能力值:
( LV3,RANK:30 )
2 楼
给你一个函数,是我正在写的OD插件中的(VC6),也是网上来的,感谢原作者,但记不清他的名字了,搜索飞快,5M的缓冲,我搜索一个特征码时,鼠标一点就出来了,感觉不出来迟滞:
//////////////////////////////////////////////////////////////////////////
//搜索内存函数
int CODPluginHelper::MemFind(int iStartPosition, LPBYTE pDestBuffer, int iDestBufferLength, LPBYTE pPatternBuffer, int iPatternBufferLength)
{
signed int iFoundPosition = -1, i = 0;
if(iStartPosition > iDestBufferLength) return -1;
for(i = iStartPosition; i < (iDestBufferLength + 1); i++)
{
if(memcmp(&pDestBuffer[i], pPatternBuffer, iPatternBufferLength) == 0)
{
iFoundPosition = i;
break;
}
}
return iFoundPosition;
}
能力值:
( LV3,RANK:30 )
3 楼
该函数的调用片断:
if(memory)
{
memset(memory, 0, mem_len);
//MM_RESTORE: 删除INT3断点
int ret = Readmemory(memory, mem_address_start, mem_len, MM_RESTORE);
if(ret = 0)
{
return;
}
int iFind = 0, iStart = 0, nCount = 0;
CDWordArray AddressArraay;
DWORD dwAdrressGoto = 0;
do
{
iFind = ODH.MemFind(iStart, memory, mem_len, a, strSig.GetLength() / 2);
if(iFind != -1)
{
iStart = iFind + 1;
char sss[256] = {0};
sprintf(sss, "iFind: %d", iFind);
OutputDebugString(sss);
AddressArraay.Add(iFind + mem_address_start);
nCount++;
if(nCount > 30)
{
break;
}
}
}
while(iFind != -1);
能力值:
( LV2,RANK:10 )
4 楼
这个好像是搜索本进程的,我想要搜索其它进程的有吗。。?
能力值:
( LV3,RANK:30 )
5 楼
远程线程注入,确定你搜索的首尾址,然后调用上面的代码即可
能力值:
( LV3,RANK:30 )
6 楼
当然用消息钩子钩住你要的进程,再调用上面的函数也可
能力值:
( LV2,RANK:10 )
7 楼
void __fastcall TForm1::KsssClick(TObject *Sender)
{
int i,ssz,qddz,zddz,p,*q,*buff;
HANDLE process;
MEMORY_BASIC_INFORMATION mbi;
ssz=StrToInt(Ssz->Text);
p=qddz=StrToInt(Qddz->Text);
zddz=StrToInt(Zddz->Text);
ListView1->Items->Clear();
ProgressBar1->Position=0;
ProgressBar1->Max=zddz;
process=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,false,Ppid);
do
{
VirtualQueryEx(process,(PVOID)p,&mbi,sizeof(mbi));
if((mbi.Protect&PAGE_READWRITE)&&(mbi.State==MEM_COMMIT))
{
buff=(int *)malloc(mbi.RegionSize);
ReadProcessMemory(process,mbi.BaseAddress,buff,mbi.RegionSize,NULL);
for(q=buff,i=0;i<(int)mbi.RegionSize;q++,i+=4)
if(*q==ssz)
{
TListItem *item=ListView1->Items->Add();
item->Caption=IntToStr(p+i);
item->SubItems->Add(IntToStr(*q));
}
free(buff);
}
p=p+mbi.RegionSize;
if(p<0)
ProgressBar1->Position=zddz;
else
ProgressBar1->Position=p;
}
while(qddz<p&&p<zddz);
CloseHandle(process);
}