进程内存访问

进程访问类

#pragma once

#include <Psapi.h>
#pragma comment(lib, "psapi")

class CProceseBuffer
{
public:
	CProceseBuffer() : m_hProcess(NULL), m_lpData(NULL), m_dwProcessID((DWORD)-1), m_dwSize(0)
	{
		
	}

	~CProceseBuffer()
	{
		Release();
	}

	DWORD GetProcessID() const {
		return m_dwProcessID;
	}

	void SetProcessID(DWORD dwProcessID) {
		m_dwProcessID = dwProcessID;
	}

	HANDLE GetProcessHandle() {
		return m_hProcess;
	}

	void SetProcessHandle(HANDLE hProcess) {
		m_hProcess = hProcess;
	}

	LPVOID GetData()
	{
		return (m_hProcess && m_lpData) ? m_lpData : NULL;
	}

	DWORD GetSize() {
		return m_dwSize;
	}

	operator LPVOID() {
		return (m_hProcess && m_lpData) ? m_lpData : NULL;
	}

	void PrivilegeToken(HANDLE hProcess, TCHAR* pszPrivilege, BOOL bEnable)
	{
		HANDLE           hToken;
		TOKEN_PRIVILEGES tp;

		// open process token
		if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
			TRACE(TEXT("OpenProcessToken\n"), GetLastError());
			CloseHandle(hToken);
			return;
		}

		// get the luid
		if (!LookupPrivilegeValue(NULL, pszPrivilege, &tp.Privileges[0].Luid)) {
			TRACE(TEXT("LookupPrivilegeValue\n"), GetLastError());
			CloseHandle(hToken);
			return;
		}

		tp.PrivilegeCount = 1;

		// enable or disable privilege
		if (bEnable)
			tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
		else
			tp.Privileges[0].Attributes = 0;

		// enable or disable privilege
		if (!AdjustTokenPrivileges(hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, 0)) {
			TRACE(TEXT("AdjustTokenPrivileges\n"), GetLastError());
			CloseHandle(hToken);
			return;
		}

		// close the handle
		if (!CloseHandle(hToken)) {
			TRACE(TEXT("CloseHandle"), GetLastError());
		}
	}

	BOOL AttachProcess(TCHAR* szModName=NULL, DWORD dwDesiredAccess = PROCESS_ALL_ACCESS) 
	{
		Release();

		if (szModName == NULL) {
			m_dwProcessID	= GetCurrentProcessId();
			m_hProcess		= GetCurrentProcess();
		} else {
			DWORD	aProcesses[1024], cbNeeded, cProcesses;
			UINT	i;
			DWORD	dwProcessID = (DWORD)-1;	

			if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
				return dwProcessID;

			cProcesses = cbNeeded / sizeof(DWORD);

			for ( i = 0; i < cProcesses; i++ ) {
				HMODULE hMods[1024];
				HANDLE hProcess;
				DWORD cbNeeded;

				hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | dwDesiredAccess,
					FALSE, aProcesses[i] );
				if (NULL == hProcess) continue;

				if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
				{
					TCHAR _szModName[MAX_PATH];

					// Get the full path to the module's file.
					if ( GetModuleFileNameEx(hProcess, hMods[0], _szModName,
						sizeof(_szModName)/sizeof(TCHAR)))
					{
						// Print the module name and handle value.

						TRACE(TEXT("\t%s (0x%08X)\n"),
							_szModName, hMods[i]);
					}

					if (_tcslen(szModName) == 0) continue;

					CString sModName(_szModName);
					sModName.MakeLower();

					sModName = sModName.Right(_tcslen(szModName));
					if (sModName.CompareNoCase(szModName) == 0) {
						//提升进程权限
						//PrivilegeToken(hProcess, SE_DEBUG_NAME, TRUE);
						m_hProcess		= hProcess;
						m_dwProcessID	= aProcesses[i];
						break;
					}			
				}

				CloseHandle( hProcess );
			}
		}

		if (m_hProcess == NULL) return FALSE;

		return TRUE;
	}

	BOOL AllocBuffer(DWORD dwSize, DWORD flAllocationType = MEM_COMMIT, DWORD flProtect = PAGE_READWRITE)
	{
		if (!m_hProcess) return FALSE;

		if (m_lpData != NULL) {
			VirtualFreeEx(m_hProcess, m_lpData, 0, MEM_RELEASE);
			m_lpData = NULL;
		}

		m_lpData = VirtualAllocEx(m_hProcess, NULL, dwSize, flAllocationType, flProtect);
		if (m_lpData == NULL) {
			return FALSE;
		}

		m_dwSize = dwSize;

		return TRUE;
	}

	BOOL ReadData(LPVOID pBuffer, DWORD dwSize, DWORD dwOffset=0) {
		if (!m_hProcess || !m_lpData) return FALSE;

		DWORD dwReaded = 0;
		if (!ReadProcessMemory(m_hProcess, (LPBYTE)m_lpData+dwOffset, pBuffer, dwSize, &dwReaded)) {
			return FALSE;
		}

		return (dwReaded == dwSize);
	}

	template<typename T> BOOL ReadData(T *pData, DWORD dwOffset=0) {
		return ReadData(pData, sizeof(T), dwOffset);
	}

	BOOL WriteData(LPVOID pBuffer, DWORD dwSize, DWORD dwOffset=0) {
		if (!m_hProcess || !m_lpData) return FALSE;

		DWORD dwWritten = 0;
		if (!WriteProcessMemory(m_hProcess, (LPBYTE)m_lpData+dwOffset, pBuffer, dwSize, &dwWritten)) {
			return FALSE;
		}

		return (dwWritten == dwSize);
	}

	template<typename T> BOOL WriteData(T *pData, DWORD dwOffset=0) {
		return WriteData(pData, sizeof(T), dwOffset);
	}

	void Release()
	{
		if (!m_hProcess) return;

		if (m_lpData) {
			VirtualFreeEx(m_hProcess, m_lpData, 0, MEM_RELEASE);
			m_lpData = NULL;
		}

		m_dwSize = 0;

		//CloseHandle(m_hProcess);
	}

private:
	DWORD	m_dwProcessID;
	HANDLE	m_hProcess;
	LPVOID	m_lpData;
	DWORD	m_dwSize;
};