Windows 64位内存地址不适合Win32(64?)的API WriteProcessMemory?
好的,我想在这里做一个古老的黑客计算器教程: 但是,通过添加一个表单和一个按钮将新值注入计算器,让它成为我自己的想法。但它不断抛出无法写入内存的错误。现在我不知道为什么,但我想这是因为我试图写的内存地址来自64位操作系统。有人能告诉我为什么这不起作用吗Windows 64位内存地址不适合Win32(64?)的API WriteProcessMemory?,windows,winapi,memory,64-bit,Windows,Winapi,Memory,64 Bit,好的,我想在这里做一个古老的黑客计算器教程: 但是,通过添加一个表单和一个按钮将新值注入计算器,让它成为我自己的想法。但它不断抛出无法写入内存的错误。现在我不知道为什么,但我想这是因为我试图写的内存地址来自64位操作系统。有人能告诉我为什么这不起作用吗 #include <iostream> #include <windows.h> #define IDBUTTON 102 //prototypes void injectValue(); using namespa
#include <iostream>
#include <windows.h>
#define IDBUTTON 102
//prototypes
void injectValue();
using namespace std;
/* Declare Windows procedure */
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "CodeBlocksWindowsApp";
HINSTANCE g_hInst;
int newValue = 500;
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nCmdShow)
{
HWND hwnd; /* This is the handle for our window */
MSG messages; /* Here messages to the application are saved */
WNDCLASSEX wincl; /* Data structure for the windowclass */
/* The Window structure */
g_hInst = hThisInstance;
wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName;
wincl.lpfnWndProc = WindowProcedure; /* This function is called by windows */
wincl.style = CS_DBLCLKS; /* Catch double-clicks */
wincl.cbSize = sizeof (WNDCLASSEX);
/* Use default icon and mouse-pointer */
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL; /* No menu */
wincl.cbClsExtra = 0; /* No extra bytes after the window class */
wincl.cbWndExtra = 0; /* structure or the window instance */
/* Use Windows's default colour as the background of the window */
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND;
/* Register the window class, and if it fails quit the program */
if (!RegisterClassEx (&wincl))
return 0;
/* The class is registered, let's create the program*/
hwnd = CreateWindowEx (
0, /* Extended possibilites for variation */
szClassName, /* Classname */
"Calculator Trainer", /* Title Text */
WS_OVERLAPPEDWINDOW, /* default window */
CW_USEDEFAULT, /* Windows decides the position */
CW_USEDEFAULT, /* where the window ends up on the screen */
544, /* The programs width */
375, /* and height in pixels */
HWND_DESKTOP, /* The window is a child-window to desktop */
NULL, /* No menu */
hThisInstance, /* Program Instance handler */
NULL /* No Window Creation data */
);
/* Make the window visible on the screen */
ShowWindow (hwnd, nCmdShow);
/* Run the message loop. It will run until GetMessage() returns 0 */
while (GetMessage (&messages, NULL, 0, 0))
{
/* Translate virtual-key messages into character messages */
TranslateMessage(&messages);
/* Send message to WindowProcedure */
DispatchMessage(&messages);
}
/* The program return-value is 0 - The value that PostQuitMessage() gave */
return messages.wParam;
}
/* This function is called by the Windows function DispatchMessage() */
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HWND hwndButton;
switch (message) /* handle the messages */
{
case WM_COMMAND:
if(((HWND)lParam) && (HIWORD(wParam) == BN_CLICKED)){
switch(LOWORD(wParam)){
case IDBUTTON:{
injectValue();
break;
}
default:
break;
}
}
break;
case WM_CREATE:
hwndButton = CreateWindowEx(0, /* more or ''extended'' styles */
TEXT("BUTTON"), /* GUI ''class'' to create */
TEXT("Inject Value"), /* GUI caption */
WS_CHILD|WS_VISIBLE|BS_DEFPUSHBUTTON, /* control styles separated by | */
10, /* LEFT POSITION (Position from left) */
10, /* TOP POSITION (Position from Top) */
200, /* WIDTH OF CONTROL */
30, /* HEIGHT OF CONTROL */
hwnd, /* Parent window handle */
(HMENU)IDBUTTON, /* control''s ID for WM_COMMAND */
g_hInst, /* application instance */
NULL);
break;
case WM_DESTROY:
PostQuitMessage (0); /* send a WM_QUIT to the message queue */
break;
default: /* for messages that we don't deal with */
return DefWindowProc (hwnd, message, wParam, lParam);
}
return 0;
}
void injectValue(){
cout << "button pushed" << endl;
HWND chwnd = FindWindow(0, "Calculator");
if(chwnd == 0)
cerr << "HWND not found!" << endl;
else{
DWORD pID;
GetWindowThreadProcessId(chwnd, &pID);
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if(!hProc)
cerr << "Can't open hProc!" << endl;
else{
int success = WriteProcessMemory(hProc, (LPVOID) 0xA4283C508C, &newValue, (DWORD_PTR) sizeof(newValue), NULL);
if(success > 0)
cout << "wrote to memory" << endl;
else
cerr << "Can't write to memory" << endl;
}
}
}
首先,当您遇到WINAPI问题时,应该使用GetLastError查找*特定*错误 在这种情况下,我很确定您缺乏调试权限,因此操作系统拒绝写入权限,请参阅和示例,您需要SE_debug_NAME权限 但是,应该注意的是,在您的情况下,您不应该使用固定的虚拟地址0xA4283C508C,因为大多数程序都将被重新定位,
由于ASLR、代码页重叠或jsut纯粹缺少首选加载地址而使您的地址无效您确定0xA4283C508C正确吗?也许先看看你能不能从中读出来,然后再写些新的东西。如果你想写64位进程,那么我认为你应该在64位模式下编译你的应用程序,这样你就可以在大指针上操作。是的,地址是正确的。我还使用了代码::块。如何在64位模式下编译程序?例如,您需要使用Windwos SDK 7.1中的64位mingw或64位版本的Visual Studio。如果您的计算器是64位版本,则此地址肯定是错误的。本例中使用的作弊引擎使用32位版本的计算器,因此指针长度为4字节,而对于64位操作系统,您需要找到8字节长的指针。我不确定CheatEngine是否适用于64位应用程序,因此您将很难找到此指针。CheatEngine 6及以上版本支持64位。此外,calc.exe很可能支持ASLR,因此每次重新启动时其imagebase都可以更改。您只需具有调试权限即可打开在其他用户下运行的进程的句柄。@pezcode:no,您需要它来打开需要管理或调试权限的程序的句柄,或者打开您当前没有权限访问的任何其他程序的句柄,这就是为什么ring3调试器需要在管理模式下运行,以便它们可以访问受保护的进程内存。也许你们应该阅读一下访问控制:ring3调试器在非管理员帐户上工作得很好,只要你们不试图附加到另一个用户的进程,包括系统。如果您自己浏览了该链接,您会发现此页面:和另一个页面: