我试图用C++编写代码,以显示某些应用程序的进程ID和基地址,PID看起来正确,但基地址为0,这是不正确的。我的问题是-这是怎么了?
IDE:代码::块
为了使其运行,我还必须在其中设置“-lpsapi”
设置->编译器->链接器设置->其他链接器选项
我当时正在考虑以管理员身份构建它,但是在Code::Block中找不到这样的选项(也许是内置的?)
Console output
Build messages
#define WINVER 0x0501
#include <iostream>
#include <cstdio>
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
#include <Psapi.h>
#include <tlhelp32.h>
using namespace std;
HANDLE GetHandle()
{
string name = "PathOfExile_x64.exe";
DWORD pid = 0;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
if (Process32First(snapshot, &process))
{
do
{
if (string(process.szExeFile) == name)
{
pid = process.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
if (pid != 0)
{
cout << "pid = " << pid << endl;
return OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
}
return NULL;
}
HMODULE GetModule()
{
HMODULE hMods[1024];
HANDLE pHandle = GetHandle();
DWORD cbNeeded;
unsigned int i;
if (EnumProcessModules(pHandle, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(pHandle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
string wstrModName = szModName;
string wstrModContain = "PathOfExile_x64.exe";
if (wstrModName.find(wstrModContain) != string::npos)
{
CloseHandle(pHandle);
return hMods[i];
}
}
}
}
return nullptr;
}
int main()
{
HWND WindowHandle = FindWindow(nullptr, "Path of Exile");
DWORD PID;
GetWindowThreadProcessId(WindowHandle, &PID);
PVOID hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, PID);
HMODULE Module = GetModule();
DWORD BaseAddress = (DWORD)Module;
cout << BaseAddress << endl;
}
最佳答案
我会这样做,经过测试工作。我对Enum函数不熟悉,我更喜欢使用ToolHelp32Snapshot函数
#include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
DWORD GetProcId(const char* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (!_stricmp(procEntry.szExeFile, procName))
{
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_stricmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
}
CloseHandle(hSnap);
return modBaseAddr;
}
int main()
{
DWORD procId = GetProcId("PathOfExile_x64.exe");
uintptr_t modBase = GetModuleBaseAddress(procId, "PathOfExile_x64.exe");
std::cout << "0x" << std::hex << modBase << std::endl;
std::getchar();
return 0;
}
关于c++ - 在C++中查找PID和基址,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/59654193/