📄 task.cpp
字号:
#include "StdAfx.h"
#include ".\task.h"
#include "AddressListDlg.h"
#include <time.h>
//引入外部全局变量
HANDLE hProcess; //当前选中的进程句柄
extern PVOID m_pData; //源数据
extern DWORD dwDataLength;
extern int m_nWaitTime;
extern BOOL m_bAutoResearch;
extern int m_nResearchTimes;
CTask::CTask(BOOL bisClosed,BOOL bisActive)
{
title = _T("");
}
CTask::CTask(CString strTitle,BOOL bisClosed,BOOL bisActive)
: title(strTitle),dlg(strTitle),isClosed(bisClosed),isActive(bisActive)
{
}
CTask::~CTask(void)
{
isClosed = TRUE;
SetEvent(hSearchEvent);//为了让线程结束
CloseHandle(hSearchEvent);
CloseHandle(hSearchThread);
hSearchEvent = NULL;
hSearchThread = NULL;
}
//创建任务
BOOL CTask::CreateTask( //用于创建对话框成员的参数
UINT nIDTemplate, //所属控件ID
CWnd* pParentWnd) //父窗体句柄
{
hSearchEvent = CreateEvent(NULL,TRUE,FALSE,title);//创建搜索事件
if(hSearchEvent == NULL)
{
AfxMessageBox("搜索失败");
CloseHandle(hSearchThread);
return FALSE;
}
ResetEvent(hSearchEvent);
if(!CreateSearchThread(
NULL,
0,
SearchProc,
this,
0,
NULL)) //创建搜索线程
{
AfxMessageBox("搜索失败");
return FALSE;
}
dlg.Create(nIDTemplate,pParentWnd); //创建对话框
return TRUE;
}
//创建搜索线程
BOOL CTask::CreateSearchThread(
LPSECURITY_ATTRIBUTES lpThreadAttributes, //线程属性,可为 NULL
DWORD dwStackSize, //线程堆栈大小,可为 0,由系统分配默认大小
LPTHREAD_START_ROUTINE lpStartAddress, //线程回调函数指针
LPVOID lpParameter, //线程回调函数参数
DWORD dwCreationFlags, //创建标志,CREATE_SUSPENDED 挂起,0 立即启动
LPDWORD lpThreadId) //回写线程ID,为 NULL 则不回写
{
hSearchThread = CreateThread(
lpThreadAttributes,
dwStackSize,
lpStartAddress,
lpParameter,
dwCreationFlags,
lpThreadId);
if(hSearchThread == NULL)
return FALSE;
return TRUE;
}
//搜索线程回调函数
DWORD WINAPI CTask::SearchProc(LPVOID pParam)
{
CTask *task = (CTask*)pParam;
clock_t start, stop;
while(true)
{
for(int i=0;i<m_nResearchTimes;i++)
{
WaitForSingleObject(task->hSearchEvent,INFINITE);
if(task->isClosed)
break;
start = clock();//用于测定搜索时间
switch(dwDataLength) //根据字长选择搜索函数
{
case DATA_LENTH_DWORD:
task->Search32();break;
case DATA_LENTH_BYTE:
task->Search8();break;
case DATA_LENTH_WORD:
task->Search16();break;
default:
task->SearchString();break;
}
if(!m_bAutoResearch)
break;
// SetEvent(task->hSearchEndEvent);
Sleep(m_nWaitTime);
}
ResetEvent(task->hSearchEvent);
if(task->isClosed)
break;
stop = clock();
double duration = ((double)(stop - start)) / CLK_TCK * 1000;
//显示搜索结果及耗费时间
CString s;
s.Format("搜索到%d条记录,花了%lf毫秒!",task->dlg.addressArray.GetSize(),duration);
AfxMessageBox(s);
task->dlg.Display();
}
return 0;
}
///////////////////////////////////////搜索函数/////////////////////////////////////////////////////
void CTask::Search32()
{
DWORD pAddress = 0x00010000;
MEMORY_BASIC_INFORMATION mbi;
DATA_ATTRIBUTE dataAttribute;
dataAttribute.data = m_pData;
dataAttribute.dwDataLenth = dwDataLength;
PVOID data;
DWORD readSize;
DWORD dw;
PDWORD cal;
LONG value;
if(!dlg.addressArray.GetSize())
{
while(pAddress < 0x7ffeffff)
{
dw = VirtualQueryEx(hProcess,(LPVOID)pAddress,&mbi,sizeof(mbi));
if(dw > sizeof(mbi))
{
break;
}
// data = malloc(mbi.RegionSize);
if(mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
// 待搜寻区域。
data = malloc(mbi.RegionSize);
if(!ReadProcessMemory(hProcess,(LPVOID)pAddress,data,mbi.RegionSize,&readSize))
{
pAddress = pAddress + mbi.RegionSize;
free(data);
continue;
}
DWORD address = pAddress;
cal = (PDWORD)data;
// LONG value;
for(int i=0;i<(int)readSize;)
{
value = (LONG)(*cal);
if(value==(LONG)m_pData)
{
dataAttribute.dwAddress = address;
dlg.addressArray.Add(dataAttribute);
// CString s;
// s.Format("0x%08x",address);
// dlg.AddLine(dataAttribute);
}
cal = (ULONG*)((PBYTE)cal + 1);
i++;
address++;
}
free(data);
}
pAddress = pAddress + mbi.RegionSize;
}
//显示行数...
}
else
{
int index = 0;
pAddress = dlg.addressArray[index].dwAddress;
data = malloc(4);
for(;index<dlg.addressArray.GetSize();)
{
// 待搜寻区域。
ReadProcessMemory(hProcess,(LPVOID)pAddress,data,4,&readSize);
cal = (PDWORD)data;
// LONG value;
value = (LONG)(*cal);
if(value != (LONG)m_pData)
{
dlg.addressArray.RemoveAt(index);
// dlg.DeleteLine(index);
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
else
{
dlg.addressArray.SetData(index,m_pData);
index++;
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
}
free(data);
// dlg.Display();
//显示行数...
}
}
void CTask::Search16()
{
DWORD pAddress = 0x00010000;
MEMORY_BASIC_INFORMATION mbi;
DATA_ATTRIBUTE dataAttribute;
dataAttribute.data = m_pData;
dataAttribute.dwDataLenth = dwDataLength;
PVOID data;
DWORD readSize;
DWORD dw;
PWORD cal;
LONG value;
if(!dlg.addressArray.GetSize())
{
while(pAddress < 0x7ffeffff)
{
dw = VirtualQueryEx(hProcess,(LPVOID)pAddress,&mbi,sizeof(mbi));
if(dw > sizeof(mbi))
{
break;
}
if(mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
// 待搜寻区域。
data = malloc(mbi.RegionSize);
if(!ReadProcessMemory(hProcess,(LPVOID)pAddress,data,mbi.RegionSize,&readSize))
{
pAddress = pAddress + mbi.RegionSize;
free(data);
continue;
}
DWORD address = pAddress;
cal = (PWORD)data;
// LONG value;
for(int i=0;i<(int)readSize;)
{
value = (LONG)(*cal);
if(value==(LONG)m_pData)
{
dataAttribute.dwAddress = address;
dlg.addressArray.Add(dataAttribute);
// CString s;
// s.Format("0x%08x",address);
// dlg.AddLine(dataAttribute);
}
cal = (WORD*)((PBYTE)cal + 1);
i++;
address++;
}
free(data);
}
pAddress = pAddress + mbi.RegionSize;
}
//显示行数...
}
else
{
int index = 0;
pAddress = dlg.addressArray[index].dwAddress;
data = malloc(2);
for(;index<dlg.addressArray.GetSize();)
{
// 待搜寻区域。
ReadProcessMemory(hProcess,(LPVOID)pAddress,data,2,&readSize);
cal = (PWORD)data;
// LONG value;
value = (LONG)(*cal);
if(value != (LONG)m_pData)
{
dlg.addressArray.RemoveAt(index);
// dlg.DeleteLine(index);
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
else
{
dlg.addressArray.SetData(index,m_pData);
index++;
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
}
free(data);
// dlg.Display();
//显示行数...
}
}
void CTask::Search8()
{
DWORD pAddress = 0x00010000;
MEMORY_BASIC_INFORMATION mbi;
DATA_ATTRIBUTE dataAttribute;
dataAttribute.data = m_pData;
dataAttribute.dwDataLenth = dwDataLength;
PVOID data;
DWORD readSize;
DWORD dw;
PBYTE cal;
LONG value;
if(!dlg.addressArray.GetSize())
{
while(pAddress < 0x7ffeffff)
{
dw = VirtualQueryEx(hProcess,(LPVOID)pAddress,&mbi,sizeof(mbi));
if(dw > sizeof(mbi))
{
break;
}
if(mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
// 待搜寻区域。
data = malloc(mbi.RegionSize);
if(!ReadProcessMemory(hProcess,(LPVOID)pAddress,data,mbi.RegionSize,&readSize))
{
pAddress = pAddress + mbi.RegionSize;
free(data);
continue;
}
DWORD address = pAddress;
cal = (PBYTE)data;
// LONG value;
for(int i=0;i<(int)readSize;)
{
value = (LONG)(*cal);
if(value==(LONG)m_pData)
{
dataAttribute.dwAddress = address;
dlg.addressArray.Add(dataAttribute);
// CString s;
// s.Format("0x%08x",address);
// dlg.AddLine(dataAttribute);
}
cal = (BYTE*)((PBYTE)cal + 1);
i++;
address++;
}
free(data);
}
pAddress = pAddress + mbi.RegionSize;
}
//显示行数...
}
else
{
int index = 0;
pAddress = dlg.addressArray[index].dwAddress;
data = malloc(1);
for(;index<dlg.addressArray.GetSize();)
{
// 待搜寻区域。
ReadProcessMemory(hProcess,(LPVOID)pAddress,data,1,&readSize);
cal = (PBYTE)data;
// LONG value;
value = (LONG)(*cal);
if(value != (LONG)m_pData)
{
dlg.addressArray.RemoveAt(index);
// dlg.DeleteLine(index);
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
else
{
dlg.addressArray.SetData(index,m_pData);
index++;
if(dlg.addressArray.GetSize() > index)
pAddress = dlg.addressArray[index].dwAddress;
}
}
free(data);
// dlg.Display();
//显示行数...
}
}
//字符串搜索
void CTask::SearchString()
{
DWORD pAddress = 0x00010000;
MEMORY_BASIC_INFORMATION mbi;
DATA_ATTRIBUTE dataAttribute;
dataAttribute.data = m_pData;
dataAttribute.dwDataType = DATA_TPYE_STRING;
CString strData = _T("");
strData = (PBYTE)m_pData;
// strData = "游戏";
DWORD dataLength = strData.GetLength();
/* PCHAR sData = new CHAR[dataLength];
strcpy(sData,strData);
*/
dataAttribute.dwDataLenth = dataLength;
PVOID data;
DWORD readSize;
DWORD dw;
PBYTE cal;
if(!dlg.addressArray.GetSize())
{
while(pAddress < 0x7ffeffff)
{
dw = VirtualQueryEx(hProcess,(LPVOID)pAddress,&mbi,sizeof(mbi));
if(dw > sizeof(mbi))
{
break;
}
if(mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
// 待搜寻区域。
data = malloc(mbi.RegionSize);
if(!ReadProcessMemory(hProcess,(LPVOID)pAddress,data,mbi.RegionSize,&readSize))
{
pAddress = pAddress + mbi.RegionSize;
free(data);
continue;
}
cal = (PBYTE)data;
/* PCHAR c = new CHAR[dataLength];
c = (PCHAR)cal;*/
DWORD address = pAddress;
for(int i=0;i<readSize;)
{
// char [dataLength]
int compare = Compare(strData,cal);
// if(compare == -1)
// break;
if(compare == 1)//若遇到不匹配,让地址加 1
{
i++;
cal++;
address++;
continue;
}
else //若遇到匹配,让地址加一个字符串的长度
{
dataAttribute.dwAddress = address;
dlg.addressArray.Add(dataAttribute);
// dlg.AddLine(dataAttribute);
i ++;
cal ++;
address ++;
}
}
free(data);
}
pAddress = pAddress + mbi.RegionSize;
}
}
else
{
}
}
int CTask::Compare(const CString &str1,PBYTE str2)
{
// char c[10] = "ab\0afa";
// CString s = c;
// int a = s.GetLength();
CString str;
str = str2;
int length1 = str1.GetLength();
/*
for(int i=0;i<length1;i++)
{
str.SetAt(i,TCHAR(*str2));
str2 = (BYTE*)((PBYTE)str2 + 1);
}
*/
int length2 = str.GetLength();
if(length1>length2)
return 1;
// else
// {
for(int j=0;j<length1;j++)
{
if(str1[j] != str[j])
return 1;
}
return 0;
// }
}
///////////////////////////////////////搜索函数///////////////////////////////////////////////////////
HANDLE CTask::GetSearchHandle()
{
return hSearchThread;
}
//对话框操作
BOOL CTask::ShowWindow(int nCmdShow)
{
return dlg.ShowWindow(nCmdShow);
}
CWnd* CTask::SetFocus()
{
return dlg.SetFocus();
}
BOOL CTask::SetWindowPos (
const CWnd* pWndInsertAfter,
int x, //左上横坐标
int y, //左上纵坐标
int cx, //窗体宽度
int cy, //窗体高度
UINT nFlags ) //Specifies sizing and positioning options
{
return dlg.SetWindowPos(pWndInsertAfter,x,y,cx,cy,nFlags);
}
void CTask::MoveWindow (
LPCRECT lpRect,
BOOL bRepaint)
{
dlg.MoveWindow(lpRect,bRepaint);
}
void CTask::MoveWindow(
int x,
int y,
int nWidth,
int nHeight,
BOOL bRepaint )
{
dlg.MoveWindow(x,y,nWidth,nHeight,bRepaint);
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -