package com.memory.impl;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import com.memory.entity.ExecuteResult;
import com.memory.entity.MemoryValue;
import com.memory.interfaces.Kernel32_DLL;
import com.memory.quantity.OpenProcess;
import com.memory.quantity.VirtualProtect;
import com.memory.structure.MEMORY_BASIC_INFORMATION;
import com.sun.jna.Memory;
import com.sun.jna.Pointer;
/**
* 内存搜索实现类
* 作者:Code菜鸟
* 技术交流QQ:969422014
* CSDN博客:http://blog.csdn.net/qq969422014
* */
public class MemorySearchImpl
{
//保存查询内存结果信息的结构体类
private MEMORY_BASIC_INFORMATION memoryInfo = new MEMORY_BASIC_INFORMATION();
//查询结果的大小
private int size = memoryInfo.size();
//统计内存扫描数量
public int memoryScore = 0;
//保存搜索
public List<MemoryValue> searchResult = Collections.synchronizedList(new ArrayList<MemoryValue>());
/**
* 值搜索
* pid 进程ID
* value 需要搜索的值
* searchDataType 搜索的实际数据类型 0=INT 1=Short 2=long 3=float 4=double 5=byte
* equalsSearchValue 与搜索值相比较 0等于,1大于,2小于
* startBaseAddr 搜索开始的内存基址
* endBaseAddr 搜索结束的内存基址
* increasing 搜索地址的递增量
* **/
public ExecuteResult search(int pid,String searchValue,int searchDataType,int equalsSearchValue,int startBaseAddr,int endBaseAddr)
{
if(searchResult.size()!=0) searchResult.clear();
ExecuteResult executeResult = new ExecuteResult();
memoryScore = 0;
//根据进程ID,打开进程,返回进程句柄
int handle = Kernel32_DLL.INSTANCE.OpenProcess(OpenProcess.PROCESS_ALL_ACCESS, false, pid);
//判断进程句柄是否打开成功
int lastError = Kernel32_DLL.INSTANCE.GetLastError();
executeResult.setLastError(lastError);
if(lastError==5)
{
executeResult.setMessage("无法打开进程,系统Debug权限获取失败,请以管理员方式重新运行程序!");
return executeResult;
}
else if(lastError!=0)
{
executeResult.setMessage("无法打开该进程,OpenProcess函数返回错误码:"+lastError);
return executeResult;
}
try
{
//根据基址遍历内存
while(startBaseAddr <= endBaseAddr)
{
//读取内存信息
int vqe = Kernel32_DLL.INSTANCE.VirtualQueryEx(handle, startBaseAddr, memoryInfo, size);
if(vqe==0) break;
//判断内存是否已提交,非空闲内存
if (memoryInfo.state == MEMORY_BASIC_INFORMATION.MEM_COMMIT)
{
//更改内存保护属性为可写可读,成功返回TRUE,执行这个函数,OpenProcess函数必须为PROCESS_ALL_ACCESS
boolean vpe = Kernel32_DLL.INSTANCE.VirtualProtectEx(handle, startBaseAddr, memoryInfo.regionSize, VirtualProtect.PAGE_READWRITE, memoryInfo.protect);
//判断内存是否可读可写
if(vpe || memoryInfo.protect == MEMORY_BASIC_INFORMATION.PAGE_READWRITE)
{
//声明一块内存空间,保存读取内存块的值,这个空间的大小与内存块大小相同
Pointer buffer = new Memory(memoryInfo.regionSize);
//判断是否读取成功
if(Kernel32_DLL.INSTANCE.ReadProcessMemory(handle, startBaseAddr, buffer, memoryInfo.regionSize, 0))
{
//对比的值
double searchValueDouble = Double.parseDouble(searchValue);
//根据搜索类型查找对应数据
switch(searchDataType)
{
//查找整形int,4字节,所以i+=4
case 0:
for(int i = 0; i < memoryInfo.regionSize; i+=4)
{
double memoryValue = buffer.getInt(i);
//统计内存数量
memoryScore++;
//与搜索值相比较释放符合条件 0等于,1大于,2小于
if((equalsSearchValue ==0 && memoryValue == searchValueDouble) ||
(equalsSearchValue==1 && memoryValue > searchValueDouble) ||
(equalsSearchValue==2 && memoryValue < searchValueDouble))
{
MemoryValue temp = new MemoryValue();
temp.setAddress(startBaseAddr + i);
temp.setAddress16("0x"+Long.toString((startBaseAddr + i), 16).toUpperCase());
temp.setValue(memoryValue+"");
searchResult.add(temp);
}
}
break;
//查找短整形short,2字节,所以i+=2
case 1:
for(int i = 0; i < memoryInfo.regionSize; i+=2)
{
double memoryValue = buffer.getShort(i);
//统计内存数量
memoryScore++;
//与搜索值相比较释放符合条件 0等于,1大于,2小于
if((equalsSearchValue ==0 && memoryValue == searchValueDouble) ||
(equalsSearchValue==1 && memoryValue > searchValueDouble) ||
(equalsSearchValue==2 && memoryValue < searchValueDouble))
{
MemoryValue temp = new MemoryValue();
temp.setAddress(startBaseAddr + i);
temp.setAddress16("0x"+Long.toString((startBaseAddr + i), 16).toUpperCase());
temp.setValue(memoryValue+"");
searchResult.add(temp);
}
}
break;
//查找长整形Long,8字节,所以i+=8
case 2:
for(int i = 0; i < memoryInfo.regionSize; i+=8)
{
double memoryValue = buffer.getLong(i);
//统计内存数量
memoryScore++;
//与搜索值相比较释放符合条件 0等于,1大于,2小于
if((equalsSearchValue ==0 && memoryValue == searchValueDouble) ||
(equalsSearchValue==1 && memoryValue > searchValueDouble) ||
(equalsSearchValue==2 && memoryValue < searchValueDouble))
{
MemoryValue temp = new MemoryValue();
temp.setAddress(startBaseAddr + i);
temp.setAddress16("0x"+Long.toString((startBaseAddr + i), 16).toUpperCase());
temp.setValue(memoryValue+"");
searchResult.add(temp);
}
}
break;
//查找单精度浮点 float,4字节,所以i+=4
case 3:
for(int i = 0; i < memoryInfo.regionSize; i+=4)
{
double memoryValue = buffer.getFloat(i);
//统计内存数量
memoryScore++;
//与搜索值相比较释放符合条件 0等于,1大于,2小于
if((equalsSearchValue ==0 && memoryValue == searchValueDouble) ||
(equalsSearchValue==1 && memoryValue > searchValueDouble) ||
(equalsSearchValue==2 && memoryValue < searchValueDouble))
{
MemoryValue temp = new MemoryValue();
temp.setAddress(startBaseAddr + i);
temp.setAddress16("0x"+Long.toString((startBaseAddr + i), 16).toUpperCase());
temp.setValue(memoryValue+"");
searchResult.add(temp);
}
}
break;
//查找双精度浮点 double,8字节,所以i+=8
case 4:
for(int i = 0; i < memoryInfo.regionSize; i+=8)
MemoryReadWriteTool.zip (86个子文件) 
setup.exe 22.69MB
MemoryReadWriteTool 
.project 395B src com memory event ProcessChooseWndEvent.java 3KB MainWndEvent.java 12KB impl MemorySearchThread.java 7KB MemoryWrite.java 4KB LoadSystemProcessInfo.java 2KB MemorySearchImpl.java 13KB MemoryRangeQuery.java 4KB KillProcess.java 1KB GiveProcessPrivilege.java 2KB ReferenceFree.java 937B quantity OpenProcess.java 622B VirtualProtect.java 647B LookupPrivilegeValue.java 2KB CreateToolhelp32Snapshot.java 1KB OpenProcessToken.java 2KB structure MODULEENTRY32.java 2KB TOKEN_PRIVILEGES.java 1KB PROCESSENTRY32.java 2KB SYSTEM_INFO.java 2KB HANDLEByReference.java 1KB LUID.java 999B MEMORY_BASIC_INFORMATION.java 2KB LUID_AND_ATTRIBUTES.java 1KB entity MemoryValue.java 780B ExecuteResult.java 729B Process.java 604B MemoryRange.java 535B interfaces Advapi32_DLL.java 3KB Kernel32_DLL.java 9KB wnd ProcessChooseWnd.java 2KB DefaultTableModel.java 672B MainWnd.java 9KB .settings org.eclipse.jdt.core.prefs 629B org.eclipse.core.resources.prefs 88B
jna-4.1.0.jar 893KB JTattooAluminiumLookAndFeel.jar 454KB .classpath 424B bin com memory event ProcessChooseWndEvent$2.class 3KB MainWndEvent$2.class 3KB MainWndEvent$8.class 3KB MainWndEvent$5.class 3KB MainWndEvent$7.class 893B MainWndEvent$6.class 2KB MainWndEvent$4.class 1KB MainWndEvent$1.class 2KB MainWndEvent$9.class 1KB ProcessChooseWndEvent.class 1KB MainWndEvent.class 3KB ProcessChooseWndEvent$1.class 2KB MainWndEvent$3.class 1KB MainWndEvent$10.class 3KB impl MemorySearchImpl.class 8KB LoadSystemProcessInfo.class 2KB MemoryRangeQuery.class 3KB JTableValueUpdate.class 2KB ReferenceFree.class 810B GiveProcessPrivilege.class 2KB MemorySearchThread.class 6KB KillProcess.class 2KB MemoryWrite.class 4KB quantity LookupPrivilegeValue.class 578B OpenProcess.class 264B CreateToolhelp32Snapshot.class 412B OpenProcessToken.class 739B VirtualProtect.class 316B structure TOKEN_PRIVILEGES.class 1KB HANDLEByReference.class 1KB MODULEENTRY32.class 1KB LUID.class 606B SYSTEM_INFO.class 1014B PROCESSENTRY32.class 1KB LUID_AND_ATTRIBUTES.class 861B MEMORY_BASIC_INFORMATION.class 1007B entity MemoryRange.class 699B ExecuteResult.class 1KB MemoryValue.class 1KB Process.class 959B interfaces Advapi32_DLL.class 906B Kernel32_DLL.class 1KB wnd ProcessChooseWnd.class 2KB MainWnd$1.class 747B MainWnd.class 8KB DefaultTableModel.class 642B MemoryReadWriteTool.jar 1.37MB
Code菜鸟
- 粉丝: 153
最新资源
- 《网络新世界》教案道德与法治教案1.pdf
- 学习linux心得体会.docx
- 互联网创业计划书.pptx
- excel函数总结.docx
- 江苏自考项目管理真题试卷.doc
- 学案从杂交育种到基因工程.pptx
- 项目管理人员暂时管理方法(记忆).doc
- 二手车市场综合网站建设方案.doc
- 银行网络故障应急处理预案.doc
- 基于OPC通讯协议的自动化仿真平台-实践篇.doc
- 2023年湖南科技大学计算机学院科普知识竞赛初赛题目的答案.doc
- 汽车经销商四S店网络营销电话销售手册.pptx
- 计算思维和计算机基础专业知识讲座.ppt
- 国美电子商务战略规划分析.pptx
- 西门子Modbus-RTU通信.docx
- 网络经济下供应链管理模式的创新与构建.doc
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
- 1
- 2
- 3
- 4
- 5
前往页