));
}

CMain::~CMain()
{
}

void CMain::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	DDX_Control(pDX, IDC_LIST2, m_memlist);
	DDX_Text(pDX, IDC_VALUE_EDIT,m_scanValue);
	DDX_Control(pDX, IDC_FIRST_BTN, m_newScanBtn);
	DDX_Control(pDX, IDC_SECOND_BTN, m_nextScanBtn);
	DDX_Text(pDX, IDC_VIEWLENGTH_EDIT, m_viewLength);
	DDX_Control(pDX, IDC_LIST3, m_memValueList);
	DDX_Text(pDX, IDC_EDIT1, m_strScanValue);
}


BEGIN_MESSAGE_MAP(CMain, CDialog)
	ON_BN_CLICKED(IDOK, OnBnClickedOk)
	ON_WM_CLOSE()
	//ON_BN_CLICKED(IDC_RECV, OnBnClickedRecv)
	//ON_BN_CLICKED(IDC_BUTTON1, OnBnClickedButton1)
//	ON_BN_CLICKED(IDC_GETCURRENTPROCESS, OnBnClickedGetcurrentprocess)
	//ON_BN_CLICKED(IDC_VirtualQueryEx, OnBnClickedVirtualqueryex)
	ON_BN_CLICKED(IDC_MEM, OnBnClickedMem)
	ON_BN_CLICKED(IDC_FIRST_BTN, OnBnClickedFirstBtn)
	ON_BN_CLICKED(IDC_SECOND_BTN, OnBnClickedSecondBtn)
	ON_BN_CLICKED(IDC_VIEW_BUTTON, OnBnClickedViewButton)
	ON_BN_CLICKED(IDC_RADIO1, OnBnClickedRadio1)
	ON_BN_CLICKED(IDC_RADIO2, OnBnClickedRadio2)
END_MESSAGE_MAP()


// CMain 消息处理程序

void CMain::OnBnClickedOk()
{
	DWORD dwTemp;
	char cStr[10] = {0};

	GetDlgItemText(IDC_INPUT,cStr,sizeof(cStr));
	int iAddress = HexToInt(cStr);
	dwTemp = *(DWORD *)iAddress;

	memset(ChBuff,0,sizeof(ChBuff));
	memset(OutMessBuff,0,sizeof(OutMessBuff));
	sprintf(OutMessBuff,"iAddress=%08x,content=%08x",iAddress,dwTemp);
	SetDlgItemText(IDC_OUTPUT,OutMessBuff);
}

/*void CMain::OnBnClickedRecv()
{
	DWORD dwTemp;

	HMODULE hWS32 = GetModuleHandle("WS2_32.dll");
	void* pRecv = (void*)GetProcAddress(hWS32, "recv"); 

	//*(BYTE*)pRecv = 1;

	dwTemp = *(DWORD *)pRecv;

	memset(ChBuff,0,sizeof(ChBuff));
	memset(OutMessBuff,0,sizeof(OutMessBuff));
	sprintf(OutMessBuff,"recv=%08x,content=%08x",(DWORD)pRecv,dwTemp);
	SetDlgItemText(IDC_OUTPUT,OutMessBuff);
}*/


/*void CMain::OnBnClickedButton1()
{
	DWORD dwSocket = *(DWORD *)(0x54CC88 + 0xC);

	memset(ChBuff,0,sizeof(ChBuff));
	memset(OutMessBuff,0,sizeof(OutMessBuff));
	sprintf(OutMessBuff,"socket=%08x", dwSocket);
	OutputDebugString(OutMessBuff);

	char buf[0x2000]={0};
	while (1)
	{
		int iRecv = recv((SOCKET)dwSocket, buf, sizeof(buf), MSG_PEEK); 
		if (iRecv <= 0 )
		{
			sprintf(OutMessBuff,"recv error code:%d", WSAGetLastError());
			SetDlgItemText(IDC_OUTPUT,OutMessBuff);
			Sleep(100);
			continue;
			//return;
		}
		
		memset(ChBuff,0,sizeof(ChBuff));
		memset(OutMessBuff,0,sizeof(OutMessBuff));
		HexToChar((BYTE*)buf, ChBuff, iRecv);
		sprintf(OutMessBuff,"(长度=%08x)接收数据:%s", iRecv, ChBuff);
		OutputDebugString(OutMessBuff);
		return;
		Sleep(100);
	}

}*/

/*
 * 函数介绍:16进制转成数值型
 * 输入参数:hex要转成字符的16进制
 * 输出参数:无
 * 返回值  :转换后的数值型
 */
int HexToInt(char *hex)
{
	int sum=0;
	int digit=1;
	int len=strlen(hex);
	for(int i=0;i<len;i++)
	{
         if((hex[len-i-1]>='a'&&hex[len-i-1]<='f')||(hex[len-i-1]>='A'&&hex[len-i-1]<='F'))
		 {
             sum+=digit*(hex[len-i-1]-'a'+10);
		 }
		 else
		 {
             sum+=digit*(hex[len-i-1]-'0');
		 }
		 digit*=16;
	}
	return sum;
}
int StrToInt(CString str)
{
	CString str1;
	int digit=0x1;
	char a[4];
	int sum=0x0;
	memcpy(a,str,str.GetLength());
	str1.Format("%s\n%d",str,str.GetLength());
    OutputDebugString(str1);
	for(int i=0;i<str.GetLength()&&i<4;i++)
	{
		sum+=a[i]*digit;
		digit*=16;
        digit*=16;
	}
	return sum;
}


void CMain::OnClose()
{
	// TODO: 在此添加消息处理程序代码和/或调用默认值

	bMainVisible = FALSE;
	ShowWindow(SW_HIDE);
	//CDialog::OnClose();
}

/*
 * 函数介绍:16进制转成字符
 * 输入参数:pData	要转成字符的16进制
			DataSize	要转成字符的16进制的长度
 * 输出参数:ReBuff	转成字符
 * 返回值  :返回已转成的字符长度
 */
int	HexToChar(BYTE *pData,char *ReBuff,DWORD DataSize)
{
	DWORD	i=0;
	for (; i<DataSize; i++)
	{
		BYTE	temp = pData[i];
		if ((temp>>4) < 10)
		{
			ReBuff[(DataSize-i)*2-2] = '0'+(temp>>4);
		}
		else
		{
			ReBuff[(DataSize-i)*2-2] = 'A'+((temp>>4)-10);
		}
		
		if ((temp&0x0f) < 10)
		{
			ReBuff[(DataSize-i)*2-1] = '0'+(temp&0x0f);
		}
		else
		{
			ReBuff[(DataSize-i)*2-1] = 'A'+((temp&0x0f)-10);
		}
	}
	return DataSize;
}
void HexToASCII(BYTE *pData,char *ReBuff,DWORD DataSize)
{
	for(int i=0;i<DataSize;i++)
	{
		ReBuff[i]=(char )*(pData+i);
	}
}
void CMain::OnBnClickedGetcurrentprocess()
{
	
	sprintf(OutMessBuff,"GetCurrentProcess:%08x", hProcess);
	SetDlgItemText(IDC_OUTPUT,OutMessBuff);
}

/*void CMain::OnBnClickedVirtualqueryex()
{
	DWORD dwTemp,dwTemp1;

	HMODULE hWS32 = GetModuleHandle("KERNEL32.dll");
	void* pVirtualQuery = (void*)GetProcAddress(hWS32, "VirtualQuery"); 
	void* pVirtualQueryEx = (void*)GetProcAddress(hWS32, "VirtualQueryEx"); 
	//*(BYTE*)pRecv = 1;

	dwTemp = *(DWORD *)pVirtualQuery;
	dwTemp1 = *(DWORD *)pVirtualQueryEx;
	memset(ChBuff,0,sizeof(ChBuff));
	memset(OutMessBuff,0,sizeof(OutMessBuff));
	sprintf(OutMessBuff,"VirtualQuery=%08x,content=%08x\nVirtualQueryEx=%08x,content=%08x",(DWORD)pVirtualQuery,dwTemp,(DWORD)pVirtualQueryEx,dwTemp1);
	SetDlgItemText(IDC_OUTPUT,OutMessBuff);
}*/

void CMain::OnBnClickedMem()
{
	MEMORY_BASIC_INFORMATION mbi;
	DWORD dwBaseAddress;
	SYSTEM_INFO si;
	GetSystemInfo(&si);
	dwBaseAddress = (DWORD)si.lpMinimumApplicationAddress;
	sprintf(OutMessBuff,"si.lpMinimumApplicationAddress=%08x",si.lpMinimumApplicationAddress);
	OutputDebugString(OutMessBuff);
	while (1)
	{
		mbi.BaseAddress = (LPVOID)dwBaseAddress;
		VirtualQuery((LPVOID)dwBaseAddress, &mbi, sizeof(mbi));

		dwBaseAddress = (DWORD)mbi.BaseAddress + mbi.RegionSize;

		if(mbi.State==MEM_FREE && mbi.RegionSize>0x08000000)
		{
			break;
		}

		if(mbi.State==MEM_COMMIT && mbi.Protect==PAGE_READWRITE)
		{
			sprintf(OutMessBuff,"mbi.BaseAddress=%08x,mbi.RegionSize=%08x",(DWORD)mbi.BaseAddress,mbi.RegionSize);
			OutputDebugString(OutMessBuff);
			
			BYTE *byResult = std::find((BYTE *)mbi.BaseAddress,(BYTE *)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize),1);

			if (byResult == (BYTE *)((DWORD)mbi.BaseAddress + mbi.RegionSize))
			{
				OutputDebugString("内存搜索...没有找到");
			}
			else
			{
				OutputDebugString("内存搜索...找到目标");
			}
		} 
	}

/*

	for(;;)  
	{  
		VirtualQueryEx(hProcess,(LPCVOID)dwBaseAddr,&MBI,sizeof(MBI));  
		if(MBI.State==MEM_COMMIT&&MBI.Protect==PAGE_READWRITE)  
		{  
			pMem=dwBaseAddr;  
			MaxMem=pMem+(MBI.RegionSize)/4096;  
			for(i   =   pMem;i<MaxMem;i++)  
			{  
				ReadProcessMemory(hProcess,(LPCVOID)pMem,Buffer,4096,NULL);  
				for(j=0;j<4096;j++)  
				{  
					if(*Buffer==FValue)  
					{  
					Addr.Add(pMem);  
					}  
					Buffer++;  
					pMem++;  
					}  
					Buffer=pOld;  
					}  
					}  
					else   if(MBI.State==MEM_FREE&&MBI.RegionSize>0x08000000)  
					break;  
					dwBaseAddr+=MBI.RegionSize;  
					}




					DWORD dwBaseAddress;
					SYSTEM_INFO si;
					GetSystemInfo(si);
					dwBaseAddress = si.lpMinimumApplicationAddress;
					while(dwBaseAddress < si.lpMaximumApplicationAddress)
					{
					mbi.BaseAddress = (LPVOID)dwBaseAddress;
					ProcessMem.Query((PVOID)dwBaseAddress, &mbi);
					VirtualQueryEx(hProcess, (LPVOID)dwAddress), mbi, sizeof(mbi)
					dwBaseAddress = (DWORD)mbi.BaseAddress + mbi.RegionSize;