[toc]
使用c语言在windows中写入数据到程序中 1. C语言中写数据使用赋值符号= 代码演示:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #include <stdio.h> #include <windows.h> int main (int argc, char ** argv) { int i = 666 ; label: printf ("var i vulue is %d\n" , i); printf ("var i address is 0x%p\n" , &i); int * p = &i; printf ("var i vulue is %d\n" , *p); printf ("var i address is 0x%p\n" , p); printf ("point p address is 0x%p\n" , &p); printf ("current Pid is %d\n" , GetCurrentProcessId()); getchar(); goto label; return 0 ; }
2.windows程序中使用WriteProcessMemory写数据 使用WriteProcessMemory写入数据将保存在0x0019FEDC的值666改为2080,代码演示:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 66316 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; DWORD buffer = 2080 ; SIZE_T nSize = sizeof (buffer); SIZE_T* writeLength = malloc (sizeof (SIZE_T)); WriteProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); ReadProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); printf ("Write address 0x%p data is %d\n" , lpBaseAddr, buffer); printf ("Write data length is %d\n" , *writeLength); CloseHandle(hProcess); return 0 ; }
结果如图,修改成功
3.写入单字节 完整代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 85064 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; BYTE buffer = 250 ; SIZE_T nSize = sizeof (buffer); SIZE_T* writeLength = malloc (sizeof (SIZE_T)); WriteProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); ReadProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); printf ("Write address 0x%p data is %d\n" , lpBaseAddr, buffer); printf ("Write data length is %d\n" , *writeLength); CloseHandle(hProcess); return 0 ; }
修改成功
4. 用数组写入多个字节 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 85064 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; #define wSize 5 BYTE buffer[wSize] = { 240 ,35 ,35 ,23 ,9 }; SIZE_T nSize = sizeof (BYTE) * 5 ; SIZE_T* writeLength = malloc (sizeof (SIZE_T)); WriteProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); ReadProcessMemory(hProcess, lpBaseAddr, &buffer, nSize, writeLength); printf ("Write address 0x%p data is \t" , lpBaseAddr); for (int i = 0 ; i < *writeLength; i++) { printf ("%d" , buffer[i]); } printf ("\nWrite data length is %d\n" , *writeLength); CloseHandle(hProcess); return 0 ; }
5. 写入4个字节集 代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 85064 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; ULONG witeSize = 4 ; SIZE_T nSize = sizeof (SIZE_T*) * witeSize; BYTE** buffer = (BYTE**)malloc (witeSize); for (ULONG i = 0 ; i < witeSize; i++) { *(buffer+i) = (BYTE*)malloc (sizeof (BYTE*)); } *buffer = 0xDDDDD ; SIZE_T* writeLength = malloc (sizeof (SIZE_T)); WriteProcessMemory(hProcess, lpBaseAddr, buffer, nSize, writeLength); ReadProcessMemory(hProcess, lpBaseAddr, buffer, nSize, writeLength); if (0 == *writeLength)return 0 ; int writeSize = *writeLength / sizeof (BYTE*); if (*writeLength % sizeof (BYTE*) != 0 )writeSize++; for (ULONG i = 0 ; i < writeSize; i++) { printf ("%d\t" , i + 1 ); printf ("Write address 0x%p data is\t" , lpBaseAddr + i * sizeof (BYTE*)); printf ("0x%p\n" , *(buffer+i)); } printf ("Write data length is %d\n" , *writeLength); CloseHandle(hProcess); return 0 ; }
结果:
6.写入多个字节集 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 85064 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; ULONG wSize = 9000 ; SIZE_T nSize = sizeof (BYTE); BYTE** buffer = (BYTE**)malloc (wSize); for (ULONG i = 0 ; i < wSize; i++) { *(buffer + i) = (BYTE*)malloc (sizeof (BYTE)); *(buffer + i) = 0x90 ; } SIZE_T* writeLength = malloc (sizeof (SIZE_T)); ULONG writeSize = 0 ; for (ULONG i = 0 ; i < wSize; i++) { WriteProcessMemory(hProcess, lpBaseAddr + i, buffer + i, nSize, writeLength); writeSize += *writeLength; } for (ULONG i = 0 ; i < wSize; i++) { ReadProcessMemory(hProcess, lpBaseAddr + i, buffer + i, nSize, writeLength); if (0 == i % sizeof (BYTE*)) { printf ("\n" ); printf ("%d\t" , i / 4 + 1 ); printf ("Write address 0x%p data is\t0x" , lpBaseAddr + i * sizeof (BYTE*)); } printf ("%02x" , *(buffer + i)); } printf ("\nWrite data length is %d\n" , writeSize); CloseHandle(hProcess); return 0 ; }
7.使用数组写入字节集 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 #include <windows.h> #include <stdio.h> int main (int argc, char * argv[]) { DWORD dwProcessId = 85064 ; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); DWORD lpBaseAddr = 0x0019FEDC ; SIZE_T nSize = sizeof (BYTE); #define wSize 10 BYTE *buffer[wSize] = { 0x4A ,0x4A ,0x4A ,0x4A ,0x4A ,0x4A ,0x4A ,0x4A ,0x4A ,0x4A }; SIZE_T* writeLength = malloc (sizeof (SIZE_T)); ULONG writeSize = 0 ; for (ULONG i = 0 ; i < wSize; i++) { WriteProcessMemory(hProcess, lpBaseAddr + i, buffer[i], nSize, writeLength); writeSize += *writeLength; } for (ULONG i = 0 ; i < wSize; i++) { ReadProcessMemory(hProcess, lpBaseAddr + i, buffer[i], nSize, writeLength); if (0 == i % sizeof (BYTE*)) { printf ("\n" ); printf ("%d\t" , i / 4 + 1 ); printf ("Write address 0x%p data is\t0x" , lpBaseAddr + i * sizeof (BYTE*)); } printf ("%02x" , *(buffer + i)); } printf ("\nWrite data length is %d\n" , writeSize); CloseHandle(hProcess); return 0 ; }
