我正在尝试编写一个转储工具的代码,内存中的太平洋地址有一个文件,其中包含一个文件大小为41mb的文件。我正在尝试将文件大小的文件写入目录。你能提供的任何建议或意见都值得赞赏。
我试过这个。。。
这是我更新的代码:
#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream>
int sizevalue = 43.417254; // size of file
DWORD address = 0x43417254;
char Wfilename[14] = "cartfile.dat";
char Rfilename[14] = "cartfile.dat";
//entry
int main(int argc, char* argv[])
{
HWND hwnd = FindWindowA(NULL, "gametutorial");
if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ, PROCESS_VM_WRITE, procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
printf("Dumping cartfile now... n");
ofstream outputStream("cartfile.dat", ios::out | ios::binary);
if (outputStream.is_open())
{
std::cout << "file opened okayn";
}
else
{
std::cout << "Error opening filen";
}
ReadProcessMemory_(handle, (void*)address, &sizevalue, Rfilename,
sizeof(sizevalue), 0);
WriteProcessMemory_(handle, (void*)address, &sizevalue, Wfilename,
sizeof(sizevalue), 0);
0);
outputStream.close();
system("pause");
return 0;
}
Sleep(1);
}
}
}
}
BOOL WriteProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}
BOOL ReadProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{
return 0;
}
这是我的头文件。。。
#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header
BOOL WriteProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesWritten
);
BOOL ReadProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesRead
);
但它仍然会转储文件大小为0 kb的cartfile。那现在怎么办?
但它只转储Cartfile,但它的大小为0。二进制文件中某个位置的字节包含一个文件大小为41MB的文件。该文件打开良好,因此我可以成功打开该文件。这一定与它从内存中的字节写入文件的方式和文件大小有关?那么我做错了什么?
以下是关于这些字节是41mb的的结果图片
下面是一个从正在运行的Notepad++进程中写入64k内存的示例。也许你可以根据自己的需要进行调整。
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
#include <vector>
void* GetBaseAddress(HANDLE processHandle)
{
HMODULE hMods[1024];
DWORD cbNeeded;
if (EnumProcessModules(processHandle, hMods, sizeof(hMods), &cbNeeded))
{
return hMods[0];
}
return nullptr;
}
int main()
{
HWND hwnd = FindWindowA(NULL, "new 1 - Notepad++");
if (hwnd == NULL)
{
std::cout << "Cannot find window.n";
return -1;
}
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, procID);
if (procID == NULL)
{
std::cout << "Cannot obtain process.n";
return -1;
}
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
// I don't have a fixed address so I just find the address of the first loaded module in the process.
// You need to determine your address and replace this.
void *address = GetBaseAddress(handle);
// Resize this buffer to whatever the size is you need.
std::vector<char> buffer(64 * 1024);
SIZE_T bytesRead = 0;
BOOL ret = ReadProcessMemory(handle, address, buffer.data(), buffer.size(), &bytesRead);
if (!ret)
{
std::cout << "Error (" << GetLastError() << ") reading memoryn";
return -1;
}
if (bytesRead != buffer.size())
{
std::cout << "Memory size mismatch. Requested " << buffer.size() << ", Received " << bytesRead << "n";
return -1;
}
std::ofstream out("memory.dat", std::ios::out | std::ios::binary);
if (!out)
{
std::cout << "Error opening filen";
return -1;
}
out.write(buffer.data(), buffer.size());
break;
}
}
return 0;
}