从二进制文件转储问题
File dumping from Binary issue
我正在尝试编写一个转储工具,内存中的一个文件位于一个太平洋地址,其中包含一个文件大小为 41mb 的文件。
我正在尝试将该文件与文件大小写入目录。
非常感谢您的任何建议或意见。
我已经试过了...
这是我更新后的代码:
#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream>
int sizevalue = 43.417254; // size of file
DWORD address = 0x43417254;
char Wfilename[14] = "cartfile.dat";
char Rfilename[14] = "cartfile.dat";
//entry
int main(int argc, char* argv[])
{
HWND hwnd = FindWindowA(NULL, "gametutorial");
if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ, PROCESS_VM_WRITE, procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
printf("Dumping cartfile now... \n");
ofstream outputStream("cartfile.dat", ios::out | ios::binary);
if (outputStream.is_open())
{
std::cout << "file opened okay\n";
}
else
{
std::cout << "Error opening file\n";
}
ReadProcessMemory_(handle, (void*)address, &sizevalue, Rfilename,
sizeof(sizevalue), 0);
WriteProcessMemory_(handle, (void*)address, &sizevalue, Wfilename,
sizeof(sizevalue), 0);
0);
outputStream.close();
system("pause");
return 0;
}
Sleep(1);
}
}
}
}
BOOL WriteProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}
BOOL ReadProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{
return 0;
}
这是我的头文件...
#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header
BOOL WriteProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesWritten
);
BOOL ReadProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesRead
);
但它仍然转储 0 文件大小 0kb 的 cartfile。
那么现在呢?
但它只转储 Cartfile 但它的大小为 0。
二进制文件中位置的字节包含一个文件大小为 41 MB 的文件。
该文件可以正常打开,因此我可以成功打开该文件。
它必须与它从内存中的字节写入文件和文件大小的方式有关?
那我做错了什么?
Here is a pic of the results on how these bytes are 41mb's
这是一个从 运行 Notepad++ 进程写入 64k 内存的示例。或许您可以根据自己的需要进行调整。
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
#include <vector>
void* GetBaseAddress(HANDLE processHandle)
{
HMODULE hMods[1024];
DWORD cbNeeded;
if (EnumProcessModules(processHandle, hMods, sizeof(hMods), &cbNeeded))
{
return hMods[0];
}
return nullptr;
}
int main()
{
HWND hwnd = FindWindowA(NULL, "new 1 - Notepad++");
if (hwnd == NULL)
{
std::cout << "Cannot find window.\n";
return -1;
}
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, procID);
if (procID == NULL)
{
std::cout << "Cannot obtain process.\n";
return -1;
}
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
// I don't have a fixed address so I just find the address of the first loaded module in the process.
// You need to determine your address and replace this.
void *address = GetBaseAddress(handle);
// Resize this buffer to whatever the size is you need.
std::vector<char> buffer(64 * 1024);
SIZE_T bytesRead = 0;
BOOL ret = ReadProcessMemory(handle, address, buffer.data(), buffer.size(), &bytesRead);
if (!ret)
{
std::cout << "Error (" << GetLastError() << ") reading memory\n";
return -1;
}
if (bytesRead != buffer.size())
{
std::cout << "Memory size mismatch. Requested " << buffer.size() << ", Received " << bytesRead << "\n";
return -1;
}
std::ofstream out("memory.dat", std::ios::out | std::ios::binary);
if (!out)
{
std::cout << "Error opening file\n";
return -1;
}
out.write(buffer.data(), buffer.size());
break;
}
}
return 0;
}
我正在尝试编写一个转储工具,内存中的一个文件位于一个太平洋地址,其中包含一个文件大小为 41mb 的文件。 我正在尝试将该文件与文件大小写入目录。 非常感谢您的任何建议或意见。
我已经试过了...
这是我更新后的代码:
#include <Windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream>
int sizevalue = 43.417254; // size of file
DWORD address = 0x43417254;
char Wfilename[14] = "cartfile.dat";
char Rfilename[14] = "cartfile.dat";
//entry
int main(int argc, char* argv[])
{
HWND hwnd = FindWindowA(NULL, "gametutorial");
if (hwnd == NULL)
{
cout << "Cannot find window." << endl;
Sleep(3000);
exit(-1);
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ, PROCESS_VM_WRITE, procID);
if (procID == NULL)
{
cout << "Cannot obtain process." << endl;
Sleep(3000);
exit(-1);
}
else
{
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
printf("Dumping cartfile now... \n");
ofstream outputStream("cartfile.dat", ios::out | ios::binary);
if (outputStream.is_open())
{
std::cout << "file opened okay\n";
}
else
{
std::cout << "Error opening file\n";
}
ReadProcessMemory_(handle, (void*)address, &sizevalue, Rfilename,
sizeof(sizevalue), 0);
WriteProcessMemory_(handle, (void*)address, &sizevalue, Wfilename,
sizeof(sizevalue), 0);
0);
outputStream.close();
system("pause");
return 0;
}
Sleep(1);
}
}
}
}
BOOL WriteProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
{
return 0;
}
BOOL ReadProcessMemory_(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID
lpBuffer, CHAR* lpfile, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
{
return 0;
}
这是我的头文件...
#pragma once
#include <Windows.h>
#include <stdio.h>
#include <iostream>
//#include .lib header
BOOL WriteProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesWritten
);
BOOL ReadProcessMemory_(
HANDLE hProcess,
LPVOID lpBaseAddress,
LPCVOID lpBuffer,
CHAR* lpfile,
SIZE_T nSize,
SIZE_T* lpNumberOfBytesRead
);
但它仍然转储 0 文件大小 0kb 的 cartfile。 那么现在呢?
但它只转储 Cartfile 但它的大小为 0。 二进制文件中位置的字节包含一个文件大小为 41 MB 的文件。 该文件可以正常打开,因此我可以成功打开该文件。 它必须与它从内存中的字节写入文件和文件大小的方式有关? 那我做错了什么?
Here is a pic of the results on how these bytes are 41mb's
这是一个从 运行 Notepad++ 进程写入 64k 内存的示例。或许您可以根据自己的需要进行调整。
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
#include <vector>
void* GetBaseAddress(HANDLE processHandle)
{
HMODULE hMods[1024];
DWORD cbNeeded;
if (EnumProcessModules(processHandle, hMods, sizeof(hMods), &cbNeeded))
{
return hMods[0];
}
return nullptr;
}
int main()
{
HWND hwnd = FindWindowA(NULL, "new 1 - Notepad++");
if (hwnd == NULL)
{
std::cout << "Cannot find window.\n";
return -1;
}
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, procID);
if (procID == NULL)
{
std::cout << "Cannot obtain process.\n";
return -1;
}
for (;;)
{
if (GetAsyncKeyState(VK_F10))
{
// I don't have a fixed address so I just find the address of the first loaded module in the process.
// You need to determine your address and replace this.
void *address = GetBaseAddress(handle);
// Resize this buffer to whatever the size is you need.
std::vector<char> buffer(64 * 1024);
SIZE_T bytesRead = 0;
BOOL ret = ReadProcessMemory(handle, address, buffer.data(), buffer.size(), &bytesRead);
if (!ret)
{
std::cout << "Error (" << GetLastError() << ") reading memory\n";
return -1;
}
if (bytesRead != buffer.size())
{
std::cout << "Memory size mismatch. Requested " << buffer.size() << ", Received " << bytesRead << "\n";
return -1;
}
std::ofstream out("memory.dat", std::ios::out | std::ios::binary);
if (!out)
{
std::cout << "Error opening file\n";
return -1;
}
out.write(buffer.data(), buffer.size());
break;
}
}
return 0;
}