5
कॉपी नहीं कर रहा है, मैं एक मेमोरी स्कैनर लिख रहा हूं और मैं एक विशेष पते की मेमोरी सामग्री को एक मेमोरी ब्लॉक संरचना के अंदर बफर में कॉपी करने में सक्षम होना चाहता हूं। कि मैं एक तथ्य यह है कि स्मृति की सामग्री खाली, नहीं है के लिए पता है जिन्हें आप नीचे देखपता से बफर में मेमोरी की प्रतिलिपि
#include <windows.h>
#include <stdio.h>
typedef struct _MEMBLOCK
{
HANDLE hProc;
unsigned char *addr;
int size;
unsigned char *buffer;
unsigned char *searchmask;
int matches;
struct _MEMBLOCK *next;
} MEMBLOCK;
MEMBLOCK* createMemblock(HANDLE hProc, MEMORY_BASIC_INFORMATION *meminfo)
{
MEMBLOCK *mb = malloc(sizeof(MEMBLOCK));
if (mb)
{
mb->hProc = hProc;
mb->addr = meminfo->BaseAddress;
mb->size = meminfo->RegionSize;
mb->buffer = malloc(meminfo->RegionSize);
mb->searchmask = malloc(meminfo->RegionSize/8);
memset(mb->searchmask, 0xff, meminfo->RegionSize/8);
mb->matches = meminfo->RegionSize;
mb->next = NULL;
}
return mb;
}
void dumpScanInfo(MEMBLOCK *mbList)
{
MEMBLOCK *mb = mbList;
while (mb)
{
int i;
printf("0x%08X - 0x%08X (0x%08X)", mb->addr, (mb->addr + mb->size), mb->size);
for (i = 0; i < mb->size; i++)
{
printf("%02x", mb->buffer[i]);
}
printf("\n");
mb = mb->next;
}
}
void freeMemblock(MEMBLOCK *mb)
{
if (mb)
{
if (mb->buffer)
{
free(mb->buffer);
}
if (mb->searchmask)
{
free(mb->searchmask);
}
free(mb);
}
}
void updateMemblock(MEMBLOCK *mb)
{
static unsigned char tempbuf[128 * 1024];
unsigned int bytesLeft;
unsigned int totalRead;
unsigned int bytesToRead;
unsigned int bytesRead;
bytesLeft = mb->size;
totalRead = 0;
while (bytesLeft)
{
bytesToRead = (bytesLeft > sizeof(tempbuf)) ? sizeof(tempbuf) : bytesLeft;
ReadProcessMemory(mb->hProc, mb->addr + totalRead, tempbuf, (DWORD)bytesToRead,(PDWORD)&bytesRead);
if (bytesRead != bytesToRead) break;
memcpy(mb->buffer + totalRead, tempbuf, bytesRead);
bytesLeft -= bytesRead;
totalRead += bytesRead;
}
mb->size = totalRead;
}
BOOL DoRtlAdjustPrivilege()
{
#define SE_DEBUG_PRIVILEGE 20L
#define AdjustCurrentProcess 0
BOOL bPrev = FALSE;
LONG(WINAPI *RtlAdjustPrivilege)(DWORD, BOOL, INT, PBOOL);
*(FARPROC *)&RtlAdjustPrivilege = GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlAdjustPrivilege");
if (!RtlAdjustPrivilege) return FALSE;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, AdjustCurrentProcess, &bPrev);
return TRUE;
}
typedef BOOL(CALLBACK *LPENUMADDRESSES)(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect);
BOOL EnumProcessAddresses(HANDLE hProcess, LPENUMADDRESSES lpCallback)
{
MEMORY_BASIC_INFORMATION mbi;
MEMBLOCK *mbList = NULL;
SYSTEM_INFO msi;
ZeroMemory(&mbi, sizeof(mbi));
GetSystemInfo(&msi);
for (LPBYTE lpAddress = (LPBYTE)msi.lpMinimumApplicationAddress;
lpAddress <= (LPBYTE)msi.lpMaximumApplicationAddress;
lpAddress += mbi.RegionSize)
{
if (VirtualQueryEx(hProcess, lpAddress, &mbi, sizeof(mbi)))
{
MEMBLOCK *mb = createMemblock(hProcess, &mbi);
if (mb)
{
mb->next = mbList;
mbList = mb;
updateMemblock(mb);
}
if (lpCallback && !lpCallback((LPBYTE)mbi.BaseAddress, mbi.RegionSize,
mbi.State, mbi.Type, mbi.Protect))
{
return FALSE;
}
}
else break;
}
printf("\nAfter updating the buffers\n");
dumpScanInfo(mbList);
return TRUE;
}
BOOL CALLBACK PrintAddressSpace(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect)
{
printf("0x%08X - 0x%08X (0x%08X) : ", lpAddress, (lpAddress + dwSize), dwSize);
if (dwState & MEM_COMMIT) printf("COMMITTED ");
if (dwState & MEM_FREE) printf("FREE ");
if (dwState & MEM_RESERVE) printf("RESERVED ");
if (dwType & MEM_IMAGE) printf("IMAGE ");
if (dwType & MEM_MAPPED) printf("MAPPED ");
if (dwType & MEM_PRIVATE) printf("PRIVATE ");
if (dwProtect & PAGE_EXECUTE) printf("EXECUTE ");
if (dwProtect & PAGE_EXECUTE_READ) printf("EXECUTE_READ ");
if (dwProtect & PAGE_EXECUTE_READWRITE) printf("EXECUTE_READWRITE ");
if (dwProtect & PAGE_EXECUTE_WRITECOPY) printf("EXECUTE_WRITECOPY ");
if (dwProtect & PAGE_NOACCESS) printf("NOACCESS ");
if (dwProtect & PAGE_READONLY) printf("READONLY ");
if (dwProtect & PAGE_READWRITE) printf("READWRITE ");
if (dwProtect & PAGE_WRITECOPY) printf("WRITECOPY ");
if (dwProtect & PAGE_GUARD) printf("GUARD ");
if (dwProtect & PAGE_NOCACHE) printf("NOCACHE ");
if (dwProtect & PAGE_WRITECOMBINE) printf("WRITECOMBINE ");
printf("\n");
return TRUE;
}
int main(int argc, char **argv)
{
if (!DoRtlAdjustPrivilege())
return 1;
if (argc < 2)
return 1;
DWORD dwPID = atoi(argv[1]);
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
if (hProcess == NULL)
return 1;
EnumProcessAddresses(hProcess, PrintAddressSpace);
CloseHandle(hProcess);
printf("Press Enter to Continue");
while (getchar() != '\n');
return 0;
}
अब, समस्या यह है कि मैं का सामना कर रहा हूँ है,: यहाँ मेरी कोड अब तक है
0x00010000 - 0x00020000 (0x00010000) : COMMITTED MAPPED READWRITE
0x00020000 - 0x00027000 (0x00007000) : COMMITTED MAPPED READONLY
0x00027000 - 0x00030000 (0x00009000) : FREE NOACCESS
0x00030000 - 0x00034000 (0x00004000) : COMMITTED MAPPED READONLY
0x00034000 - 0x00040000 (0x0000C000) : FREE NOACCESS
0x00040000 - 0x00042000 (0x00002000) : COMMITTED MAPPED READONLY
0x00042000 - 0x00050000 (0x0000E000) : FREE NOACCESS
0x00050000 - 0x00051000 (0x00001000) : COMMITTED PRIVATE READWRITE
0x00051000 - 0x00060000 (0x0000F000) : FREE NOACCESS
0x00060000 - 0x000C7000 (0x00067000) : COMMITTED MAPPED READONLY
0x000C7000 - 0x000D0000 (0x00009000) : FREE NOACCESS
0x000D0000 - 0x000D2000 (0x00002000) : COMMITTED MAPPED READWRITE
0x000D2000 - 0x000E0000 (0x0000E000) : FREE NOACCESS
0x000E0000 - 0x000E3000 (0x00003000) : COMMITTED MAPPED WRITECOPY
0x000E3000 - 0x000F0000 (0x0000D000) : FREE NOACCESS
0x000F0000 - 0x000F1000 (0x00001000) : COMMITTED PRIVATE READWRITE
0x000F1000 - 0x00100000 (0x0000F000) : FREE NOACCESS
0x00100000 - 0x00101000 (0x00001000) : COMMITTED PRIVATE READWRITE
0x00101000 - 0x00110000 (0x0000F000) : FREE NOACCESS
0x00110000 - 0x0011D000 (0x0000D000) : COMMITTED MAPPED WRITECOPY
0x0011D000 - 0x00120000 (0x00003000) : FREE NOACCESS
0x00120000 - 0x00121000 (0x00001000) : COMMITTED MAPPED READONLY
0x00121000 - 0x00130000 (0x0000F000) : FREE NOACCESS
0x00130000 - 0x00132000 (0x00002000) : COMMITTED MAPPED READONLY
0x00132000 - 0x00140000 (0x0000E000) : FREE NOACCESS
0x00140000 - 0x001AC000 (0x0006C000) : RESERVED PRIVATE
0x001AC000 - 0x001AF000 (0x00003000) : COMMITTED PRIVATE READWRITE GUARD
0x001AF000 - 0x001C0000 (0x00011000) : COMMITTED PRIVATE READWRITE
0x001C0000 - 0x001C1000 (0x00001000) : COMMITTED MAPPED READONLY
0x001C1000 - 0x00240000 (0x0007F000) : FREE NOACCESS
0x00240000 - 0x00248000 (0x00008000) : COMMITTED PRIVATE READWRITE
0x00248000 - 0x00250000 (0x00008000) : RESERVED PRIVATE
0x00250000 - 0x00260000 (0x00010000) : FREE NOACCESS
0x00260000 - 0x002FB000 (0x0009B000) : COMMITTED PRIVATE READWRITE
0x002FB000 - 0x00360000 (0x00065000) : RESERVED PRIVATE
0x00360000 - 0x003C8000 (0x00068000) : COMMITTED PRIVATE READWRITE
0x003C8000 - 0x00460000 (0x00098000) : RESERVED PRIVATE
0x00460000 - 0x00470000 (0x00010000) : COMMITTED MAPPED READONLY
0x00470000 - 0x005E0000 (0x00170000) : RESERVED MAPPED
0x005E0000 - 0x005E3000 (0x00003000) : COMMITTED MAPPED READONLY
0x005E3000 - 0x005E8000 (0x00005000) : RESERVED MAPPED
0x005E8000 - 0x005F0000 (0x00008000) : FREE NOACCESS
0x005F0000 - 0x00771000 (0x00181000) : COMMITTED MAPPED READONLY
0x00771000 - 0x00780000 (0x0000F000) : FREE NOACCESS
0x00780000 - 0x008C9000 (0x00149000) : COMMITTED MAPPED READONLY
0x008C9000 - 0x01B80000 (0x012B7000) : RESERVED MAPPED
0x01B80000 - 0x01C00000 (0x00080000) : FREE NOACCESS
0x01C00000 - 0x01C10000 (0x00010000) : COMMITTED PRIVATE READWRITE
0x01C10000 - 0x01C20000 (0x00010000) : COMMITTED PRIVATE READWRITE
0x01C20000 - 0x01C30000 (0x00010000) : COMMITTED PRIVATE READWRITE
0x01C30000 - 0x01C98000 (0x00068000) : COMMITTED PRIVATE READWRITE
0x01C98000 - 0x01D30000 (0x00098000) : RESERVED PRIVATE
0x01D30000 - 0x01D98000 (0x00068000) : COMMITTED PRIVATE READWRITE
0x01D98000 - 0x01E30000 (0x00098000) : RESERVED PRIVATE
0x01E30000 - 0x01E98000 (0x00068000) : COMMITTED PRIVATE READWRITE
0x01E98000 - 0x01F30000 (0x00098000) : RESERVED PRIVATE
0x01F30000 - 0x01FC0000 (0x00090000) : FREE NOACCESS
0x01FC0000 - 0x01FCA000 (0x0000A000) : COMMITTED PRIVATE READWRITE
0x01FCA000 - 0x01FD0000 (0x00006000) : RESERVED PRIVATE
0x01FD0000 - 0x01FE0000 (0x00010000) : FREE NOACCESS
0x01FE0000 - 0x01FE2000 (0x00002000) : COMMITTED PRIVATE READWRITE
0x01FE2000 - 0x01FF0000 (0x0000E000) : RESERVED PRIVATE
0x01FF0000 - 0x020E0000 (0x000F0000) : FREE NOACCESS
0x020E0000 - 0x020F0000 (0x00010000) : COMMITTED PRIVATE READWRITE
0x020F0000 - 0x0215F000 (0x0006F000) : COMMITTED PRIVATE READWRITE
0x0215F000 - 0x021F0000 (0x00091000) : RESERVED PRIVATE
0x021F0000 - 0x021F1000 (0x00001000) : COMMITTED PRIVATE READWRITE
0x021F1000 - 0x022F0000 (0x000FF000) : RESERVED PRIVATE
0x022F0000 - 0x023C0000 (0x000D0000) : FREE NOACCESS
0x023C0000 - 0x023DF000 (0x0001F000) : COMMITTED PRIVATE READWRITE
0x023DF000 - 0x02440000 (0x00061000) : RESERVED PRIVATE
0x02440000 - 0x0270F000 (0x002CF000) : COMMITTED MAPPED READONLY
0x0270F000 - 0x02710000 (0x00001000) : FREE NOACCESS
0x02710000 - 0x02778000 (0x00068000) : COMMITTED PRIVATE READWRITE
0x02778000 - 0x02810000 (0x00098000) : RESERVED PRIVATE
0x02810000 - 0x028C0000 (0x000B0000) : FREE NOACCESS
0x028C0000 - 0x028C2000 (0x00002000) : COMMITTED PRIVATE READWRITE
0x028C2000 - 0x02940000 (0x0007E000) : RESERVED PRIVATE
0x02940000 - 0x03290000 (0x00950000) : COMMITTED MAPPED READONLY
0x03290000 - 0x777D0000 (0x74540000) : FREE NOACCESS
0x777D0000 - 0x777D1000 (0x00001000) : COMMITTED IMAGE READONLY
0x777D1000 - 0x7786C000 (0x0009B000) : COMMITTED IMAGE EXECUTE_READ
0x7786C000 - 0x778DA000 (0x0006E000) : COMMITTED IMAGE READONLY
0x778DA000 - 0x778DC000 (0x00002000) : COMMITTED IMAGE READWRITE
0x778DC000 - 0x778EF000 (0x00013000) : COMMITTED IMAGE READONLY
0x778EF000 - 0x778F0000 (0x00001000) : FREE NOACCESS
0x778F0000 - 0x778F1000 (0x00001000) : COMMITTED IMAGE READONLY
0x778F1000 - 0x77972000 (0x00081000) : COMMITTED IMAGE EXECUTE_READ
0x77972000 - 0x77982000 (0x00010000) : COMMITTED IMAGE READONLY
0x77982000 - 0x77984000 (0x00002000) : COMMITTED IMAGE READWRITE
0x77984000 - 0x779EA000 (0x00066000) : COMMITTED IMAGE READONLY
0x779EA000 - 0x779F0000 (0x00006000) : FREE NOACCESS
0x779F0000 - 0x779F1000 (0x00001000) : COMMITTED IMAGE READONLY
0x779F1000 - 0x77AF3000 (0x00102000) : COMMITTED IMAGE EXECUTE_READ
0x77AF3000 - 0x77B22000 (0x0002F000) : COMMITTED IMAGE READONLY
0x77B22000 - 0x77B23000 (0x00001000) : COMMITTED IMAGE READWRITE
0x77B23000 - 0x77B24000 (0x00001000) : COMMITTED IMAGE READONLY
0x77B24000 - 0x77B25000 (0x00001000) : COMMITTED IMAGE READWRITE
0x77B25000 - 0x77B27000 (0x00002000) : COMMITTED IMAGE WRITECOPY
0x77B27000 - 0x77B28000 (0x00001000) : COMMITTED IMAGE READWRITE
0x77B28000 - 0x77B29000 (0x00001000) : COMMITTED IMAGE WRITECOPY
0x77B29000 - 0x77B2B000 (0x00002000) : COMMITTED IMAGE READWRITE
0x77B2B000 - 0x77B2E000 (0x00003000) : COMMITTED IMAGE WRITECOPY
0x77B2E000 - 0x77B99000 (0x0006B000) : COMMITTED IMAGE READONLY
0x77B99000 - 0x7EFE0000 (0x07447000) : FREE NOACCESS
0x7EFE0000 - 0x7EFE5000 (0x00005000) : COMMITTED MAPPED READONLY
0x7EFE5000 - 0x7F0E0000 (0x000FB000) : RESERVED MAPPED
0x7F0E0000 - 0x7FFE0000 (0x00F00000) : RESERVED PRIVATE
0x7FFE0000 - 0x7FFE1000 (0x00001000) : COMMITTED PRIVATE READONLY
0x7FFE1000 - 0x7FFF0000 (0x0000F000) : RESERVED PRIVATE
हम देखना है कि आकार गैर शून्य है, लेकिन एक बफर के लिए स्मृति कॉपी करने के लिए अद्यतन समारोह पर स्मृति ब्लॉक चलाने के बाद, तो ऐसा होता है:
After updating the buffers
0x7FFE1000 - 0x7FFE1000 (0x00000000)
0x7FFE0000 - 0x7FFE0000 (0x00000000)
0x7F0E0000 - 0x7F0E0000 (0x00000000)
0x7EFE5000 - 0x7EFE5000 (0x00000000)
0x7EFE0000 - 0x7EFE0000 (0x00000000)
0x77B99000 - 0x77B99000 (0x00000000)
0x77B2E000 - 0x77B2E000 (0x00000000)
0x77B2B000 - 0x77B2B000 (0x00000000)
0x77B29000 - 0x77B29000 (0x00000000)
0x77B28000 - 0x77B28000 (0x00000000)
0x77B27000 - 0x77B27000 (0x00000000)
0x77B25000 - 0x77B25000 (0x00000000)
0x77B24000 - 0x77B24000 (0x00000000)
0x77B23000 - 0x77B23000 (0x00000000)
0x77B22000 - 0x77B22000 (0x00000000)
0x77AF3000 - 0x77AF3000 (0x00000000)
0x779F1000 - 0x779F1000 (0x00000000)
0x779F0000 - 0x779F0000 (0x00000000)
0x779EA000 - 0x779EA000 (0x00000000)
0x77984000 - 0x77984000 (0x00000000)
0x77982000 - 0x77982000 (0x00000000)
0x77972000 - 0x77972000 (0x00000000)
0x778F1000 - 0x778F1000 (0x00000000)
0x778F0000 - 0x778F0000 (0x00000000)
0x778EF000 - 0x778EF000 (0x00000000)
0x778DC000 - 0x778DC000 (0x00000000)
0x778DA000 - 0x778DA000 (0x00000000)
0x7786C000 - 0x7786C000 (0x00000000)
0x777D1000 - 0x777D1000 (0x00000000)
0x777D0000 - 0x777D0000 (0x00000000)
0x03290000 - 0x03290000 (0x00000000)
0x02940000 - 0x02940000 (0x00000000)
0x028C2000 - 0x028C2000 (0x00000000)
0x028C0000 - 0x028C0000 (0x00000000)
0x02810000 - 0x02810000 (0x00000000)
0x02778000 - 0x02778000 (0x00000000)
0x02710000 - 0x02710000 (0x00000000)
0x0270F000 - 0x0270F000 (0x00000000)
0x02440000 - 0x02440000 (0x00000000)
0x023DF000 - 0x023DF000 (0x00000000)
0x023C0000 - 0x023C0000 (0x00000000)
0x022F0000 - 0x022F0000 (0x00000000)
0x021F1000 - 0x021F1000 (0x00000000)
0x021F0000 - 0x021F0000 (0x00000000)
0x0215F000 - 0x0215F000 (0x00000000)
0x020F0000 - 0x020F0000 (0x00000000)
0x020E0000 - 0x020E0000 (0x00000000)
0x01FF0000 - 0x01FF0000 (0x00000000)
0x01FE2000 - 0x01FE2000 (0x00000000)
0x01FE0000 - 0x01FE0000 (0x00000000)
0x01FD0000 - 0x01FD0000 (0x00000000)
0x01FCA000 - 0x01FCA000 (0x00000000)
0x01FC0000 - 0x01FC0000 (0x00000000)
0x01F30000 - 0x01F30000 (0x00000000)
0x01E98000 - 0x01E98000 (0x00000000)
0x01E30000 - 0x01E30000 (0x00000000)
0x01D98000 - 0x01D98000 (0x00000000)
0x01D30000 - 0x01D30000 (0x00000000)
0x01C98000 - 0x01C98000 (0x00000000)
0x01C30000 - 0x01C30000 (0x00000000)
0x01C20000 - 0x01C20000 (0x00000000)
0x01C10000 - 0x01C10000 (0x00000000)
0x01C00000 - 0x01C00000 (0x00000000)
0x01B80000 - 0x01B80000 (0x00000000)
0x008C9000 - 0x008C9000 (0x00000000)
0x00780000 - 0x00780000 (0x00000000)
0x00771000 - 0x00771000 (0x00000000)
0x005F0000 - 0x005F0000 (0x00000000)
0x005E8000 - 0x005E8000 (0x00000000)
0x005E3000 - 0x005E3000 (0x00000000)
0x005E0000 - 0x005E0000 (0x00000000)
0x00470000 - 0x00470000 (0x00000000)
0x00460000 - 0x00460000 (0x00000000)
0x003C8000 - 0x003C8000 (0x00000000)
0x00360000 - 0x00360000 (0x00000000)
0x002FB000 - 0x002FB000 (0x00000000)
0x00260000 - 0x00260000 (0x00000000)
0x00250000 - 0x00250000 (0x00000000)
0x00248000 - 0x00248000 (0x00000000)
0x00240000 - 0x00240000 (0x00000000)
0x001C1000 - 0x001C1000 (0x00000000)
0x001C0000 - 0x001C0000 (0x00000000)
0x001AF000 - 0x001AF000 (0x00000000)
0x001AC000 - 0x001AC000 (0x00000000)
0x00140000 - 0x00140000 (0x00000000)
0x00132000 - 0x00132000 (0x00000000)
0x00130000 - 0x00130000 (0x00000000)
0x00121000 - 0x00121000 (0x00000000)
0x00120000 - 0x00120000 (0x00000000)
0x0011D000 - 0x0011D000 (0x00000000)
0x00110000 - 0x00110000 (0x00000000)
0x00101000 - 0x00101000 (0x00000000)
0x00100000 - 0x00100000 (0x00000000)
0x000F1000 - 0x000F1000 (0x00000000)
0x000F0000 - 0x000F0000 (0x00000000)
0x000E3000 - 0x000E3000 (0x00000000)
0x000E0000 - 0x000E0000 (0x00000000)
0x000D2000 - 0x000D2000 (0x00000000)
0x000D0000 - 0x000D0000 (0x00000000)
0x000C7000 - 0x000C7000 (0x00000000)
0x00060000 - 0x00060000 (0x00000000)
0x00051000 - 0x00051000 (0x00000000)
0x00050000 - 0x00050000 (0x00000000)
0x00042000 - 0x00042000 (0x00000000)
0x00040000 - 0x00040000 (0x00000000)
0x00034000 - 0x00034000 (0x00000000)
0x00030000 - 0x00030000 (0x00000000)
0x00027000 - 0x00027000 (0x00000000)
0x00020000 - 0x00020000 (0x00000000)
0x00010000 - 0x00010000 (0x00000000)
Press Enter to Continue
मेरा अनुमान है मेरी updateMemblock समारोह इस का कारण है पूरा का पूरा पराजय है, लेकिन यकीन नहीं क्या गलत है ...
संपादित करें:
थोड़ा की जांच करने के बाद, ऐसा लगता है जैसे समस्या मेरी ReadProcessMemory कॉल में निहित है। कुछ googling के साथ मैंने सीखा है कि वहाँ ऐसी प्रक्रियाएं हैं जिनके पास पेज_गार्ड ध्वज सेट है, जो उस प्रक्रिया के लिए स्मृति को रीडप्रोसेस मैमरी का उपयोग करके पढ़ने से रोकता है, मैंने यह भी सीखा है कि वर्चुअलप्रोटेक्टएक्स का उपयोग कर अस्थायी रूप से इस ध्वज को अक्षम करना संभव है, इस प्रकार मैं इसे का उपयोग (और के रूप में आप कल्पना कर सकते हैं, यह मेरे लिए काम नहीं कर रहा है अभी तक)
DOWRD OLDPROTECT;
VirtualProtectEx(mb->hProc, mb->addr+totalRead, 1, PAGE_READONLY, &OLDPROTECT))
संपादित करें:
तो मैं थोड़ा के लिए इसके साथ tinkered, और यह है कि मैं क्या है:
#include <windows.h>
#include <stdio.h>
#include <iostream>
BOOL DoRtlAdjustPrivilege()
{
#define SE_DEBUG_PRIVILEGE 20L
#define AdjustCurrentProcess 0
BOOL bPrev = FALSE;
LONG(WINAPI *RtlAdjustPrivilege)(DWORD, BOOL, INT, PBOOL);
*(FARPROC *)&RtlAdjustPrivilege = GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlAdjustPrivilege");
if (!RtlAdjustPrivilege) return FALSE;
RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, AdjustCurrentProcess, &bPrev);
return TRUE;
}
typedef BOOL(CALLBACK *LPENUMADDRESSES)(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect);
BOOL EnumProcessAddresses(HANDLE hProcess, LPENUMADDRESSES lpCallback)
{
MEMORY_BASIC_INFORMATION mbi;
SYSTEM_INFO msi;
ZeroMemory(&mbi, sizeof(mbi));
GetSystemInfo(&msi);
for (LPBYTE lpAddress = (LPBYTE)msi.lpMinimumApplicationAddress;
lpAddress <= (LPBYTE)msi.lpMaximumApplicationAddress;
lpAddress += mbi.RegionSize)
{
if (VirtualQueryEx(hProcess, lpAddress, &mbi, sizeof(mbi)))
{
//Read memory here
static unsigned char tempbuf[128 * 1024];
unsigned int bytesLeft;
unsigned int totalRead;
unsigned int bytesToRead;
SIZE_T bytesRead;
DWORD OLDPROTECT;
bytesLeft = sizeof(mbi);
totalRead = 0;
while (bytesLeft)
{
bytesToRead = (bytesLeft > sizeof(tempbuf)) ? sizeof(tempbuf) : bytesLeft;
//VirtualProtectEx(hProcess, (LPVOID)(lpAddress + totalRead), 1, PAGE_READONLY, &OLDPROTECT);
if (ReadProcessMemory(hProcess, (LPVOID)(lpAddress + totalRead), (LPVOID)&tempbuf, bytesToRead, &bytesRead))
{
if (bytesRead != bytesToRead) break;
bytesLeft -= bytesRead;
totalRead += bytesRead;
std::cout << tempbuf << std::endl;
}
else
{
break;
}
}
//End reading memory here
if (lpCallback && !lpCallback((LPBYTE)mbi.BaseAddress, mbi.RegionSize,
mbi.State, mbi.Type, mbi.Protect))
{
return FALSE;
}
}
else break;
}
/*DWORD lastError = GetLastError();
std::cout << "General failure. GetLastError returned " << std::hex
<< lastError << ".";*/
return TRUE;
}
BOOL CALLBACK PrintAddressSpace(LPBYTE lpAddress, DWORD dwSize, DWORD dwState, DWORD dwType, DWORD dwProtect)
{
printf("0x%08X - 0x%08X (0x%08X) : ", lpAddress, (lpAddress + dwSize), dwSize);
if (dwState & MEM_COMMIT) printf("COMMITTED ");
if (dwState & MEM_FREE) printf("FREE ");
if (dwState & MEM_RESERVE) printf("RESERVED ");
if (dwType & MEM_IMAGE) printf("IMAGE ");
if (dwType & MEM_MAPPED) printf("MAPPED ");
if (dwType & MEM_PRIVATE) printf("PRIVATE ");
if (dwProtect & PAGE_EXECUTE) printf("EXECUTE ");
if (dwProtect & PAGE_EXECUTE_READ) printf("EXECUTE_READ ");
if (dwProtect & PAGE_EXECUTE_READWRITE) printf("EXECUTE_READWRITE ");
if (dwProtect & PAGE_EXECUTE_WRITECOPY) printf("EXECUTE_WRITECOPY ");
if (dwProtect & PAGE_NOACCESS) printf("NOACCESS ");
if (dwProtect & PAGE_READONLY) printf("READONLY ");
if (dwProtect & PAGE_READWRITE) printf("READWRITE ");
if (dwProtect & PAGE_WRITECOPY) printf("WRITECOPY ");
if (dwProtect & PAGE_GUARD) printf("GUARD ");
if (dwProtect & PAGE_NOCACHE) printf("NOCACHE ");
if (dwProtect & PAGE_WRITECOMBINE) printf("WRITECOMBINE ");
printf("\n");
return TRUE;
}
int main(int argc, char **argv)
{
printf("Starting\n");
if (!DoRtlAdjustPrivilege())
return 1;
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, 8748);
if (hProcess == NULL)
return 1;
EnumProcessAddresses(hProcess, PrintAddressSpace);
CloseHandle(hProcess);
printf("Press Enter to Continue");
while (getchar() != '\n');
return 0;
}
अच्छी खबर यह है कि कुछ स्मृति cont एएन पढ़ा जा रहा है, और वर्चुअलक्वायरएक्स कभी-कभी उचित सामग्री लौटा रहा है, मुद्दा यह है कि यह आउटपुट में सब कुछ नहीं मिल रहा है जैसा कि आप आउटपुट में देख सकते हैं (इसे रीड मेमोरी को मेमब्लॉक में संग्रहीत करने से भी हटा दिया गया है, अब 500 एमबी मेमोरी नहीं लेता है बस नोटपैड पढ़ें)। कुछ डीबगिंग से पता चलता है कि मुझे 12 बी त्रुटि मिल रही है (आंशिक प्रतिलिपि त्रुटि)। कोई विचार?
आप 'malloc()' कॉल में से किसी एक की जांच करते हैं, और दूसरों को अनदेखा करते हैं? –
बस अपने आउटपुट को देखते हुए - बफर अपडेट करने के बाद, आपके द्वारा प्रिंट किए गए पते की श्रेणियां 0 आकार हैं। यही है, आप कुछ मूल्य मुद्रित करते हैं जहां आधार और अंतिम पते समान होते हैं। – jschultz410
@ jschultz410 हाँ मुझे पता है, यही वह है जिसे मैं समझने की कोशिश कर रहा हूं। मैंने प्री-अपडेट प्रिंट और पोस्ट अपडेट प्रिंट किया था और देखा कि यह अद्यतन विधि है जो चीजों को खराब कर रही है। –