问题描述
我正在尝试编写转储工具,并且内存中的一个文件位于太平洋地址,该文件中的文件大小为41mb。 我正在尝试将该文件的大小写到目录中。 您可以提供任何建议或意见,谢谢您。
我已经尝试过了...
这是我更新的代码:
#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream>
int sizevalue = 43.417254; // size of file
DWORD address = 0x43417254;
char Wfilename[14] = "cartfile.dat";
char Rfilename[14] = "cartfile.dat";
//entry
int main(int argc,char* argv[])
{
HWND hwnd = FindWindowA(NULL,"gametutorial");
if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetwindowThreadProcessId(hwnd,&procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ,PROCESS_VM_WRITE,procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
printf("Dumping cartfile Now... \n");
ofstream outputStream("cartfile.dat",ios::out | ios::binary);
if (outputStream.is_open())
{
std::cout << "file opened okay\n";
}
else
{
std::cout << "Error opening file\n";
}
ReadProcessMemory_(handle,(void*)address,&sizevalue,Rfilename,sizeof(sizevalue),0);
WriteProcessMemory_(handle,Wfilename,0);
0);
outputStream.close();
system("pause");
return 0;
}
Sleep(1);
}
}
}
}
BOOL WriteProcessMemory_(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID
lpBuffer,CHAR* lpfile,SIZE_T nSize,SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}
BOOL ReadProcessMemory_(HANDLE hProcess,SIZE_T* lpNumberOfBytesRead)
{
return 0;
}
这是我的头文件...
#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header
BOOL WriteProcessMemory_(
HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize,SIZE_T* lpNumberOfBytesWritten
);
BOOL ReadProcessMemory_(
HANDLE hProcess,SIZE_T* lpNumberOfBytesRead
);
但是它仍然转储具有0个文件大小0kb的cartfile。 那怎么办?
但是它仅转储Cartfile,但是大小为0。 其中二进制文件中的字节所保存的文件大小为41 mb。 文件打开正常,因此我可以成功打开文件。 这一定与它从内存中的字节写入文件的方式和文件的大小有关吗? 那我在做什么错了?
Here is a pic of the results on how these bytes are 41mb's
解决方法
这里是一个示例,该示例从正在运行的Notepad ++进程中写入64k内存。也许您可以根据需要进行调整。
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
#include <vector>
void* GetBaseAddress(HANDLE processHandle)
{
HMODULE hMods[1024];
DWORD cbNeeded;
if (EnumProcessModules(processHandle,hMods,sizeof(hMods),&cbNeeded))
{
return hMods[0];
}
return nullptr;
}
int main()
{
HWND hwnd = FindWindowA(NULL,"new 1 - Notepad++");
if (hwnd == NULL)
{
std::cout << "Cannot find window.\n";
return -1;
}
DWORD procID;
GetWindowThreadProcessId(hwnd,&procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION,procID);
if (procID == NULL)
{
std::cout << "Cannot obtain process.\n";
return -1;
}
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
// I don't have a fixed address so I just find the address of the first loaded module in the process.
// You need to determine your address and replace this.
void *address = GetBaseAddress(handle);
// Resize this buffer to whatever the size is you need.
std::vector<char> buffer(64 * 1024);
SIZE_T bytesRead = 0;
BOOL ret = ReadProcessMemory(handle,address,buffer.data(),buffer.size(),&bytesRead);
if (!ret)
{
std::cout << "Error (" << GetLastError() << ") reading memory\n";
return -1;
}
if (bytesRead != buffer.size())
{
std::cout << "Memory size mismatch. Requested " << buffer.size() << ",Received " << bytesRead << "\n";
return -1;
}
std::ofstream out("memory.dat",std::ios::out | std::ios::binary);
if (!out)
{
std::cout << "Error opening file\n";
return -1;
}
out.write(buffer.data(),buffer.size());
break;
}
}
return 0;
}