修改内存,是一个系统的dll,Windows XP下,已经通过VirtualQuery获得它的地址。 假设是:0xabcd,请问如何修改,调用那些函数?VISUAL C++ .NET
解决方案 »
- 谁可以帮我做个调用FoxitPDF SDK的C++示例,我提供SDK
- 用VC进行网络编程从哪里开始?
- CStatic显示位图并设置四周停靠,但浏览下一张的时候,样式失效
- idl文件implicit和explicit的interface,区别只是编程上的呢还是运行时也有区别呢?
- 怎样获得IE网页中弹出的MESSAGEBOX的句柄???
- 关于mfc中sdi文挡的标题
- 怎样隐藏对话框?
- 关于嵌入的问题.欢迎大家来讨论,来者有分.
- 如何使用custom控件
- MSFlexGrid的问题!
- 创建一个文件夹,容易吧!(我不会啊,哭~)
- 如何将MainFrame中View区域的ClientEdge去掉,变成平面的!
谢谢谢谢!!!!!!
我要修改DLL的某一段代码,因为害怕以后与WINDOWS 不兼容,所以迫切的要在内存中修改!
The WriteProcessMemory function writes data to an area of memory in a specified process. The entire area to be written to must be accessible, or the operation fails. BOOL WriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // number of bytes written
);
Parameters
hProcess
[in] Handle to the process whose memory is to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.
lpBaseAddress
[in] Pointer to the base address in the specified process to which data will be written. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for write access. If this is the case, the function proceeds; otherwise, the function fails.
lpBuffer
[in] Pointer to the buffer that contains data to be written into the address space of the specified process.
nSize
[in] Specifies the requested number of bytes to write into the specified process.
lpNumberOfBytesWritten
[out] Pointer to a variable that receives the number of bytes transferred into the specified process. This parameter is optional. If lpNumberOfBytesWritten is NULL, the parameter is ignored.
Return Values
If the function succeeds, the return value is nonzero.If the function fails, the return value is zero. To get extended error information, call GetLastError. The function will fail if the requested write operation crosses into an area of the process that is inaccessible. Res
WriteProcessMemory copies the data from the specified buffer in the current process to the address range of the specified process. Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function. The process whose address space is being written to is typically, but not necessarily, being debugged. The entire area to be written to must be accessible. If it is not, the function fails as noted previously. Requirements
Windows NT/2000: Requires Windows NT 3.1 or later.
Windows 95/98: Requires Windows 95 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Kernel32.lib.See Also
Debugging Overview, Debugging Functions, ReadProcessMemoryBuilt on Thursday, May 11, 2000Requirements
Windows NT/2000: Requires Windows NT 3.1 or later.
Windows 95/98: Requires Windows 95 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Kernel32.lib.
See Also
Debugging Overview, Debugging Functions, ReadProcessMemory
{
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it. pe32.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// display information. if (Process32First(hProcessSnap, &pe32))
//在这里得到的pe32可以知道文件名,判断是否为你想要的dll
{
DWORD dwPriorityClass;
BOOL bGotModule = FALSE;
MODULEENTRY32 me32 = {0};
do
{
bGotModule = GetProcessModule(pe32.th32ProcessID,
pe32.th32ModuleID, &me32, sizeof(MODULEENTRY32)); if (bGotModule)
{
HANDLE hProcess;
// Get the actual priority class.
hProcess = OpenProcess (PROCESS_ALL_ACCESS,
FALSE, pe32.th32ProcessID);
dwPriorityClass = GetPriorityClass (hProcess);
CloseHandle (hProcess); // Print the process's information.
printf( "\nPriority Class Base\t%d\n",
pe32.pcPriClassBase);
printf( "PID\t\t\t%d\n", pe32.th32ProcessID);
printf( "Thread Count\t\t%d\n", pe32.cntThreads);
printf( "Module Name\t\t%s\n", me32.szModule);
printf( "Full Path\t\t%s\n\n", me32.szExePath);
}
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of processes
// Do not forget to clean up the snapshot object. CloseHandle (hProcessSnap);
return (bRet);
}
是否有保护,会自动不让人修改?
如果是是本进程内部的DLL的话,用GetCurrentProcess就可以得到进程的handle.
一点也不厉害,已经解决问题了。
修改WFP,然后修改dll成功!
再恢复WFP.ok! 给自己加分!汗~~!
DWORD dwDesiredAccess, // access flag
BOOL bInheritHandle, // handle inheritance option
DWORD dwProcessId // process identifier
);