这样的帖子,不知道可不可以放到首页..如果不行,麻烦管理员清理. 谢谢.
HANDLE GetQQProcess();
bool
SeachQQNumber(HANDLE _hProcess,
string
&
strQQ);
int
_tmain(
int
argc, _TCHAR
*
argv[])
{
HANDLE hProces
=
GetQQProcess() ;
if
(hProces
==
NULL)
cout
<<
"
No run QQ!
"
<<
endl;
string
strQQ;
SeachQQNumber(hProces,strQQ);
cout
<<
strQQ
<<
endl;
system(
"
pause
"
);
return
0
;
}
bool
SeachQQNumber(HANDLE _hProcess,
string
&
strQQ)
{
SuspendThread(_hProcess);
DWORD dwBaseAddress;
MEMORY_BASIC_INFORMATION mbi;
char
process_mem[
4096
]
=
{
0
}
;
DWORD number_of_bytes_read
=
0
;
SYSTEM_INFO si;
GetSystemInfo(
&
si);
dwBaseAddress
=
(DWORD)si.lpMinimumApplicationAddress;
while
(dwBaseAddress
<
(DWORD)si.lpMaximumApplicationAddress)
{
mbi.BaseAddress
=
(LPVOID)dwBaseAddress;
VirtualQueryEx(_hProcess, (LPVOID)dwBaseAddress,
&
mbi,
sizeof
(mbi));
dwBaseAddress
=
(DWORD)mbi.BaseAddress
+
mbi.RegionSize;
if
(mbi.State
!=
MEM_COMMIT
||
mbi.AllocationProtect
!=
PAGE_READWRITE)
//
跳过未分配或不可读写的区域
{
continue
;
}
//
搜索
for
(DWORD i
=
(DWORD)mbi.BaseAddress; i
<
dwBaseAddress; i
+=
4096
)
{
if
(
!
ReadProcessMemory(_hProcess,LPCVOID(i),process_mem,
4096
,
&
number_of_bytes_read))
break
;
for
(
int
j
=
0
;j
<
4096
-
9
;j
++
)
{
if
(
!
memcmp(
&
process_mem[j],
"
\\MsgEx.db
"
,
9
) )
{
//
printf("begin\n");
for
(
int
k
=
j
-
1
; k
>
j
-
12
; k
--
)
{
if
(process_mem[k]
>=
'
0
'
&&
process_mem[k]
<=
'
9
'
)
{
strQQ
=
process_mem[k]
+
strQQ;
}
else
break
;
}
if
(strQQ.length())
{
ResumeThread(_hProcess);
return
true
;
}
}
}
}
}
ResumeThread(_hProcess);
return
false
;
}
HANDLE GetQQProcess()
{
PROCESSENTRY32 pe;
pe.dwSize
=
sizeof
(PROCESSENTRY32);
HANDLE hSnapshot
=
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,
0
);
Process32First(hSnapshot,
&
pe);
do
{
if
(
!
_tcsicmp(pe.szExeFile,_T(
"
qq.exe
"
)))
{
CloseHandle(hSnapshot);
return
OpenProcess(PROCESS_ALL_ACCESS,FALSE,pe.th32ProcessID);
}
pe.dwSize
=
sizeof
(PROCESSENTRY32);
}
while
(Process32Next(hSnapshot,
&
pe));
CloseHandle(hSnapshot);
return
NULL;
}