本文介绍了如何获取C ++中的进程的开始/基址?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用它在微软的蜘蛛纸牌测试这个整个基地/静态指针的事情。所以我得到了移动的玩家已经使用的量的基本指针,欺骗引擎告诉我,它是SpiderSolitaire.exe + B5F78。所以现在我被困在如何弄清楚起始地址是什么SpiderSolitaire.exe(当然这是每次程序启动时更改)。如何找到SpiderSolitaire.exe的起始地址,以便我可以添加偏移量,并获取moves值的真实地址(当然是在c ++中)?



请注意,此代码使用多字节字符集;在VS2012中,这是从属性>配置属性>项目默认值>字符集>使用多字节字符集设置。

  #define _CRT_SECURE_NO_WARNINGS 
#define UNINITIALIZED 0xFFFFFFFF

#include< iostream>
#include< iomanip>
#include< Windows.h>
#include< TlHelp32.h> // PROCESSENTRY

/ *进程名称* /
const char * processName_ =REPLACETHIS.exe;

void main(void)
{
DWORD processID_ = NULL;
DWORD processBaseAddress_ = UNINITIALIZED;

/ *获取进程ID * /
{
PROCESSENTRY32 processEntry_; //进入你想要注入的进程
HANDLE hProcSnapshot_ = NULL;
/ *获取系统进程的快照* /
hProcSnapshot_ = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); //?

/ *当没有找到进程时,继续查找它* /
while(!processID_)
{
/ *如果系统上的进程存在* /
if(Process32First(hProcSnapshot_,& processEntry_))//?
{
/ *检查系统进程中的所有进程snapshot * /
do
{
/ *比较进程的名称和我们想要的进程*
if(!strcmp(processEntry_.szExeFile,processName_))//?
{
/ *保存processID并打开* /
processID_ = processEntry_.th32ProcessID;
break;
}
}
while(Process32Next(hProcSnapshot_,& processEntry_));
}

/ *没有找到过程,睡一会儿* /
if(!processID_)
{
system(CLS);
std :: cout<< 确保<< processName_<< 在跑。 << std :: endl;
Sleep(200);
}
}

/ * Process found * /
std :: cout< 发现过程:< processName_<< std :: endl;
}


/ *查找进程的基地址* /
{
HANDLE moduleSnapshotHandle_ = INVALID_HANDLE_VALUE;
MODULEENTRY32 moduleEntry_;

/ *获取进程中所有模块的快照* /
moduleSnapshotHandle_ = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,processID_);

/ *快照失败* /
if(moduleSnapshotHandle_ == INVALID_HANDLE_VALUE)
{
std :: cout< Module Snapshot error< std :: endl;
return;
}

/ *大小使用前的结构* /
moduleEntry_.dwSize = sizeof(MODULEENTRY32);

/ *检索有关第一个模块的信息* /
if(!Module32First(moduleSnapshotHandle_,& moduleEntry_))
{
std :: cout< ; 第一模块未找到< std :: endl;
CloseHandle(moduleSnapshotHandle_);
return;
}

/ *查找基地址* /
while(processBaseAddress_ == UNINITIALIZED)
{
/ *查找可执行文件的模块* /
do
{

/ *比较进程的名称和我们想要的进程* /
if(!strcmp(moduleEntry_.szModule,processName_))// ?
{
/ *保存processID并分解* /
processBaseAddress_ =(unsigned int)moduleEntry_.modBaseAddr;
break;
}

} while(Module32Next(moduleSnapshotHandle_,& moduleEntry_));


if(processBaseAddress_ == UNINITIALIZED)
{
system(CLS);
std :: cout<< 无法找到模块< processName_<< std :: endl;
Sleep(200);
}
}

/ *成功找到模块和基地址* /
std :: cout< 基地址:< std :: hex<< processBaseAddress_<< std :: dec< std :: endl;
CloseHandle(moduleSnapshotHandle_);
}


I'm testing this whole base/static pointer thing by using it on Microsoft's Spider Solitaire. So I got the base pointer of the amount of "moves" the player has used, and cheat engine tells me it's "SpiderSolitaire.exe+B5F78". So now I'm stuck on how to figure out what the starting address is of SpiderSolitaire.exe (of course this changes every time the program starts). How do I find the starting address of SpiderSolitaire.exe so I can add the offsets and get the real address of the "moves" value (in c++ of course)?

解决方案

Here is some code to find the base address for a given process.

Note that this code uses the Multi-Byte Character Set; in VS2012 this is set from Properties > Configuration Properties > Project Defaults > Character Set > Use Multi-Byte Character Set.

#define _CRT_SECURE_NO_WARNINGS
#define UNINITIALIZED 0xFFFFFFFF

#include <iostream>
#include <iomanip>
#include <Windows.h>
#include <TlHelp32.h> //PROCESSENTRY

/* The name of the process */
const char* processName_ = "REPLACETHIS.exe" ;

void main(void)
{
DWORD  processID_     = NULL ;
DWORD  processBaseAddress_   = UNINITIALIZED;

/* Get the process ID  */
{
    PROCESSENTRY32 processEntry_ ; // Entry into process you wish to inject to
    HANDLE hProcSnapshot_ = NULL ;
    /* Takes a snapshot of the system's processes */
    hProcSnapshot_ = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) ; //?

    /* While process has not been found, keep looking for it */
    while(!processID_)
    {
        /* If a process on the system exists */
        if(Process32First(hProcSnapshot_, &processEntry_)) //?
        {
            /* Check all processes in the system's processes snapshot */
            do
            {
                /* Compare the name of the process to the one we want */
                if( !strcmp(processEntry_.szExeFile, processName_) ) //?
                {
                    /* Save the processID and break out */
                    processID_ = processEntry_.th32ProcessID ;
                    break ;
                }
            }
            while(Process32Next(hProcSnapshot_, &processEntry_)) ;
        }

        /* Didnt find process, sleep for a bit */
        if( !processID_ )
        {
            system("CLS") ;
            std::cout << "Make sure " << processName_ << " is running." << std::endl ;
            Sleep(200) ;
        }
    }

    /* Process found */
    std::cout << "Found Process: " << processName_ << std::endl ;
}


/* Find Base Address of process */
{
    HANDLE moduleSnapshotHandle_ = INVALID_HANDLE_VALUE;
    MODULEENTRY32 moduleEntry_;

    /* Take snapshot of all the modules in the process */
    moduleSnapshotHandle_ = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, processID_ );

    /* Snapshot failed */
    if( moduleSnapshotHandle_ == INVALID_HANDLE_VALUE )
    {
        std::cout << "Module Snapshot error" << std::endl ;
        return ;
    }

    /* Size the structure before usage */
    moduleEntry_.dwSize = sizeof( MODULEENTRY32 );

    /* Retrieve information about the first module */
    if( !Module32First( moduleSnapshotHandle_, &moduleEntry_ ) )
    {
        std::cout << "First module not found" << std::endl ;
        CloseHandle( moduleSnapshotHandle_ );
        return ;
    }

    /* Find base address */
    while(processBaseAddress_ == UNINITIALIZED)
    {
        /* Find module of the executable */
        do
        {

            /* Compare the name of the process to the one we want */
            if( !strcmp(moduleEntry_.szModule, processName_) ) //?
            {
                /* Save the processID and break out */
                processBaseAddress_ = (unsigned int)moduleEntry_.modBaseAddr ;
                break ;
            }

        } while( Module32Next( moduleSnapshotHandle_, &moduleEntry_ ) );


        if( processBaseAddress_ == UNINITIALIZED )
        {
            system("CLS") ;
            std::cout << "Failed to find module" << processName_ << std::endl ;
            Sleep(200) ;
        }
    }

    /* Found module and base address successfully */
    std::cout << "Base Address: " << std::hex << processBaseAddress_ << std::dec << std::endl ;
    CloseHandle( moduleSnapshotHandle_ );
}

这篇关于如何获取C ++中的进程的开始/基址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-06 01:53