Начинающий
-
Автор темы
- #1
Привет, помогите как ускорить поиск адрессов через маску в памяти. Без изменения числа потоков, стартового и конечного адресса.
Main.cpp:
#include <iostream>
#include <vector>
#include <Windows.h>
#include <TlHelp32.h>
#include <thread>
#include <mutex>
#include <atomic>
std::mutex mtx;
std::atomic<bool> stop_search{ false };
DWORD FindProcessId(const wchar_t* processName) {
PROCESSENTRY32 processInfo;
processInfo.dwSize = sizeof(processInfo);
HANDLE processSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (processSnapshot == INVALID_HANDLE_VALUE) {
return 0;
}
Process32First(processSnapshot, &processInfo);
do {
if (!_wcsicmp(processInfo.szExeFile, processName)) {
CloseHandle(processSnapshot);
return processInfo.th32ProcessID;
}
} while (Process32Next(processSnapshot, &processInfo));
CloseHandle(processSnapshot);
return 0;
}
bool CheckMask(const BYTE* buffer, const std::vector<std::pair<DWORD, bool>>& mask) {
for (size_t i = 0; i < mask.size(); ++i) {
DWORD valueInBuffer = *reinterpret_cast<const DWORD*>(buffer + i * sizeof(DWORD));
if (mask[i].second && valueInBuffer != mask[i].first) {
return false;
}
}
return true;
}
void MemorySearch(HANDLE processHandle, uintptr_t startAddress, uintptr_t endAddress, const std::vector<std::pair<DWORD, bool>>& mask, int value2) {
MEMORY_BASIC_INFORMATION memInfo;
BYTE* buffer = nullptr;
size_t bufferSize = 0;
for (uintptr_t currentAddress = startAddress; currentAddress < endAddress;) {
if (VirtualQueryEx(processHandle, (LPCVOID)currentAddress, &memInfo, sizeof(memInfo)) == 0) {
break;
}
if (memInfo.State == MEM_COMMIT && memInfo.Protect != PAGE_NOACCESS && memInfo.Protect != PAGE_GUARD) {
DWORD bytesRead;
size_t regionSize = memInfo.RegionSize;
if (bufferSize < regionSize) {
delete[] buffer;
buffer = new BYTE[regionSize];
bufferSize = regionSize;
}
if (ReadProcessMemory(processHandle, memInfo.BaseAddress, buffer, regionSize, &bytesRead)) {
for (DWORD i = 0; i < bytesRead - sizeof(DWORD) * (mask.size() - 1); i++) {
if (CheckMask(buffer + i, mask)) {
uintptr_t foundAddress = (uintptr_t)memInfo.BaseAddress + i;
DWORD offset1, offset2;
DWORD value = 0;
if (ReadProcessMemory(processHandle, (LPCVOID)(foundAddress + 288), &offset1, sizeof(offset1), &bytesRead) &&
ReadProcessMemory(processHandle, (LPCVOID)(foundAddress + 292), &offset2, sizeof(offset2), &bytesRead)) {
if (offset1 >= 1000000000 && offset2 >= 1000000000 && offset1 - offset2 == 0) {
if (WriteProcessMemory(processHandle, (LPVOID)(foundAddress + 288), &value, sizeof(value), nullptr) &&
WriteProcessMemory(processHandle, (LPVOID)(foundAddress + 292), &value2, sizeof(value2), nullptr)) {
std::unique_lock<std::mutex> lock(mtx);
std::cout << "Successfully updated the value at address 0x" << std::hex << (foundAddress + 288) << "-> value " << std::dec << value << std::endl;
std::cout << "Successfully updated the value at address 0x" << std::hex << (foundAddress + 292) << "-> value " << std::dec << value2 << std::endl;
lock.unlock();
}
else {
std::cerr << "Failed to update the values at addresses 0x" << std::hex << (foundAddress + 288) << " and 0x" << (foundAddress + 292) << std::endl;
}
}
}
}
}
}
}
currentAddress += memInfo.RegionSize;
}
delete[] buffer;
}
int main() {
const wchar_t* processName = L"LdVBoxHeadless.exe";
const DWORD processID = FindProcessId(processName);
if (processID == 0) {
std::cout << "Process not found" << std::endl;
return 1;
}
HANDLE processHandle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, processID);
if (processHandle == NULL) {
std::cout << "Could not open process" << std::endl;
return 1;
}
else
{
std::cout << "Access allowed" << std::endl;
}
std::vector<std::pair<DWORD, bool>> mask = {
{5, true},
{3, true},
{0, true},
{0, true},
{0, false},
{0, false},
{0, false},
{257, true},
};
std::cout << "Input value: ";
int value;
std::cin >> value;
SYSTEM_INFO systemInfo;
GetSystemInfo(&systemInfo);
uintptr_t startAddress = 0x0;
uintptr_t endAddress = 0x7FFFFFFFFFFFF;
int numThreads = 16;
uintptr_t chunkSize = (endAddress - startAddress) / numThreads;
bool continueSearch = true;
while (continueSearch) {
std::vector<std::thread> threads;
for (int i = 0; i < numThreads; ++i) {
uintptr_t chunkStart = startAddress + i * chunkSize;
uintptr_t chunkEnd = (i == numThreads - 1) ? endAddress : chunkStart + chunkSize;
threads.emplace_back(MemorySearch, processHandle, chunkStart, chunkEnd, std::ref(mask), value);
}
for (auto& thread : threads) {
thread.join();
}
}
std::cout << "Do you want to search again? [Y/N]: " << std::flush;
char input;
std::cin >> input;
continueSearch = (input == 'Y' || input == 'y');
CloseHandle(processHandle);
return 0;
}
Последнее редактирование:
