源码出于看雪论坛。源址已佚。先谢过
看结果
耗时47微秒
- #include <windows.h>
- #include <tlhelp32.h>
- #include <tchar.h>
- #include <stdlib.h>
- #include <stdio.h>
-
- int SearchStr(PTSTR pszString, int iStrLen, PTSTR pszSearchStr)
- {
- int i = 0;
- int iSearchStrlen = _tcslen(pszSearchStr);
-
- while ((i + iSearchStrlen) <= iStrLen )
- {
- int n = 0;
-
- if (pszSearchStr[0] == pszString[i])
- {
-
- for (int j = 0; j <iSearchStrlen; j++)
- {
-
- if (pszSearchStr[j] == pszString[i + j])
- {
-
- n++;
- }
- else
- {
-
- i = i + n;
-
- break;
- }
- }
-
- if (iSearchStrlen == n)
- {
-
-
- return i;
-
-
-
- }
- }
- else
- {
-
- for (int j = iSearchStrlen - 1; j >= 0; j--)
- {
-
- if (pszSearchStr[j] == pszString[i + iSearchStrlen])
- {
-
- n = j;
-
- break;
- }
- }
-
-
- i = i + iSearchStrlen - n;
- }
- }
- return 0;
- }
-
- int ReadMem(DWORD dwPid)
- {
-
- TCHAR szSub[] = TEXT("index?uin=");
-
- int iPos = 0;
- HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, dwPid);
- if (hProcess == NULL)
- {
- return 0;
- }
- SYSTEM_INFO siSysInfo;
- GetSystemInfo(&siSysInfo);
-
- MEMORY_BASIC_INFORMATION mbi;
- DWORD pAddress = (DWORD)siSysInfo.lpMinimumApplicationAddress;
-
- int Count = GetTickCount();
- while (pAddress < (DWORD)siSysInfo.lpMaximumApplicationAddress)
- {
- if (VirtualQueryEx(hProcess, (LPVOID)pAddress, &mbi, sizeof(mbi)) != sizeof(mbi))
- {
- return 0;
- }
-
- if ((mbi.State == MEM_COMMIT) && (mbi.Protect == PAGE_READWRITE))
- {
- DWORD Base = pAddress;
- int ReadSize = mbi.RegionSize;
-
- if (ReadSize >= 1024)
- {
- DWORD dwBytes = 0;
- TCHAR *MemBuf = (TCHAR *)malloc(ReadSize * sizeof(TCHAR));
-
- if (ReadProcessMemory(hProcess, (LPCVOID)Base, MemBuf, ReadSize, &dwBytes))
- {
-
- iPos = SearchStr(MemBuf, dwBytes, szSub);
- if (iPos)
- {
- _tprintf(TEXT(">>> Address: 0x%.8X\n"), Base + iPos * sizeof(TCHAR));
-
- TCHAR *ptsQQ = &MemBuf[iPos + _tcslen(szSub)];
- _tprintf(TEXT(">>> QQ: "));
-
-
- for (;*ptsQQ != '&';*ptsQQ++)
- {
-
- _tprintf(TEXT("%c"), *ptsQQ);
- }
- _tprintf(TEXT("\n"));
-
- break;
- }
- }
- free(MemBuf);
- }
- }
-
- pAddress = (DWORD)mbi.BaseAddress + mbi.RegionSize;
- }
-
- Count = GetTickCount() - Count;
- _tprintf(TEXT(">>> Time: %d ms\n"), Count);
- return iPos;
- }
-
- DWORD FindByPID(PTSTR pszProcessName)
- {
- DWORD dwProcessID = 0;
- HANDLE hProcessSnap;
- PROCESSENTRY32 pe32;
-
- hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if (hProcessSnap == INVALID_HANDLE_VALUE)
- {
- return 0;
- }
- pe32.dwSize = sizeof(PROCESSENTRY32);
- if(!Process32First(hProcessSnap, &pe32))
- {
- CloseHandle(hProcessSnap);
- return 0;
- }
- do
- {
-
- if (wcscmp(pszProcessName, pe32.szExeFile) == 0)
- {
- dwProcessID = pe32.th32ProcessID;
- wprintf(TEXT(">>> ------ PID = %d ------\n"), dwProcessID);
-
- ReadMem(dwProcessID);
- wprintf(TEXT(">>> ------------------------\n\n"), dwProcessID);
- }
- }
-
- while(Process32Next(hProcessSnap, &pe32));
- CloseHandle(hProcessSnap);
-
-
- return dwProcessID;
- }
-
- int main()
- {
- TCHAR pszP[] = TEXT("QQ.exe");
- DWORD dwPID = FindByPID(pszP);
- if (!dwPID)
- {
- wprintf(TEXT(">>> Do not found the QQ.exe\n"));
- }
- return 0;
- }
|