本文介绍了使用Winapi查找进程ID和基地址的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在用Code :: Blocks编写一个程序,该程序将仅打印应用程序的进程ID和基地址.正确找到了PID,但是我在使用基址时遇到了困难,我也在使用GNU GCC编译器(x64).我的猜测是错误在于 HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32,procId); ,因为它返回了 INVALID_HANDLE_VALUE .但是我仍然无法解决这个问题.IDE不显示任何错误或警告.GetLastError()返回5(拒绝访问)

I'm writing a program in Code::Blocks that would simply print application's process ID and base address. The PID is found correctly but I'm having difficulties with base address also I'm using GNU GCC Compiler (x64). My guess is that the error lies in HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); because it returns INVALID_HANDLE_VALUE. But still I can't resolve this problem. The IDE doesn't show any error or warnings. GetLastError() returns 5 (Access Denied)

控制台输出:
进程ID = 2656返回了INVALID_HANDLE_VALUEBaseAddr = 0

这是完整的代码:

#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <string.h>

DWORD GetProcId(const char* procName)
{
    DWORD procId = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 procEntry;
        procEntry.dwSize = sizeof(procEntry);

        if (Process32First(hSnap, &procEntry))
        {
            do
            {
                if (lstrcmpi(procEntry.szExeFile, procName) == 0) {
                    procId = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));

        }
    }
    CloseHandle(hSnap);
    return procId;
}

uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
    uintptr_t modBaseAddr = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 modEntry;
        modEntry.dwSize = sizeof(modEntry);
        if (Module32First(hSnap, &modEntry))
        {
            do
            {
                if (!_stricmp(modEntry.szModule, modName))
                {
                    modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    } else {
        std::cout << "INVALID_HANDLE_VALUE returned" << std::endl;
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}

int main()
{
    DWORD procId = GetProcId("Game.exe");

    std::cout << "Process ID = " << procId << std::endl;

    uintptr_t baseAddr = GetModuleBaseAddress(procId, "Game.exe");

    std::cout << "BaseAddr = " << baseAddr << std::endl;

    std::getchar();
    return 0;
}

推荐答案

在将其放入代码块后,我只是将GetModuleBaseAddress函数中的_stricmp更改为strcmp也在这一行

Well after putting it to Code Blocks, i just changed the _stricmp in the GetModuleBaseAddress function to strcmp also this line

HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);

对此

HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procId);

尝试以下代码:

#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <iostream>
using namespace std;
HANDLE _process = NULL;
DWORD pid = 0;
DWORD baseAddr = 0;
bool getID(string process)
{
    HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    PROCESSENTRY32 entry;
    entry.dwSize = sizeof(entry);
    do
    {
        if(!strcmp(entry.szExeFile,process.c_str()))
        {
            pid = entry.th32ProcessID;
            CloseHandle(hHandle);
            _process = OpenProcess(PROCESS_ALL_ACCESS,false,pid);
            return true;
        }
    } while(Process32Next(hHandle,&entry));
    return false;
}
bool getModuleBaseAddress(string module)
{
    HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
    MODULEENTRY32 mentry;
    mentry.dwSize = sizeof(mentry);
    do
    {
        if(!strcmp(mentry.szModule,module.c_str()))
        {
            CloseHandle(hHandle);
            baseAddr = (DWORD)mentry.modBaseAddr;
            return true;
        }
    } while(Module32Next(hHandle,&mentry));
    return false;
}

int main()
{
    while(!getID("popo.exe")) {Sleep(10);}
    while(!getModuleBaseAddress("popo.exe")) {Sleep(10);}
    cout << "PID: " << pid << endl << "Base Address: " << baseAddr;
    return 0;
}

这篇关于使用Winapi查找进程ID和基地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-23 00:52