c++ - 使用winapi查找进程ID和基地址
问题描述
我正在 Code::Blocks 中编写一个程序,它只会打印应用程序的进程 ID 和基地址。PID 已正确找到,但我在使用基地址时遇到了困难,我也在使用 GNU GCC 编译器(x64)。我的猜测是错误在于HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);因为它返回INVALID_HANDLE_VALUE. 但我仍然无法解决这个问题。IDE 不显示任何错误或警告。GetLastError() 返回 5(拒绝访问)
控制台输出:
Process ID = 2656
INVALID_HANDLE_VALUE returned
BaseAddr = 0
这是完整的代码:
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <string.h>
DWORD GetProcId(const char* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (lstrcmpi(procEntry.szExeFile, procName) == 0) {
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_stricmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
} else {
std::cout << "INVALID_HANDLE_VALUE returned" << std::endl;
}
CloseHandle(hSnap);
return modBaseAddr;
}
int main()
{
DWORD procId = GetProcId("Game.exe");
std::cout << "Process ID = " << procId << std::endl;
uintptr_t baseAddr = GetModuleBaseAddress(procId, "Game.exe");
std::cout << "BaseAddr = " << baseAddr << std::endl;
std::getchar();
return 0;
}
解决方案
好吧,在将它放入代码块之后,我只是将 GetModuleBaseAddress 函数中的 _stricmp 更改为 strcmp 也是这一行
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
对此
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procId);
试试这个代码:
#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <iostream>
using namespace std;
HANDLE _process = NULL;
DWORD pid = 0;
DWORD baseAddr = 0;
bool getID(string process)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 entry;
entry.dwSize = sizeof(entry);
do
{
if(!strcmp(entry.szExeFile,process.c_str()))
{
pid = entry.th32ProcessID;
CloseHandle(hHandle);
_process = OpenProcess(PROCESS_ALL_ACCESS,false,pid);
return true;
}
} while(Process32Next(hHandle,&entry));
return false;
}
bool getModuleBaseAddress(string module)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
MODULEENTRY32 mentry;
mentry.dwSize = sizeof(mentry);
do
{
if(!strcmp(mentry.szModule,module.c_str()))
{
CloseHandle(hHandle);
baseAddr = (DWORD)mentry.modBaseAddr;
return true;
}
} while(Module32Next(hHandle,&mentry));
return false;
}
int main()
{
while(!getID("popo.exe")) {Sleep(10);}
while(!getModuleBaseAddress("popo.exe")) {Sleep(10);}
cout << "PID: " << pid << endl << "Base Address: " << baseAddr;
return 0;
}
推荐阅读
- python - 树莓派 4 和 RFID RC522 卡识别问题
- javascript - Scrape QS大学世界排名(AJAX)
- ubuntu - 在“/temp/tempft_00003f44_000000000-9 network kernels.compute_61.cpp1.ii”的编译中检测到2个错误
- android - 在撰写 UI 测试中添加意图附加功能
- dotenv - 究竟什么是 .env(或 dotenv)文件?
- cassandra - 如何在 Amazon Keyspaces/Cassandra 中列出不同键空间中的可用表?
- php - 如何在简单的 HTML 或 PHP 页面中对图像、css、js 和其他静态文件使用 HTTP2?
- selenium - PyCharm - PyTest 测试发现/显示可用测试而不运行它们
- python - FastAPI 中的返回图
- installation - Prestashop 1.7.7.5 安装问题:ps_facebook1