前几看了个找基址的视频教学,里面有一段用易语言读取一段字节集(大约20MB的空间)的代码,于是在网上搜了,发现了有这么一段代码:
#include <iostream> #include <stdio.h> #include <windows.h> #include <iomanip> using namespace std; byte * nc_dncbyte(DWORD pid, DWORD ShouDiZhi, DWORD Size) { HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid); byte * p = new byte[ Size ]; ReadProcessMemory(handle, (LPCVOID)ShouDiZhi, p, Size, 0); return p; } void main() { byte * pbuffer = nc_dncbyte(2056, 0x0D0A4318, 10);printf("%02X,%02X,%02X,%02X", buff[0], buff[1], buff[2], buff[3]);delete []pbuffer; }
运行程序后显示:
于是改到C++ 输出,代码加上:
for (int i = 0; i <= 200; i++) { cout << pbuffer[ i ] << " "; } cout << endl;
打印出的效果
这应该打印的不是十六进制,想到cout 输出十六进制要加上 hex,但是不行,在网上查了下,还得这样
for (int i = 0; i <= 200; i++) { cout << hex << int (pbuffer[ i ]) << ", "; 设置十六进制显示数值显示
} cout << endl;
效果:
还有问题,内在为00的只取一位,继续找资料,然后完整代码为:
#include <iostream> #include <stdio.h> #include <windows.h> #include <iomanip> using namespace std; byte * nc_dncbyte(DWORD pid, DWORD ShouDiZhi, DWORD Size) { HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid); byte * p = new byte[ Size ]; ReadProcessMemory(handle, (LPCVOID)ShouDiZhi, p, Size, 0); return p; } void main() { byte * pbuffer = nc_dncbyte(3760, 0x0D0A4318, 10); for (int i = 0; i < 200; i++) { cout.width(2);//占宽2列 cout.fill(‘0‘);//不足2位时前面用0补齐,多于2位时按实际倍数显示 cout << setiosflags(ios::uppercase) << hex << int (pbuffer[ i ]) << " "; // setiosflags(ios::uppercase) 设置十六进制显示数值字母大写 } cout << endl; for (int a = 0; a < 4; a++) { printf("%02X,", pbuffer[a]); } cout << endl; delete []pbuffer; }
最终效果如下:
OK,任何完成
,再然后就是要把这些读取的字节集输出为exe程序。
原文:https://www.cnblogs.com/hsoftk/p/12606629.html