如何在 C 中更改进程的十六进制转储
How to change the Hex dump of a process in C
我写了这段代码来更改选定进程的十六进制转储,这是代码:
#include <windows.h>
int main(int argc, char *argv[])
{
unsigned char buffer[5];
int i;
unsigned char patchbytes[5] = { 0xCC, 0xCC, 0xCC, 0xCC, 0xCC};
DWORD pid = atoi(argv[1]);
HANDLE hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hproc)
{
printf("open failed\n");
return -1;
}
ReadProcessMemory(hproc, (void*)0x77992FF5, buffer, 5, NULL);
printf("Before:\n");
for (i = 0; i < sizeof(patchbytes); i++) {
printf("%02x \t", buffer[i]);
}
printf("\n");
WriteProcessMemory(hproc, (void*)0x77992FF5, patchbytes, 5, NULL);
printf("After:\n");
for (i = 0; i < sizeof(patchbytes); i++) {
printf("%02x \t", buffer[i]);
}
FlushInstructionCache(hproc, NULL, 0);
CloseHandle(hproc);
return 0;
}
所以我读取前五个字节,然后覆盖它,我检查覆盖它们之前和之后的字节值。但它给我的是一样的,所以字节没有改变。我做错了什么?
您只需将最初读取的缓冲区打印两次。
在 WriteProcessMemory 之后再投入 ReadProcessMemory(hproc, (void*)0x77992FF5, buffer, 5, NULL);。
我写了这段代码来更改选定进程的十六进制转储,这是代码:
#include <windows.h>
int main(int argc, char *argv[])
{
unsigned char buffer[5];
int i;
unsigned char patchbytes[5] = { 0xCC, 0xCC, 0xCC, 0xCC, 0xCC};
DWORD pid = atoi(argv[1]);
HANDLE hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hproc)
{
printf("open failed\n");
return -1;
}
ReadProcessMemory(hproc, (void*)0x77992FF5, buffer, 5, NULL);
printf("Before:\n");
for (i = 0; i < sizeof(patchbytes); i++) {
printf("%02x \t", buffer[i]);
}
printf("\n");
WriteProcessMemory(hproc, (void*)0x77992FF5, patchbytes, 5, NULL);
printf("After:\n");
for (i = 0; i < sizeof(patchbytes); i++) {
printf("%02x \t", buffer[i]);
}
FlushInstructionCache(hproc, NULL, 0);
CloseHandle(hproc);
return 0;
}
所以我读取前五个字节,然后覆盖它,我检查覆盖它们之前和之后的字节值。但它给我的是一样的,所以字节没有改变。我做错了什么?
您只需将最初读取的缓冲区打印两次。
在 WriteProcessMemory 之后再投入 ReadProcessMemory(hproc, (void*)0x77992FF5, buffer, 5, NULL);。