我正在尝试读取当前进程的内容以查找模式,我通过调用
GetModuleHandleA()我尝试读取文件的大小并将文件大小用作最大循环计数器。
以下是我到目前为止编写的代码,
const char buf[] = { 0x40, 0x35, 0x02, 0x00, 0x78, 0x00 };
char ProcessFilePath[MAX_PATH];
GetModuleFileNameA(NULL, ProcessFilePath, MAX_PATH);
HANDLE hFile = CreateFileA(ProcessFilePath,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile == INVALID_HANDLE_VALUE)
return -1;
LARGE_INTEGER size;
GetFileSizeEx(hFile, &size);
const unsigned char* lpImage = (unsigned char*)GetModuleHandleA(NULL);
int maincounter = 0;
int patternsize = sizeof(buf);
for (int maincounter = 0; maincounter < size.LowPart; maincounter++)
{
printf("%02x", lpImage[maincounter]);
}
如何读取所有进程内存?确定进程内存大小的正确方法是什么?
谢谢
感谢@500 - Internal Server Error评论,我使用了ToolHelp API,我的问题得到了解决,
DWORD GetModuleBaseAddress()
{
MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) };
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
if (hSnapshot == INVALID_HANDLE_VALUE) {
return 0;
}
if (Module32First( hSnapshot, &me32 )) {
CloseHandle( hSnapshot );
return (DWORD)me32.modBaseAddr;
}
CloseHandle(hSnapshot);
return 0;
}