📄 main.cpp
字号:
if(mbi.State != MEM_COMMIT || mbi.AllocationProtect != PAGE_READWRITE); //跳过未分配或不可读写的区域
{
continue;
}
//搜索这块内存区域
}
*/
}
void CMain::OnBnClickedFirstBtn()
{
// TODO: 在此添加控件通知处理程序代码
UpdateData();
CString str;
m_i=0;
m_memInfo=0;
m_mid=100;
m_memlist.DeleteAllItems();
if(m_isNum==1)
{
m_scanValue=StrToInt(m_strScanValue);
}
str.Format("%x\n%s",m_scanValue,m_strScanValue);
OutputDebugString(str);
if(m_address!=NULL)
{
free(m_address);
}
m_address=(DWORD *)malloc(m_mid*sizeof(DWORD));
CString strDlgItemText;//暂时存储按纽上面的文本
GetDlgItemText(IDC_FIRST_BTN,strDlgItemText);
if(strDlgItemText.Compare("新扫描")==0)
{
SetDlgItemText(IDC_FIRST_BTN,"第一次扫描");
m_nextScanBtn.EnableWindow(0);
}
else
{
SetDlgItemText(IDC_FIRST_BTN,"新扫描");
m_nextScanBtn.EnableWindow(1); //窗口操作结束
MEMORY_BASIC_INFORMATION mbi;
DWORD dwBaseAddress;
SYSTEM_INFO si;
GetSystemInfo(&si);
dwBaseAddress = (DWORD)si.lpMinimumApplicationAddress;
sprintf(OutMessBuff,"si.lpMinimumApplicationAddress=%08x",si.lpMinimumApplicationAddress);
//OutputDebugString(OutMessBuff);
while (1)
{
mbi.BaseAddress = (LPVOID)dwBaseAddress;
VirtualQuery((LPVOID)dwBaseAddress, &mbi, sizeof(mbi));
dwBaseAddress = (DWORD)mbi.BaseAddress + mbi.RegionSize;
if(mbi.State==MEM_FREE && mbi.RegionSize>0x08000000)
{
break;
}
if(mbi.State==MEM_COMMIT && mbi.Protect==PAGE_READWRITE)
{
sprintf(OutMessBuff,"mbi.BaseAddress=%08x,mbi.RegionSize=%08x",(DWORD)mbi.BaseAddress,mbi.RegionSize);
//OutputDebugString(OutMessBuff);
BYTE *byResult = std::find((BYTE *)mbi.BaseAddress,(BYTE *)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize),m_scanValue);
if (byResult == (BYTE *)((DWORD)mbi.BaseAddress + mbi.RegionSize))
{
//m_memlist.DeleteAllItems();
//WriteClistCtrl();
//OutputDebugString("内存搜索...没有找到");
}
else
{
m_i++;
if(m_i>m_mid+100)
{
m_mid=m_i+100;
free(m_address);
m_address=(DWORD *)malloc(m_mid*sizeof(DWORD));
}
m_address[m_i]=(DWORD)byResult;
str.Format("%d",m_address[m_i]);
//OutputDebugString(str);
if(m_myMbi[m_memInfo].BaseAddress!=mbi.BaseAddress)
{
m_myMbi[m_memInfo].BaseAddress=mbi.BaseAddress;
m_myMbi[m_memInfo].RegionSize=mbi.RegionSize;
m_memInfo++;
}
WriteClistCtrl((DWORD)byResult);
}
}
}
}
}
void CMain::OnBnClickedSecondBtn()
{
UpdateData();
m_memlist.DeleteAllItems();
m_iSecond=0;
if(m_isNum==1)
{
m_scanValue=StrToInt(m_strScanValue);
}
MEMORY_BASIC_INFORMATION mbi;
DWORD dwBaseAddress;
SYSTEM_INFO si;
GetSystemInfo(&si);
dwBaseAddress = (DWORD)si.lpMinimumApplicationAddress;
sprintf(OutMessBuff,"si.lpMinimumApplicationAddress=%08x",si.lpMinimumApplicationAddress);
while (1)
{
mbi.BaseAddress = (LPVOID)dwBaseAddress;
VirtualQuery((LPVOID)dwBaseAddress, &mbi, sizeof(mbi));
dwBaseAddress = (DWORD)mbi.BaseAddress + mbi.RegionSize;
if(mbi.State==MEM_FREE && mbi.RegionSize>0x08000000)
{
break;
}
if(mbi.State==MEM_COMMIT && mbi.Protect==PAGE_READWRITE)
{
sprintf(OutMessBuff,"mbi.BaseAddress=%08x,mbi.RegionSize=%08x",(DWORD)mbi.BaseAddress,mbi.RegionSize);
BYTE *byResult = std::find((BYTE *)mbi.BaseAddress,(BYTE *)((DWORD)mbi.BaseAddress + (DWORD)mbi.RegionSize),m_scanValue);
if (byResult == (BYTE *)((DWORD)mbi.BaseAddress + mbi.RegionSize))
{
}
else
{
if(compositor((DWORD)byResult))
{
m_iSecond++;
m_addressSecond[m_iSecond]=(DWORD)byResult;
WriteClistCtrl((DWORD)byResult);
}
}
}
}
for(int i=1;i<=m_iSecond;i++)
m_address[i]=m_addressSecond[i];
m_i=m_iSecond;
}
void CMain::OnBnClickedViewButton()
{
CString str;
UpdateData();
m_memValueList.DeleteAllItems();
int i=m_memlist.GetSelectionMark( )+1;
str.Format("%d",i);
AfxMessageBox(str);
int j=0;
for(j=0;j<m_memInfo;j++)
{
if(m_address[i]<(DWORD)m_myMbi[j].BaseAddress)
break;
}
DWORD mem=m_address[i];
for(int k=m_viewLength/16;k>0;k--)
{
mem=m_address[i];
mem=(DWORD)((byte *)mem-(16*k));
if(mem<(DWORD)m_myMbi[j-1].BaseAddress)
continue;
WriteClistCtrl(mem,16);
}
mem=m_address[i];
for(i=0;i<(m_viewLength/16);i++)
{
WriteClistCtrl(mem,16);
mem=(DWORD)((byte *)mem+16);
if(mem>(DWORD)m_myMbi[j-1].BaseAddress+(DWORD)m_myMbi[j-1].RegionSize)
break;
}
//WriteClistCtrl(mem,m_viewLength%16);
// mem=(DWORD)((byte *)mem+16);
// TODO: 在此添加控件通知处理程序代码
}
/*
*功能向中写入东西
*参数一:写入的长度
*参数二:内存地址
*参数三:内存中的数值
*/
void CMain::WriteClistCtrl(int num, DWORD memAddress[], int value[])
{
m_memlist.DeleteAllItems();
CString strnum;
for(int i=0;i<num;i++)
{
strnum.Format("%d",i+1);
int nCount = m_memlist.GetItemCount();
int nItem = m_memlist.InsertItem (nCount,_T(""));
m_memlist.SetItemText(nItem,0,strnum);
strnum.Format("%d",memAddress[i]);
m_memlist.SetItemText(nItem,1,strnum);
strnum.Format("%d",value[i]);
m_memlist.SetItemText(nItem,2,strnum);
}
}
/*
*功能搜索没有相关数据的时候的值
*/
void CMain::WriteClistCtrl()
{
CString strnum="内存搜索...没有找到";
int nCount = m_memlist.GetItemCount();
int nItem = m_memlist.InsertItem (nCount,_T(""));
m_memlist.SetItemText(nItem,0,strnum);
strnum="";
m_memlist.SetItemText(nItem,1,strnum);
strnum="";
m_memlist.SetItemText(nItem,2,strnum);
}
/*把内存和内存中的值转化成十六进制再添加到CListCtrl左上角
*参数一:内存地址
*参数二:内存中地址的值,在此其实没用,为了扩充
*/
void CMain::WriteClistCtrl(DWORD memAddress)
{
CString strnum;
char a[9]="";
int nCount = m_memlist.GetItemCount();
int nItem = m_memlist.InsertItem (nCount,_T(""));
strnum.Format("%d",nCount+1);
m_memlist.SetItemText(nItem,0,strnum);
HexToChar((BYTE *)&memAddress,a,4);
strnum.Format("%s",a);
m_memlist.SetItemText(nItem,1,strnum);
HexToChar((BYTE *)memAddress,a,4);
strnum.Format("%s",a);
m_memlist.SetItemText(nItem,2,strnum);
}
/*把内存和内存中的值转化成十六进制再添加到CListCtrl下
*参数一:内存地址
*参数二:内存中地址的值,在此其实没用,为了扩充
*/
void CMain::WriteClistCtrl( DWORD memAddress, int value)
{
CString strnum;
CString str="";
char a[64]="";
char b[64]="";
int j=0;
int nCount = m_memValueList.GetItemCount();
int nItem = m_memValueList.InsertItem (nCount,_T(""));
HexToChar((BYTE *)&memAddress,a,4);
strnum.Format("%s",a);
m_memValueList.SetItemText(nItem,0,strnum);
str.Format("%d\n%s\n%d",memAddress,a,value);
//OutputDebugString(str);
HexToChar((BYTE *)memAddress,a,value);
for(int i=0;i<32;i++)
{
if(i%2==0&&i!=0)
{
b[j]=' ';
j++;
b[j]=' ';
j++;
}
b[j]=a[i];
j++;
}
strnum.Format("%s",b);
m_memValueList.SetItemText(nItem,1,strnum);
HexToASCII((BYTE *)memAddress,a,value);
strnum="";
for(int k=0;k<value;k++)
{
if(a[k]==0)
a[k]='.';
str.Format("%c",a[k]);
strnum+=str;
}
OutputDebugString(strnum);
m_memValueList.SetItemText(nItem,2,strnum);
}
/*
*初始化CListCtrl
*/
BOOL CMain::OnInitDialog()
{
CDialog::OnInitDialog();
// TODO: 在此添加额外的初始化
m_memlist.InsertColumn(0,"ID",LVCFMT_CENTER,30);
m_memlist.InsertColumn(1,"内存地址",LVCFMT_CENTER,150);
m_memlist.InsertColumn(2,"数值",LVCFMT_CENTER,60);
m_memlist.SetExtendedStyle(LVS_EX_GRIDLINES|LVS_EX_FULLROWSELECT);
//m_memValueList.InsertColumn(0,"ID",LVCFMT_CENTER,30);
m_memValueList.InsertColumn(0,"内存地址",LVCFMT_CENTER,60);
m_memValueList.InsertColumn(1,"数值",LVCFMT_LEFT,400);
m_memValueList.InsertColumn(2,"ASCII",LVCFMT_CENTER,150);
m_memValueList.SetExtendedStyle(LVS_EX_GRIDLINES|LVS_EX_FULLROWSELECT);
return TRUE; // return TRUE unless you set the focus to a control
// 异常: OCX 属性页应返回 FALSE
}
void CMain::OnBnClickedRadio1()
{
// TODO: 在此添加控件通知处理程序代码
m_isNum=0;
}
void CMain::OnBnClickedRadio2()
{
// TODO: 在此添加控件通知处理程序代码
m_isNum=1;
}
BOOL CMain::compositor(DWORD m_add)
{
for(int i=1;i<=m_i;i++)
{
if(m_add==m_address[i])
return 1;
}
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -