类似CE的read/writeIntger函数(外部)

#include <iostream>

#include <Windows.h>

#include <TlHelp32.h>

#include <vector>

#include <regex>

#include <sstream>

#include <string>

// global

DWORD pid = 0;

HANDLE hProcess = 0;

// 获取进程名的pid

DWORD getPID(const wchar_t* name)

{

	DWORD pid = 0;

	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	if (hSnap != INVALID_HANDLE_VALUE)

	{

		PROCESSENTRY32 pe;

		pe.dwSize = sizeof(pe);

		if (Process32First(hSnap, &pe))

		{

			do {

				if (!_wcsicmp(pe.szExeFile, name)) {

					pid = pe.th32ProcessID;

					break;

				}

			} while (Process32Next(hSnap, &pe));

		}

	}

	CloseHandle(hSnap);

	return pid;

}

// 获取模块基址

uintptr_t getModuleBaseAddress(DWORD pid, const wchar_t* modName)

{

	uintptr_t modBaseAddr = 0;

	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pid);

	if (hSnap != INVALID_HANDLE_VALUE)

	{

		MODULEENTRY32 me;

		me.dwSize = sizeof(me);

		if (Module32First(hSnap, &me))

		{

			do {

				if (!_wcsicmp(me.szModule, modName)) {

					modBaseAddr = (uintptr_t)me.modBaseAddr;

					break;

				}

			} while (Module32Next(hSnap, &me));

		}

	}

	CloseHandle(hSnap);

	return modBaseAddr;

}

std::string replaceString(std::string origenString, std::string replaceString, std::string newValue)

{

	int startIndex = origenString.find(replaceString);

	int endIndex = replaceString.size();

	return origenString.replace(startIndex - 1, endIndex + 2, newValue);

}

uintptr_t hexStr2Hex(std::string hexStr)

{

	uintptr_t r;

	std::stringstream(hexStr) >> std::hex >> r;

	return r;

}

struct SplitListItem

{

	std::string key;

	std::string value;

};

std::vector<SplitListItem> splitString(std::string origenString, std::regex pattern)

{

	std::smatch result;

	std::string::const_iterator iterStart = origenString.begin();

	std::string::const_iterator iterEnd = origenString.end();

	std::vector<std::string> splitList = {};

	std::vector<std::string> splitKeys = {};

	std::vector<SplitListItem> resultSplitList = {};

	while (regex_search(iterStart, iterEnd, result, pattern))

	{

		splitList.emplace_back(iterStart, result[0].first);

		splitKeys.push_back(result[0].str());

		iterStart = result[0].second;

	}

	splitList.emplace_back(iterStart, iterEnd);

	for (size_t i = 0; i < splitList.size(); i++)

	{

		resultSplitList.push_back(SplitListItem{ i > 0 ? splitKeys[i - 1] : "",  splitList[i] });

	}

	return resultSplitList;

}

uintptr_t getOffsetsAddress(std::string address, uintptr_t nextValue = 0)

{

	std::string str = std::regex_replace(address, (std::regex)"\\s", "") ;

	std::smatch result;

	std::regex pattern(".*\\[([^\\[\\]]+)\\].*");

	std::regex_match(str, result, pattern);

	if (result.size() == 0)

	{

		if (str.size() == 0) {

			return nextValue;

		}

		std::vector<SplitListItem>  r = splitString(str, (std::regex)"[+-]");

		uintptr_t a = hexStr2Hex(r[0].value);

		if (a == 0 && r[0].value != "0")

		{

			// 符号

			a = getModuleBaseAddress(

				pid,

				std::wstring(r[0].value.begin(), r[0].value.end()).c_str()

			);

		}

		uintptr_t b = hexStr2Hex(r[1].value);

		if (r[1].key == "+") a += b;

		if (r[1].key == "-") a -= b;

		return a;

	}

	std::vector<SplitListItem>  r = splitString(result[1], (std::regex)"[+-]");

	uintptr_t data = 0;

	for (size_t i = 0; i < r.size(); i++)

	{

		uintptr_t v = hexStr2Hex(r[i].value);

		if (v == 0 && r[i].value != "0")

		{

			// 符号

			data += getModuleBaseAddress(

				pid,

				std::wstring(r[i].value.begin(), r[i].value.end()).c_str()

			);

		}

		else

		{

			if (r[i].key == "+") data += v;

			if (r[i].key == "-") data -= v;

			ReadProcessMemory(hProcess, (LPCVOID)data, &data, 4, 0);

		}

	}

	std::stringstream hexData;

	hexData << std::hex << data;

	std::string newOrigenString = replaceString(str, result[1], hexData.str());

	return getOffsetsAddress(newOrigenString, data);

}

uintptr_t readIntger(std::string address)

{

	uintptr_t r = getOffsetsAddress(address);

	if (r == 0) return 0;

	ReadProcessMemory(hProcess, (LPCVOID)r, &r, 4, 0);

	return r;

}

uintptr_t writeIntger(std::string address, uintptr_t newInt)

{

	uintptr_t r = getOffsetsAddress(address);

	if (r == 0) return 0;

	WriteProcessMemory(hProcess, (LPVOID)r, (LPCVOID)&newInt, 4, 0);

	return r;

}

int main()

{

	// 地址: [game.exe+009E820C]+338

	std::string mainname = "game.exe";

	pid = getPID(std::wstring(mainname.begin(), mainname.end()).c_str());

	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

	if (hProcess == NULL) return 0;

	std::cout << readIntger("game.exe+009E820C") << std::endl;

	std::cout << readIntger("[game.exe + 009E820C] + 338") << std::endl;

	writeIntger("[game.exe+ 009E820C] + 338", 20);

	CloseHandle(hProcess);

	return 0;

}

c++ readIntger writeIntger的更多相关文章

随机推荐

  1. Django(ORM单表操作)

    默认使用sqllite数据库 修改为mysql数据库 创建数据库 在app models中编写创建数据库类 from django.db import models class Book(models ...

  2. 根据pom标签修改

    sed -i "s/<count>1<\/count>/<count>2<\/count>/g"  pom.xml

  3. mvn 多模块

    mvn archetype:generate -DgroupId=com.xxx.cloud -DartifactId=myapp -Dversion=1.0.0-SNAPSHOT -Dpackage ...

  4. arp病毒系列——攻击类型

       到目前为止,我所见闻的arp病毒攻击导致局域网几乎瘫痪的事例已经不下3次了,而且非常巧的​是:每次都是将近学校考试.大批同学新下四楼更新IP-Mac的时候出现!严重的时候你根本就ping不通网关 ...

  5. npm qs 模块(中文)

    本文基本使用谷歌翻译加上自己的理解,权当加深记忆. npm 简介 qs 是一个增加了一些安全性的查询字符串解析和序列化字符串的库.主要维护者:Jordan Harband最初创建者和维护者:TJ Ho ...

  6. DEDECMS:解决BMP、jpeg图片或MP4视频无法上传和在后台无法显示

    一.BMP图片无法上传解决方法: 1.修改配置文件: 在include-->dialog的文件夹下, select_images_post.php--> 把 $sparr = Array( ...

  7. 一个简单且易上手的 Spring boot 后台管理框架-->EL-ADMIN

    一个简单且易上手的 Spring boot 后台管理框架 后台源码 前台源码

  8. linux 一分钟搭建zookeeper linux 单机版(亲测可用)

    wget https://mirrors.tuna.tsinghua.edu.cn/apache/zookeeper/zookeeper-3.4.14/zookeeper-3.4.14.tar.gzt ...

  9. shell编程基础一

    1.定义变量 a=1 shell定义变量要注意等号前后不能有空格,不然会报错,请严格按照格式编写. 2.打印输出 echo 1 使用echo打印,后面留一个空格. 3.shell中通过 ${变量名} ...

  10. unix环境高级编程第三章笔记

    文件描述符 1.文件描述符的概念 对于内核而言,所有打开的文件都会用一个文件描述符来引用,打开或和创建一个新文件的时候,内核会给进程返回一个文件描述符,而当使用read write时,可以使用这个文件 ...