這樣的帖子,不知道可不可以放到首頁..如果不行,麻煩管理員清理. 謝謝.
HANDLE?GetQQProcess();
bool
?SeachQQNumber(HANDLE?_hProcess,
string
?
&
strQQ);
int
?_tmain(
int
?argc,?_TCHAR
*
?argv[])
{
????HANDLE?hProces?
=
?GetQQProcess()?;
????
if
(hProces
==
?NULL)
????????cout?
<<
"
No?run?QQ!
"
<<
endl;
????
string
?strQQ;
????SeachQQNumber(hProces,strQQ);
????cout?
<<
strQQ
<<
endl;
????system(
"
pause
"
);
????
return
?
0
;
}
bool
?SeachQQNumber(HANDLE?_hProcess,?
string
?
&
strQQ)
{
????SuspendThread(_hProcess);
????
????DWORD?dwBaseAddress;?
????MEMORY_BASIC_INFORMATION?mbi;
????
char
??process_mem[
4096
]?
=
?
{
0
}
;
????DWORD?number_of_bytes_read?
=
?
0
;
????SYSTEM_INFO?si;?
????GetSystemInfo(
&
si);
????dwBaseAddress?
=
?(DWORD)si.lpMinimumApplicationAddress;?
????
while
(dwBaseAddress?
<
?(DWORD)si.lpMaximumApplicationAddress)?
????
{?
????????mbi.BaseAddress?
=
?(LPVOID)dwBaseAddress;?
????????VirtualQueryEx(_hProcess,?(LPVOID)dwBaseAddress,?
&
mbi,?
sizeof
(mbi));
????????dwBaseAddress?
=
?(DWORD)mbi.BaseAddress?
+
?mbi.RegionSize;?
????????
if
(mbi.State?
!=
?MEM_COMMIT?
||
?mbi.AllocationProtect?
!=
?PAGE_READWRITE)?
//
跳過未分配或不可讀寫的區域?
????????
{?
????????????
continue
;?
????????}
?
????????
????????
//
搜索
????????
for
(DWORD?i?
=
?(DWORD)mbi.BaseAddress;?i?
<
?dwBaseAddress;?i
+=
4096
)
????????
{
????????????
if
(
!
ReadProcessMemory(_hProcess,LPCVOID(i),process_mem,
4096
,
&
number_of_bytes_read))
????????????????
break
;????????????
????????????
for
(
int
?j
=
0
;j
<
4096
?
-
?
9
;j
++
)
????????????
{
????????????????
if
(
!
memcmp(
&
process_mem[j],
"
\\MsgEx.db
"
,
9
)?)
????????????????
{
????????????????????
//
printf("begin\n");
????????????????????
for
(
int
?k
=
j
-
1
;?k?
>
?j
-
12
;?k
--
)
????????????????????
{
????????????????????????
if
(process_mem[k]?
>=
?
'
0
'
?
&&
?process_mem[k]?
<=
?
'
9
'
)
????????????????????????
{
????????????????????????????strQQ?
=
??process_mem[k]?
+
?strQQ;
????????????????????????}
????????????????????????
else
????????????????????????????
break
;
????????????????????}
????????????????????
if
(strQQ.length())
????????????????????
{
????????????????????????ResumeThread(_hProcess);
????????????????????????
return
?
true
;
????????????????????}
????????????
????????????????}
????????????}
????????}
????}
????ResumeThread(_hProcess);
????
return
?
false
;
}
HANDLE?GetQQProcess()
{
????PROCESSENTRY32?pe;
????pe.dwSize?
=
?
sizeof
(PROCESSENTRY32);
????HANDLE?hSnapshot?
=
?CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,?
0
);
????Process32First(hSnapshot,?
&
pe);
????
do
{
????????
if
(
!
_tcsicmp(pe.szExeFile,_T(
"
qq.exe
"
)))
????????
{
????????????CloseHandle(hSnapshot);
????????????
return
?OpenProcess(PROCESS_ALL_ACCESS,FALSE,pe.th32ProcessID);
????????}
????????pe.dwSize?
=
?
sizeof
(PROCESSENTRY32);
????}
while
(Process32Next(hSnapshot,?
&
pe));
????CloseHandle(hSnapshot);
????
return
?NULL;
}