searchstring_unicode
来源:互联网 发布:知我药妆网假货多 编辑:程序博客网 时间:2024/05/18 03:31
#include "stdafx.h"
#include "stdio.h"
#include "psapi.h"
#include "Detours.h"
#include "winsock2.h"
#include <time.h>
#define GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS (0x04) // lpModuleName是模块中的一个地址
typedef BOOL (WINAPI* GetModuleHandleExA_T)(
DWORD dwFlags,
LPCSTR lpModuleName,
HMODULE* phModule
);
HMODULE getmodulenameex(char* buffer,int size,void* addri)
{
HMODULE hmodule;
char FileName[MAX_PATH] = {0};
GetModuleHandleExA_T GetModuleHandleExA=(GetModuleHandleExA_T)GetProcAddress(GetModuleHandle("kernel32.dll"),"GetModuleHandleExA");
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)addri, &hmodule);
GetModuleFileNameA(hmodule, buffer, size);
return hmodule;
}
DWORD getmodulesize(HMODULE hmod)
{
MODULEINFO mi;
GetModuleInformation(GetCurrentProcess(),hmod,&mi,sizeof(mi));
return mi.SizeOfImage;
}
int makecanwrite( int address,int len)
{
DWORD old;
VirtualProtectEx(GetCurrentProcess(),(void*)address,len,PAGE_EXECUTE_READWRITE,&old);
return 0;
}
void __stdcall logfuntionenter()
{
printf("sprintf\n");
}
typedef void (*print_log_T)(void);
print_log_T print_log_T_old=(print_log_T)((DWORD)GetSystemTime);
__declspec(naked) void print_log_T_new()
{
_asm
{
pushad
pushfd
call logfuntionenter
popfd
popad
jmp print_log_T_old
}
}
int sethooksprintf()
{
DetourAttach(&(PVOID&)print_log_T_old, print_log_T_new);
return 0;
}
int exec(const char* cmd)
{
PROCESS_INFORMATION pi;
STARTUPINFO si; //隐藏进程窗口
DWORD dwExitCode;
si.cb = sizeof(STARTUPINFO);
si.lpReserved = NULL;
si.lpDesktop = NULL;
si.lpTitle = NULL;
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.cbReserved2 = NULL;
si.lpReserved2 = NULL;
BOOL ret = CreateProcess(NULL,(char*)cmd,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);
if(ret)
{
CloseHandle(pi.hThread);
WaitForSingleObject(pi.hProcess,INFINITE);
GetExitCodeProcess(pi.hProcess,&dwExitCode);
CloseHandle(pi.hProcess);
return dwExitCode;
}
return -1;
}
void _DBGString(const char*format,...)
{
va_list v;
char buffer[500];
//SYSTEMTIME systemtime;
va_start(v,format);
_vsnprintf(buffer,500,format,v);
va_end(v);
OutputDebugStringA(buffer);
}
#define GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS (0x04) // lpModuleName是模块中的一个地址
typedef BOOL (WINAPI* GetModuleHandleExA_T)(
DWORD dwFlags,
LPCSTR lpModuleName,
HMODULE* phModule
);
// HMODULE getmodulename(char* buffer,int size,void* addri)
// {
// HMODULE hmodule;
// char FileName[MAX_PATH] = {0};
// GetModuleHandleExA_T GetModuleHandleExA=(GetModuleHandleExA_T)GetProcAddress(GetModuleHandle("kernel32.dll"),"GetModuleHandleExA");
// GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)addri, &hmodule);
// GetModuleFileNameA(hmodule, buffer, size);
// return hmodule;
// }
bool ischar(unsigned char c)
{
if(c>='A'&&c<='Z') return 1;
if(c>='a'&&c<='z') return 1;
if(c>='1'&&c<='9')return 1;
if(c=='0') return 1;
if(c==' ')return 1;
if(c=='_')return 1;
if(c=='&')return 1;
if(c=='/')return 1;
if(c=='\\')return 1;
if(c=='@')return 1;
if(c=='.')return 1;
if(c=='+')return 1;
if(c=='-')return 1;
if(c=='*')return 1;
if(c=='%')return 1;
if(c=='$')return 1;
if(c=='#')return 1;
if(c=='!')return 1;
if(c==':')return 1;
if(c=='?')return 1;
if(c=='[')return 1;
if(c==']')return 1;
if(c=='\'')return 1;
if(c=='\"')return 1;
if(c=='<')return 1;
if(c=='>')return 1;
return 0;
}
int isvisiblestring(char* p,int* len,int rlen,int &questnumbers)
{
int i;
questnumbers=0;
for(i=0;i<rlen;i++){
if(!ischar(p[i])){
*len = i;
return i;
}
if(p[i]=='?')questnumbers++;
}
return i;
}
#define distance(a,b,c) ((DWORD)(a)-(DWORD)(b)+(DWORD)(c))
extern MODULEINFO moduleinfo;
int enummodestring(HANDLE hproc,char*mem,int size,int mod,char*substring,char*substring2,char*substring3)
{
char* work = mem;
char*modptr=mem;
int i;
char namebuff[100];
char printbuff[130];
int len ;
char* pworkW=(CHAR*)mem;
int questionnumber;
while(1){
pworkW=(CHAR*)work;
len = strlen((char*)pworkW);
if(isvisiblestring((char*)pworkW,&len,len,questionnumber)){
if(len>=95)len=95;
strncpy(namebuff,(char*)pworkW,len);
namebuff[len]=0; //
if((substring&&strstr(namebuff,substring))||(substring2&&strstr(namebuff,substring2))||(substring3&&strstr(namebuff,substring3))){
DWORD ptrPos=distance(work,modptr,mod);
_DBGString("-----[%.8x]%s----------------",ptrPos,namebuff);
if((ptrPos<(DWORD)moduleinfo.lpBaseOfDll)||(ptrPos>((DWORD)moduleinfo.lpBaseOfDll+moduleinfo.SizeOfImage))){
DWORD old;
if(VirtualProtectEx(hproc,(void*)mod,4096,PAGE_EXECUTE_READWRITE,&old)){
memset((void*)ptrPos,0,len);
VirtualProtectEx(hproc,(void*)mod,4096,old,&old);
//_DBGString("memset ok %x",ptrPos);
}else{
int err=GetLastError();
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
DWORD dwRet = VirtualQueryEx(hproc,(void *)mod, &Buffer, sizeof(Buffer));
_DBGString("error rpage %x,error=0x%x AllocationProtect=%x Protect=%x State=%x Type=%x",mod,err,Buffer.AllocationProtect,Buffer.Protect,Buffer.State,Buffer.Type);
}
}
}
if(len) work+= len -1;
}
work++;
if(work>=(modptr+size-30) )
break;
}
return 0;
}
int unicodetocharstring(char*buffer,WCHAR* Buf,int size)
{
return WideCharToMultiByte(CP_ACP,WC_COMPOSITECHECK,Buf,-1,buffer,size,NULL,NULL);
}
int enummodestring_unicode(HANDLE hproc,char*mem,int size,int mod,char*substring,char*substring2,char*substring3)
{
char* work = mem;
char*modptr=mem;
int i;
char namebuff[100];
char printbuff[130];
int len ;
char* pworkW=(CHAR*)mem;
int questnumbers;
while(1){
pworkW=(CHAR*)work;
len = wcslen((WCHAR*)pworkW);
if(len>=strlen(substring)){
//_DBGString("-----1----------------");
unicodetocharstring(namebuff,(WCHAR*)pworkW,50);
namebuff[50]=0;
len = strlen(namebuff);
//_DBGString("-----2----------------");
if(isvisiblestring((char*)namebuff,&len,len,questnumbers)){
if(len>=95)len=95;
namebuff[len]=0; //
if(questnumbers<1&&len>10)_DBGString("[W]%s----------------",namebuff);
if((substring&&strstr(namebuff,substring))||(substring2&&strstr(namebuff,substring2))||(substring3&&strstr(namebuff,substring3))){
DWORD ptrPos=distance(work,modptr,mod);
_DBGString("W-----[%.8x]%s----------------WWWWWWWWW",ptrPos,namebuff);
if((ptrPos<(DWORD)moduleinfo.lpBaseOfDll)||(ptrPos>((DWORD)moduleinfo.lpBaseOfDll+moduleinfo.SizeOfImage))){
DWORD old;
if(VirtualProtectEx(hproc,(void*)mod,4096,PAGE_EXECUTE_READWRITE,&old)){
memset((void*)ptrPos,0,len*2);
VirtualProtectEx(hproc,(void*)mod,4096,old,&old);
//_DBGString("memset ok %x",ptrPos);
}else{
int err=GetLastError();
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
DWORD dwRet = VirtualQueryEx(hproc,(void *)mod, &Buffer, sizeof(Buffer));
_DBGString("error rpage %x,error=0x%x AllocationProtect=%x Protect=%x State=%x Type=%x",mod,err,Buffer.AllocationProtect,Buffer.Protect,Buffer.State,Buffer.Type);
}
}
}
}
//_DBGString("-----3----------------");
if(len) work+= len*2 -1;
}
work++;
if(work>=(modptr+size-30) )
break;
}
//_DBGString("-----4----------------");
return 0;
}
int rread(HANDLE hProcess, int address, char *buff, int size)
{
DWORD cb;
if(!ReadProcessMemory(hProcess,(VOID*)address,buff,size,&cb)||cb!=size){
return 0;
}else{
return cb;
}
return 0;
}
int searchstring(int highaddress,int lowaddress,char* substring,char* substring2,char* substring3)
{
SYSTEM_INFO SystemInfo;
ZeroMemory((void *)&SystemInfo,sizeof(SystemInfo));
GetSystemInfo( &SystemInfo);
DWORD high = (DWORD)SystemInfo.lpMaximumApplicationAddress;
DWORD low = (DWORD)SystemInfo.lpMinimumApplicationAddress;
if(highaddress){high=highaddress; }
if(lowaddress){low=lowaddress; }
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
int nSizePage=4096;
char* pagedata = new char [4096];
//_DBGString("low=%x high=%x",high,low);
HANDLE hproc=OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
#define PAGE_SIZE 4096
for (DWORD dwAddress=low; dwAddress<=high; dwAddress+=PAGE_SIZE){
DWORD dwRet = VirtualQueryEx(hproc,(void *)dwAddress, &Buffer, sizeof(Buffer));
if ((Buffer.State & MEM_COMMIT)&&(Buffer.Protect&(PAGE_READWRITE |PAGE_EXECUTE_READ| PAGE_EXECUTE_READWRITE| PAGE_READONLY| PAGE_WRITECOPY)))
{
try{
DWORD d ;
d=rread(hproc,(int)dwAddress,pagedata,nSizePage);
if(d){
//_DBGString("dwAddress=%x",dwAddress);
enummodestring(hproc,pagedata,nSizePage,dwAddress,substring,substring2,substring3);
}
}catch(...){
}
}
}
return 0;
}
int searchstring_unicode(int highaddress,int lowaddress,char* substring,char* substring2,char* substring3)
{
SYSTEM_INFO SystemInfo;
ZeroMemory((void *)&SystemInfo,sizeof(SystemInfo));
GetSystemInfo( &SystemInfo);
DWORD high = (DWORD)SystemInfo.lpMaximumApplicationAddress;
DWORD low = (DWORD)SystemInfo.lpMinimumApplicationAddress;
if(highaddress){high=highaddress; }
if(lowaddress){low=lowaddress; }
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
int nSizePage=4096;
char* pagedata = new char [4096];
//_DBGString("low=%x high=%x",high,low);
HANDLE hproc=OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
#define PAGE_SIZE 4096
for (DWORD dwAddress=low; dwAddress<=high; dwAddress+=PAGE_SIZE){
DWORD dwRet = VirtualQueryEx(hproc,(void *)dwAddress, &Buffer, sizeof(Buffer));
if ((Buffer.State & MEM_COMMIT)&&(Buffer.Protect&(PAGE_READWRITE |PAGE_EXECUTE_READ| PAGE_EXECUTE_READWRITE| PAGE_READONLY| PAGE_WRITECOPY)))
{
try{
DWORD d ;
d=rread(hproc,(int)dwAddress,pagedata,nSizePage);
if(d){
//_DBGString("dwAddress=%x",dwAddress);
enummodestring_unicode(hproc,pagedata,nSizePage,dwAddress,substring,substring2,substring3);
}
}catch(...){
}
}
}
return 0;
}
#include "stdio.h"
#include "psapi.h"
#include "Detours.h"
#include "winsock2.h"
#include <time.h>
#define GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS (0x04) // lpModuleName是模块中的一个地址
typedef BOOL (WINAPI* GetModuleHandleExA_T)(
DWORD dwFlags,
LPCSTR lpModuleName,
HMODULE* phModule
);
HMODULE getmodulenameex(char* buffer,int size,void* addri)
{
HMODULE hmodule;
char FileName[MAX_PATH] = {0};
GetModuleHandleExA_T GetModuleHandleExA=(GetModuleHandleExA_T)GetProcAddress(GetModuleHandle("kernel32.dll"),"GetModuleHandleExA");
GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)addri, &hmodule);
GetModuleFileNameA(hmodule, buffer, size);
return hmodule;
}
DWORD getmodulesize(HMODULE hmod)
{
MODULEINFO mi;
GetModuleInformation(GetCurrentProcess(),hmod,&mi,sizeof(mi));
return mi.SizeOfImage;
}
int makecanwrite( int address,int len)
{
DWORD old;
VirtualProtectEx(GetCurrentProcess(),(void*)address,len,PAGE_EXECUTE_READWRITE,&old);
return 0;
}
void __stdcall logfuntionenter()
{
printf("sprintf\n");
}
typedef void (*print_log_T)(void);
print_log_T print_log_T_old=(print_log_T)((DWORD)GetSystemTime);
__declspec(naked) void print_log_T_new()
{
_asm
{
pushad
pushfd
call logfuntionenter
popfd
popad
jmp print_log_T_old
}
}
int sethooksprintf()
{
DetourAttach(&(PVOID&)print_log_T_old, print_log_T_new);
return 0;
}
int exec(const char* cmd)
{
PROCESS_INFORMATION pi;
STARTUPINFO si; //隐藏进程窗口
DWORD dwExitCode;
si.cb = sizeof(STARTUPINFO);
si.lpReserved = NULL;
si.lpDesktop = NULL;
si.lpTitle = NULL;
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.cbReserved2 = NULL;
si.lpReserved2 = NULL;
BOOL ret = CreateProcess(NULL,(char*)cmd,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);
if(ret)
{
CloseHandle(pi.hThread);
WaitForSingleObject(pi.hProcess,INFINITE);
GetExitCodeProcess(pi.hProcess,&dwExitCode);
CloseHandle(pi.hProcess);
return dwExitCode;
}
return -1;
}
void _DBGString(const char*format,...)
{
va_list v;
char buffer[500];
//SYSTEMTIME systemtime;
va_start(v,format);
_vsnprintf(buffer,500,format,v);
va_end(v);
OutputDebugStringA(buffer);
}
#define GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS (0x04) // lpModuleName是模块中的一个地址
typedef BOOL (WINAPI* GetModuleHandleExA_T)(
DWORD dwFlags,
LPCSTR lpModuleName,
HMODULE* phModule
);
// HMODULE getmodulename(char* buffer,int size,void* addri)
// {
// HMODULE hmodule;
// char FileName[MAX_PATH] = {0};
// GetModuleHandleExA_T GetModuleHandleExA=(GetModuleHandleExA_T)GetProcAddress(GetModuleHandle("kernel32.dll"),"GetModuleHandleExA");
// GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCSTR)addri, &hmodule);
// GetModuleFileNameA(hmodule, buffer, size);
// return hmodule;
// }
bool ischar(unsigned char c)
{
if(c>='A'&&c<='Z') return 1;
if(c>='a'&&c<='z') return 1;
if(c>='1'&&c<='9')return 1;
if(c=='0') return 1;
if(c==' ')return 1;
if(c=='_')return 1;
if(c=='&')return 1;
if(c=='/')return 1;
if(c=='\\')return 1;
if(c=='@')return 1;
if(c=='.')return 1;
if(c=='+')return 1;
if(c=='-')return 1;
if(c=='*')return 1;
if(c=='%')return 1;
if(c=='$')return 1;
if(c=='#')return 1;
if(c=='!')return 1;
if(c==':')return 1;
if(c=='?')return 1;
if(c=='[')return 1;
if(c==']')return 1;
if(c=='\'')return 1;
if(c=='\"')return 1;
if(c=='<')return 1;
if(c=='>')return 1;
return 0;
}
int isvisiblestring(char* p,int* len,int rlen,int &questnumbers)
{
int i;
questnumbers=0;
for(i=0;i<rlen;i++){
if(!ischar(p[i])){
*len = i;
return i;
}
if(p[i]=='?')questnumbers++;
}
return i;
}
#define distance(a,b,c) ((DWORD)(a)-(DWORD)(b)+(DWORD)(c))
extern MODULEINFO moduleinfo;
int enummodestring(HANDLE hproc,char*mem,int size,int mod,char*substring,char*substring2,char*substring3)
{
char* work = mem;
char*modptr=mem;
int i;
char namebuff[100];
char printbuff[130];
int len ;
char* pworkW=(CHAR*)mem;
int questionnumber;
while(1){
pworkW=(CHAR*)work;
len = strlen((char*)pworkW);
if(isvisiblestring((char*)pworkW,&len,len,questionnumber)){
if(len>=95)len=95;
strncpy(namebuff,(char*)pworkW,len);
namebuff[len]=0; //
if((substring&&strstr(namebuff,substring))||(substring2&&strstr(namebuff,substring2))||(substring3&&strstr(namebuff,substring3))){
DWORD ptrPos=distance(work,modptr,mod);
_DBGString("-----[%.8x]%s----------------",ptrPos,namebuff);
if((ptrPos<(DWORD)moduleinfo.lpBaseOfDll)||(ptrPos>((DWORD)moduleinfo.lpBaseOfDll+moduleinfo.SizeOfImage))){
DWORD old;
if(VirtualProtectEx(hproc,(void*)mod,4096,PAGE_EXECUTE_READWRITE,&old)){
memset((void*)ptrPos,0,len);
VirtualProtectEx(hproc,(void*)mod,4096,old,&old);
//_DBGString("memset ok %x",ptrPos);
}else{
int err=GetLastError();
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
DWORD dwRet = VirtualQueryEx(hproc,(void *)mod, &Buffer, sizeof(Buffer));
_DBGString("error rpage %x,error=0x%x AllocationProtect=%x Protect=%x State=%x Type=%x",mod,err,Buffer.AllocationProtect,Buffer.Protect,Buffer.State,Buffer.Type);
}
}
}
if(len) work+= len -1;
}
work++;
if(work>=(modptr+size-30) )
break;
}
return 0;
}
int unicodetocharstring(char*buffer,WCHAR* Buf,int size)
{
return WideCharToMultiByte(CP_ACP,WC_COMPOSITECHECK,Buf,-1,buffer,size,NULL,NULL);
}
int enummodestring_unicode(HANDLE hproc,char*mem,int size,int mod,char*substring,char*substring2,char*substring3)
{
char* work = mem;
char*modptr=mem;
int i;
char namebuff[100];
char printbuff[130];
int len ;
char* pworkW=(CHAR*)mem;
int questnumbers;
while(1){
pworkW=(CHAR*)work;
len = wcslen((WCHAR*)pworkW);
if(len>=strlen(substring)){
//_DBGString("-----1----------------");
unicodetocharstring(namebuff,(WCHAR*)pworkW,50);
namebuff[50]=0;
len = strlen(namebuff);
//_DBGString("-----2----------------");
if(isvisiblestring((char*)namebuff,&len,len,questnumbers)){
if(len>=95)len=95;
namebuff[len]=0; //
if(questnumbers<1&&len>10)_DBGString("[W]%s----------------",namebuff);
if((substring&&strstr(namebuff,substring))||(substring2&&strstr(namebuff,substring2))||(substring3&&strstr(namebuff,substring3))){
DWORD ptrPos=distance(work,modptr,mod);
_DBGString("W-----[%.8x]%s----------------WWWWWWWWW",ptrPos,namebuff);
if((ptrPos<(DWORD)moduleinfo.lpBaseOfDll)||(ptrPos>((DWORD)moduleinfo.lpBaseOfDll+moduleinfo.SizeOfImage))){
DWORD old;
if(VirtualProtectEx(hproc,(void*)mod,4096,PAGE_EXECUTE_READWRITE,&old)){
memset((void*)ptrPos,0,len*2);
VirtualProtectEx(hproc,(void*)mod,4096,old,&old);
//_DBGString("memset ok %x",ptrPos);
}else{
int err=GetLastError();
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
DWORD dwRet = VirtualQueryEx(hproc,(void *)mod, &Buffer, sizeof(Buffer));
_DBGString("error rpage %x,error=0x%x AllocationProtect=%x Protect=%x State=%x Type=%x",mod,err,Buffer.AllocationProtect,Buffer.Protect,Buffer.State,Buffer.Type);
}
}
}
}
//_DBGString("-----3----------------");
if(len) work+= len*2 -1;
}
work++;
if(work>=(modptr+size-30) )
break;
}
//_DBGString("-----4----------------");
return 0;
}
int rread(HANDLE hProcess, int address, char *buff, int size)
{
DWORD cb;
if(!ReadProcessMemory(hProcess,(VOID*)address,buff,size,&cb)||cb!=size){
return 0;
}else{
return cb;
}
return 0;
}
int searchstring(int highaddress,int lowaddress,char* substring,char* substring2,char* substring3)
{
SYSTEM_INFO SystemInfo;
ZeroMemory((void *)&SystemInfo,sizeof(SystemInfo));
GetSystemInfo( &SystemInfo);
DWORD high = (DWORD)SystemInfo.lpMaximumApplicationAddress;
DWORD low = (DWORD)SystemInfo.lpMinimumApplicationAddress;
if(highaddress){high=highaddress; }
if(lowaddress){low=lowaddress; }
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
int nSizePage=4096;
char* pagedata = new char [4096];
//_DBGString("low=%x high=%x",high,low);
HANDLE hproc=OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
#define PAGE_SIZE 4096
for (DWORD dwAddress=low; dwAddress<=high; dwAddress+=PAGE_SIZE){
DWORD dwRet = VirtualQueryEx(hproc,(void *)dwAddress, &Buffer, sizeof(Buffer));
if ((Buffer.State & MEM_COMMIT)&&(Buffer.Protect&(PAGE_READWRITE |PAGE_EXECUTE_READ| PAGE_EXECUTE_READWRITE| PAGE_READONLY| PAGE_WRITECOPY)))
{
try{
DWORD d ;
d=rread(hproc,(int)dwAddress,pagedata,nSizePage);
if(d){
//_DBGString("dwAddress=%x",dwAddress);
enummodestring(hproc,pagedata,nSizePage,dwAddress,substring,substring2,substring3);
}
}catch(...){
}
}
}
return 0;
}
int searchstring_unicode(int highaddress,int lowaddress,char* substring,char* substring2,char* substring3)
{
SYSTEM_INFO SystemInfo;
ZeroMemory((void *)&SystemInfo,sizeof(SystemInfo));
GetSystemInfo( &SystemInfo);
DWORD high = (DWORD)SystemInfo.lpMaximumApplicationAddress;
DWORD low = (DWORD)SystemInfo.lpMinimumApplicationAddress;
if(highaddress){high=highaddress; }
if(lowaddress){low=lowaddress; }
MEMORY_BASIC_INFORMATION Buffer;
ZeroMemory((void *)&Buffer,sizeof(Buffer));
int nSizePage=4096;
char* pagedata = new char [4096];
//_DBGString("low=%x high=%x",high,low);
HANDLE hproc=OpenProcess(PROCESS_ALL_ACCESS,0,GetCurrentProcessId());
#define PAGE_SIZE 4096
for (DWORD dwAddress=low; dwAddress<=high; dwAddress+=PAGE_SIZE){
DWORD dwRet = VirtualQueryEx(hproc,(void *)dwAddress, &Buffer, sizeof(Buffer));
if ((Buffer.State & MEM_COMMIT)&&(Buffer.Protect&(PAGE_READWRITE |PAGE_EXECUTE_READ| PAGE_EXECUTE_READWRITE| PAGE_READONLY| PAGE_WRITECOPY)))
{
try{
DWORD d ;
d=rread(hproc,(int)dwAddress,pagedata,nSizePage);
if(d){
//_DBGString("dwAddress=%x",dwAddress);
enummodestring_unicode(hproc,pagedata,nSizePage,dwAddress,substring,substring2,substring3);
}
}catch(...){
}
}
}
return 0;
}
0 0
- searchstring_unicode
- java国际化
- Android布局中ScrollView与ListView的冲突的最简单方法(listItem.measure(0, 0))
- JSP标签JSTL的使用(1)--表达式操作
- 微信企业号登录授权Java实现根据userid换openid
- 【bzoj4059】[Cerc2012]Non-boring sequences 分治
- searchstring_unicode
- controller写法
- Unity获取游戏对象详解
- box-sizing
- 让地图视图自适应线路
- 结构型模式之适配器模式
- java之导包和项目打包
- 了解Java Web——入门
- linux常用命令
