// TODO: 在此添加控件通知处理程序代码
HANDLE Hand = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 2256);
MODULEENTRY32 lppe;
memset(&lppe,0,sizeof(MODULEENTRY32));
lppe.dwSize = sizeof(MODULEENTRY32);
BOOL found = Module32First(Hand, &lppe);
CFile myFile;
if ( myFile.Open( _T(“r:\\myfilef.dat”), CFile::modeCreate |
CFile::modeReadWrite, NULL ) )
{
/*myFile.Write( szBuffer, sizeof( szBuffer ) );
myFile.Flush();
myFile.Seek( 0, CFile::begin );
nActual = myFile.Read( szBuffer, sizeof( szBuffer ) ); */
while(found)
{
DWORD Add1 = DWORD(lppe.modBaseAddr);
DWORD Add2 = Add1 + lppe.modBaseSize;
DWORD index = DWORD(lppe.modBaseAddr);
{
myFile.Write(lppe.modBaseAddr, lppe.modBaseSize-4);
}
found = Module32Next(Hand, &lppe);
}
CloseHandle(Hand); // 释放快照句柄
失败··
时间:2008-09-19 08:57来源:中国网管联盟作者:bitsCN编辑字体:[大 中 小]
有时,有些软件有保护,看不到他程序内部是怎么一个样,如果想简单的把他的内存保存下来!
我写了一个简单的函数,调用一下就可以把DLL和EXE的内存里的信息全部导到文件里!到时再慢慢查吧!
uses
TlHelp32; bitscn_com
procedure GetDLLMemToFile;
var
PID: Dword;
Hand: THandle;
lppe: TModuleEntry32;
found: boolean;
File111: TFileStream;
dd, Add1, Add2, index: dword;
begin
Hand := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessID);
lppe.dwSize := SizeOf(lppe);
found := Module32First(Hand, lppe);
while found do
begin
File111 := TFileStream.Create(‘debug\’ + extractfilename(lppe.szExePath), $FFFF); bitscn.com
Add1 := dword(lppe.modBaseAddr);
Add2 := Add1 + lppe.modBaseSize;
index := dword(lppe.modBaseAddr);
while true do
begin
dd := Pdword(index)^;
File111.WriteBuffer(dd, 4);
inc(index, 4);
if index >= Add2 – 4 then break;
end; feedom.net
File111.Destroy; found := Module32Next(Hand, lppe);
end;
CloseHandle(Hand); // 释放快照句柄
end;