質問です、下記はソースの1部分なんですが、あるプロセスのメモリを検索しています。00000000~7FFFFFFFまでを検索しているのですが7FFFFFFFを9FFFFFFFまでに増やしたいです、単純に終了アドレスを9FFFFFFFにしても検索してくれないですが何故でしょうか?
UINT search_1(HANDLE hProcess, unsigned char bytecode[], int n, UINT and1, int intAnd1, UINT and2, int intAnd2) {
TNtReadVirtualMemory pfnNtReadVirtualMemory = NULL;
pfnNtReadVirtualMemory = (TNtReadVirtualMemory)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtReadVirtualMemory");
TNtWriteVirtualMemory pfnNtWriteVirtualMemory = NULL;
pfnNtWriteVirtualMemory = (TNtWriteVirtualMemory)GetProcAddress(GetModuleHandle(_T("ntdll.dll")), "NtWriteVirtualMemory");
MEMORY_BASIC_INFORMATION mBI;
// サーチ開始アドレス
UINT start = 0x00000000;
// サーチ終了アドレス
UINT end = 0x7FFFFFFF;
int a = 0;
int b = 0;
__int64 b_0 = 0;
__int64 b_1 = 0;
__int64 b_2 = 0;
__int64 b_3 = 0;
__int64 b_4 = 0;
__int64 b_5 = 0;
int r_11 = 11;
int r_8 = 8;
int addr1 = 0;
int addr2 = 0;
int addr2_0 = 0;
int addr2_1 = 0;
int addr2_2 = 0;
int addr2_3 = 0;
int addr2_4 = 0;
int addr2_5 = 0;
int intActionCnt = 0;
while (start < end) {
SIZE_T size = VirtualQueryEx(hProcess, (void*)start, &mBI, sizeof(MEMORY_BASIC_INFORMATION));
if (size == 0) {
std::cout << "error" << std::endl;
break;
}
if ((mBI.State == MEM_COMMIT) && (mBI.Type == MEM_PRIVATE) && (mBI.Protect == PAGE_READWRITE) && (mBI.Type != MEM_IMAGE)) {
UINT start2, end2;
start2 = start;
end2 = start2 + mBI.RegionSize;
int p;
CHAR *MemoryBuff = new CHAR[4096];
while (start2 <= end2)
{
pfnNtReadVirtualMemory(hProcess, (LPVOID)start2, (LPVOID)MemoryBuff, 4096, NULL);
for (p = 0; p < 4096; p++) //バッファのサイズ=ループ回数
{
start2++;
MemoryBuff++;
if (memcmp(MemoryBuff, bytecode, n) == 0) {
//cout << "address=" << hex << start2 << "\n";
//addr2_0 = start2 + 0x5c;
addr2_1 = start2 + 0x68;
addr2_2 = start2 + 0x18;
addr2_3 = start2 + 0x10;
addr2_4 = start2 + 0x14;
//addr2_5 = start2 - 0x8;
//pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_0, &b_0, 4, NULL);
pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_1, &b_1, 4, NULL);
pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_2, &b_2, 4, NULL);
pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_3, &b_3, 4, NULL);
pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_4, &b_4, 4, NULL);
//pfnNtReadVirtualMemory(hProcess, (LPVOID)addr2_5, &b_5, 4, NULL);
if (b_1 == 2 && b_2 == 383558760 && b_3 == 0 && b_4 == 0) {
cout << "address1=" << hex << start2 << "\n";
pfnNtWriteVirtualMemory(hProcess, (LPVOID)addr2_1, &r_8, 4, NULL);
//return start2;
}
}
}
MemoryBuff = MemoryBuff - 4096; //ポインタを戻しておきます。
}
}
start += mBI.RegionSize;
}
return 0;
}