├── .gitignore
├── .idea
├── .gitignore
├── test1.iml
├── vcs.xml
├── misc.xml
└── modules.xml
├── CMakeLists.txt
├── README.md
└── main.cpp
/.gitignore:
--------------------------------------------------------------------------------
1 | # Project exclude paths
2 | /cmake-build-debug/
--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /workspace.xml
--------------------------------------------------------------------------------
/.idea/test1.iml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.15)
2 | project(test1)
3 |
4 | set(CMAKE_CXX_STANDARD 14)
5 |
6 | add_executable(test1 main.cpp)
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Android-Mem-Edit
2 | 基于Linux内核,安卓应用进程,内存修改工具
3 |
4 | 主要思路流程:
5 |
6 | 1.根据/ proc / pid / maps文件获取到相应的pid的内存页的分配
7 |
8 | 2.使用读取内存页的开始地址
9 |
10 | 3.利用pread / pwrite进行内存地址的读取和修改
11 |
12 | 4.linux内核中采用的是虚拟内存进行映射(类似django中的数据库映射)ORM。
13 |
14 | # 2020-1-13更新:
15 | 1.以GG修改器作为示例,完善了一次联合搜索数值的示例
16 |
17 | 2.增加可自由选择修改的内存地址数量
18 |
19 |
20 | # 2020-1-10更新:
21 | 1.上线内存插件,主要用于安卓程序的内存修改(类似GG修改器,金山游侠等)
22 |
23 | 2.支持联合搜索
24 |
25 |
26 | # 近期完善:
27 | 1.偏移搜索
28 |
29 | 2.代码注入(实现修改内存保护机制)
30 |
31 | # 调用方式:
32 |
33 | 1.将 `main.cpp` 写为 `.h` 头文件,添加到Android studio 项目中的 `src-cpp` 目录下,利用jni调用C
34 |
35 |
--------------------------------------------------------------------------------
/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include "stdarg.h"
10 | #include
11 | #include
12 | //1.定义搜索范围
13 | //2.定义搜索方式-偏移/类似gg范围/mprotect直接直接注入式搜索
14 | //3.确定要搜索的数值类型
15 | //4.确定要搜索的数值
16 |
17 |
18 |
19 | using namespace std;
20 |
21 | struct MemoryAddressRange{
22 | long int Begin_address;
23 | long int End_address;
24 | struct MemoryAddressRange *next;
25 | };
26 |
27 | struct MemoryAddressFromSearch{
28 | long int Address;
29 | struct MemoryAddressFromSearch *next;
30 | };
31 |
32 |
33 | #define MemoryAddress_Size sizeof(struct MemoryAddressRange)
34 | #define MemoryAddressFromSearch_Size sizeof(struct MemoryAddressFromSearch)
35 | #define PageNum 33
36 |
37 |
38 | typedef struct MemoryAddressRange *MAR;
39 | typedef struct MemoryAddressFromSearch *MAFS;
40 | //c++不用unsigned,因为gg中可以搜索负数
41 | typedef char BYTE;
42 | typedef short WORD;
43 |
44 | typedef char PACKAGENAME;
45 |
46 | typedef long DWORD;
47 |
48 |
49 |
50 |
51 | int buff[1024];
52 | float buff1[1024];
53 | double buff2[1024];
54 | WORD buff3[1024];
55 | BYTE buff4[1024];
56 |
57 |
58 |
59 |
60 | //---------------------------------------------函数声明-----------------------------------------------------
61 |
62 | //-----------------------------1.Tools区-------------------------------
63 |
64 | //打印文字
65 | void print(string a){
66 | cout << a << endl;
67 | }
68 | //char转换double
69 | double sqrt(double sum,int i);
70 | double hexToDec(char *str);
71 | //用来释放链表中申请的内存空间
72 | void ClearMyList(MAR *ppHeadNode)
73 | {
74 | MAR pListNodeTmp = NULL;
75 | if((*ppHeadNode) == NULL)
76 | {
77 | print("The list is empty, no need to clear.\n");
78 | return;
79 | }
80 |
81 | // 循环释放链表中的结点所占内存,清空结束后
82 | while((*ppHeadNode)->next != NULL)
83 | {
84 | pListNodeTmp = (*ppHeadNode)->next;
85 | free((*ppHeadNode));
86 | (*ppHeadNode) = pListNodeTmp;
87 | }
88 |
89 | // 清除最后一个结点
90 | if((*ppHeadNode) != NULL)
91 | {
92 | free((*ppHeadNode));
93 | (*ppHeadNode) = NULL;
94 | }
95 | print("The list is cleared.\n");
96 | }
97 | //获得链表节点
98 | int GetListNodeLen(MAFS m_pHead)
99 | {
100 | if (m_pHead == NULL)
101 | {
102 | return 0;
103 | }
104 |
105 | MAFS pTemp = m_pHead;
106 | int aListLen = 0;
107 | while(pTemp != NULL) //判断当前节点指针是否为空
108 | {
109 | aListLen ++;
110 | pTemp = pTemp->next;
111 | }
112 | return aListLen;
113 | }
114 | //打印链表--会自动清除链表
115 | void Print_Linked_list_MAR(MAR HEAD){
116 | MAR pointer = HEAD;
117 | while(pointer){
118 | cout << (*pointer).Begin_address << ":::" << (*pointer).End_address << endl;
119 | pointer = (*pointer).next;
120 | }
121 | ClearMyList((MAR*)pointer);
122 | free(pointer);
123 | }
124 | //打印链表--会自动清除链表
125 | void Print_Linked_list_MAFS(MAFS HEAD){
126 | MAFS pointer = HEAD;
127 | while(pointer){
128 | cout << (*pointer).Address << endl;
129 | pointer = (*pointer).next;
130 | }
131 | ClearMyList((MAR*)pointer);
132 | free(pointer);
133 | }
134 | //String转换char类型
135 | void String_To_Char(char valueChar[], const string &value);
136 | //获取除去最后一位的前面的数值
137 | string SplitString_CutLastcChar(char YourString[]);
138 | //根据~分割
139 | string mySplit_Result(char str[],int flag);
140 | //链表合并:合并la、lb到lc
141 | void MergeLinkList_LL(MAFS &LA, MAFS &LB, MAFS &LC);
142 |
143 |
144 | //-----------------------------2.功能区-------------------------------
145 |
146 | //获取包名对应得PID(需要root权限)
147 | int getPID(PACKAGENAME *PackageName);
148 | //根据PID停止某个应用
149 | int StopPID(int pid);
150 | //根据PID恢复被停止得应用
151 | int ResetFromStopPID(int pid);
152 |
153 | //-----------------------------3.内存修改-------------------------------
154 | //设置内存范围
155 | MAR SetMemorySearchRange(int type,int pid);
156 |
157 | //----------------------联合搜索-------------------------------
158 |
159 | //联合搜索(首次)
160 | //传入搜索得value数值,要修改得范围类型,valueType
161 | MAFS UnionSearch_First(int Rangetype,int pid,string value,int ValueType);
162 | //联合搜索(二次~N次过滤)
163 | MAFS UnionSearch_Filter_value(MAFS Head,int pid,string value,int ValueType);
164 | MAFS UnionSearch_Filter_Rangevalue(MAFS Head,int pid,string value,int ValueType);
165 |
166 |
167 |
168 | //---------------------------------------------内存范围设定-----------------------------------------------------
169 |
170 | //----确定搜索的内存范围
171 | //type:分别对应数字:0-11
172 | // all: 所有内存
173 | // B_BAD B/v内存
174 | // V v内存
175 | // C_ALLOC CA内存
176 | // C_BSS CB内存
177 | // C_DATA CD内存
178 | // C_HEAP CH内存
179 | // JAVA_HEAP JH内存
180 | // A_ANONMYOURS A内存
181 | // CODE_SYSTEM Xs内存
182 | // STACK S内存
183 | // ASHMEM AS内存
184 |
185 | //所有的话搜索太慢了,几分钟都出不来结果!后期考虑去除
186 | MAR Read_Maps_Ruturn_MAR_all(int pid)
187 | {
188 | MAR HEAD = nullptr;
189 | MAR Begin = nullptr;
190 | MAR End = nullptr;
191 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
192 |
193 | FILE *fp;
194 | int i = 0,flag=1;
195 | char lj[64], buff[256];
196 |
197 | sprintf(lj, "/proc/%d/maps", pid);
198 | fp = fopen(lj, "r");
199 | if (fp == NULL)
200 | {
201 | puts("分析失败");
202 | return NULL;
203 | }
204 | while (!feof(fp))
205 | {
206 | fgets(buff,sizeof(buff),fp);//读取一行
207 | if (strstr(buff, "rw") != NULL)//strstr:字符匹配
208 | {
209 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
210 | //这里使用lx是为了能成功读取特别长的地址
211 | flag=1;
212 | }
213 | else
214 | {
215 | flag=0;
216 | }
217 | if (flag==1)
218 | {
219 | i++;
220 | if (i==1)
221 | {
222 | End->next=nullptr;
223 | Begin = End;
224 | HEAD = Begin;
225 | }
226 | else
227 | {
228 | End->next = nullptr;
229 | Begin->next = End;
230 | Begin = End;
231 | }
232 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
233 | }
234 | }
235 | free(End);//将多余的空间释放
236 | fclose(fp);//关闭文件指针
237 | return HEAD;
238 | }
239 | MAR Read_Maps_Ruturn_MAR_B(int pid)
240 | {
241 | MAR HEAD = nullptr;
242 | MAR Begin = nullptr;
243 | MAR End = nullptr;
244 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
245 |
246 | FILE *fp;
247 | int i = 0,flag=1;
248 | char lj[64], buff[256];
249 |
250 | sprintf(lj, "/proc/%d/maps", pid);
251 | fp = fopen(lj, "r");
252 | if (fp == NULL)
253 | {
254 | puts("分析失败");
255 | return NULL;
256 | }
257 | while (!feof(fp))
258 | {
259 | fgets(buff,sizeof(buff),fp);//读取一行
260 | if (strstr(buff, "rw") != NULL && strstr(buff,"/system/fonts") != NULL)
261 | {
262 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
263 | //这里使用lx是为了能成功读取特别长的地址
264 | flag=1;
265 | }
266 | else
267 | {
268 | flag=0;
269 | }
270 | if (flag==1)
271 | {
272 | i++;
273 | if (i==1)
274 | {
275 | End->next=nullptr;
276 | Begin = End;
277 | HEAD = Begin;
278 | }
279 | else
280 | {
281 | End->next = nullptr;
282 | Begin->next = End;
283 | Begin = End;
284 | }
285 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
286 | }
287 | }
288 | free(End);//将多余的空间释放
289 | fclose(fp);//关闭文件指针
290 | return HEAD;
291 | }
292 | MAR Read_Maps_Ruturn_MAR_V(int pid)
293 | {
294 | MAR HEAD = nullptr;
295 | MAR Begin = nullptr;
296 | MAR End = nullptr;
297 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
298 |
299 | FILE *fp;
300 | int i = 0,flag=1;
301 | char lj[64], buff[256];
302 |
303 | sprintf(lj, "/proc/%d/maps", pid);
304 | fp = fopen(lj, "r");
305 | if (fp == NULL)
306 | {
307 | puts("分析失败");
308 | return NULL;
309 | }
310 | while (!feof(fp))
311 | {
312 | fgets(buff,sizeof(buff),fp);//读取一行
313 | if (strstr(buff, "rw") != NULL && strstr(buff,"/dev/kgsl-3d0") != NULL)
314 | {
315 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
316 | //这里使用lx是为了能成功读取特别长的地址
317 | flag=1;
318 | }
319 | else
320 | {
321 | flag=0;
322 | }
323 | if (flag==1)
324 | {
325 | i++;
326 | if (i==1)
327 | {
328 | End->next=nullptr;
329 | Begin = End;
330 | HEAD = Begin;
331 | }
332 | else
333 | {
334 | End->next = nullptr;
335 | Begin->next = End;
336 | Begin = End;
337 | }
338 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
339 | }
340 | }
341 | free(End);//将多余的空间释放
342 | fclose(fp);//关闭文件指针
343 | return HEAD;
344 | }
345 | MAR Read_Maps_Ruturn_MAR_Ca(int pid)
346 | {
347 | MAR HEAD = nullptr;
348 | MAR Begin = nullptr;
349 | MAR End = nullptr;
350 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
351 |
352 | FILE *fp;
353 | int i = 0,flag=1;
354 | char lj[64], buff[256];
355 |
356 | sprintf(lj, "/proc/%d/maps", pid);
357 | fp = fopen(lj, "r");
358 | if (fp == NULL)
359 | {
360 | puts("分析失败");
361 | return NULL;
362 | }
363 | while (!feof(fp))
364 | {
365 | fgets(buff,sizeof(buff),fp);//读取一行
366 | if (strstr(buff, "rw") != NULL && strstr(buff,"[anon:libc_malloc]") != NULL)
367 | {
368 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
369 | //这里使用lx是为了能成功读取特别长的地址
370 | flag=1;
371 | }
372 | else
373 | {
374 | flag=0;
375 | }
376 | if (flag==1)
377 | {
378 | i++;
379 | if (i==1)
380 | {
381 | End->next=nullptr;
382 | Begin = End;
383 | HEAD = Begin;
384 | }
385 | else
386 | {
387 | End->next = nullptr;
388 | Begin->next = End;
389 | Begin = End;
390 | }
391 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
392 | }
393 | }
394 | free(End);//将多余的空间释放
395 | fclose(fp);//关闭文件指针
396 | return HEAD;
397 | }
398 | MAR Read_Maps_Ruturn_MAR_Cb(int pid)
399 | {
400 | MAR HEAD = nullptr;
401 | MAR Begin = nullptr;
402 | MAR End = nullptr;
403 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
404 |
405 | FILE *fp;
406 | int i = 0,flag=1;
407 | char lj[64], buff[256];
408 |
409 | sprintf(lj, "/proc/%d/maps", pid);
410 | fp = fopen(lj, "r");
411 | if (fp == NULL)
412 | {
413 | puts("分析失败");
414 | return NULL;
415 | }
416 | while (!feof(fp))
417 | {
418 | fgets(buff,sizeof(buff),fp);//读取一行
419 | if (strstr(buff, "rw") != NULL && strstr(buff,"[anon:.bss]") != NULL)
420 | {
421 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
422 | //这里使用lx是为了能成功读取特别长的地址
423 | flag=1;
424 | }
425 | else
426 | {
427 | flag=0;
428 | }
429 | if (flag==1)
430 | {
431 | i++;
432 | if (i==1)
433 | {
434 | End->next=nullptr;
435 | Begin = End;
436 | HEAD = Begin;
437 | }
438 | else
439 | {
440 | End->next = nullptr;
441 | Begin->next = End;
442 | Begin = End;
443 | }
444 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
445 | }
446 | }
447 | free(End);//将多余的空间释放
448 | fclose(fp);//关闭文件指针
449 | return HEAD;
450 | }
451 | MAR Read_Maps_Ruturn_MAR_Cd(int pid)
452 | {
453 | MAR HEAD = nullptr;
454 | MAR Begin = nullptr;
455 | MAR End = nullptr;
456 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
457 |
458 | FILE *fp;
459 | int i = 0,flag=1;
460 | char lj[64], buff[256];
461 |
462 | sprintf(lj, "/proc/%d/maps", pid);
463 | fp = fopen(lj, "r");
464 | if (fp == NULL)
465 | {
466 | puts("分析失败");
467 | return NULL;
468 | }
469 | while (!feof(fp))
470 | {
471 | fgets(buff,sizeof(buff),fp);//读取一行
472 | if (strstr(buff, "rw") != NULL && strstr(buff,"/data/") != NULL)
473 | {
474 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
475 | //这里使用lx是为了能成功读取特别长的地址
476 | flag=1;
477 | }
478 | else
479 | {
480 | flag=0;
481 | }
482 | if (flag==1)
483 | {
484 | i++;
485 | if (i==1)
486 | {
487 | End->next=nullptr;
488 | Begin = End;
489 | HEAD = Begin;
490 | }
491 | else
492 | {
493 | End->next = nullptr;
494 | Begin->next = End;
495 | Begin = End;
496 | }
497 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
498 | }
499 | }
500 | free(End);//将多余的空间释放
501 | fclose(fp);//关闭文件指针
502 | return HEAD;
503 | }
504 | MAR Read_Maps_Ruturn_MAR_Ch(int pid)
505 | {
506 | MAR HEAD = nullptr;
507 | MAR Begin = nullptr;
508 | MAR End = nullptr;
509 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
510 |
511 | FILE *fp;
512 | int i = 0,flag=1;
513 | char lj[64], buff[256];
514 |
515 | sprintf(lj, "/proc/%d/maps", pid);
516 | fp = fopen(lj, "r");
517 | if (fp == NULL)
518 | {
519 | puts("分析失败");
520 | return NULL;
521 | }
522 | while (!feof(fp))
523 | {
524 | fgets(buff,sizeof(buff),fp);//读取一行
525 | if (strstr(buff, "rw") != NULL && strstr(buff,"[heap]") != NULL)
526 | {
527 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
528 | //这里使用lx是为了能成功读取特别长的地址
529 | flag=1;
530 | }
531 | else
532 | {
533 | flag=0;
534 | }
535 | if (flag==1)
536 | {
537 | i++;
538 | if (i==1)
539 | {
540 | End->next=nullptr;
541 | Begin = End;
542 | HEAD = Begin;
543 | }
544 | else
545 | {
546 | End->next = nullptr;
547 | Begin->next = End;
548 | Begin = End;
549 | }
550 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
551 | }
552 | }
553 | free(End);//将多余的空间释放
554 | fclose(fp);//关闭文件指针
555 | return HEAD;
556 | }
557 | MAR Read_Maps_Ruturn_MAR_jh(int pid)
558 | {
559 | MAR HEAD = nullptr;
560 | MAR Begin = nullptr;
561 | MAR End = nullptr;
562 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
563 |
564 | FILE *fp;
565 | int i = 0,flag=1;
566 | char lj[64], buff[256];
567 |
568 | sprintf(lj, "/proc/%d/maps", pid);
569 | fp = fopen(lj, "r");
570 | if (fp == NULL)
571 | {
572 | puts("分析失败");
573 | return NULL;
574 | }
575 | while (!feof(fp))
576 | {
577 | fgets(buff,sizeof(buff),fp);//读取一行
578 | if (strstr(buff, "rw") != NULL && strstr(buff,"/dev/ashmem/") != NULL)
579 | {
580 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
581 | //这里使用lx是为了能成功读取特别长的地址
582 | flag=1;
583 | }
584 | else
585 | {
586 | flag=0;
587 | }
588 | if (flag==1)
589 | {
590 | i++;
591 | if (i==1)
592 | {
593 | End->next=nullptr;
594 | Begin = End;
595 | HEAD = Begin;
596 | }
597 | else
598 | {
599 | End->next = nullptr;
600 | Begin->next = End;
601 | Begin = End;
602 | }
603 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
604 | }
605 | }
606 | free(End);//将多余的空间释放
607 | fclose(fp);//关闭文件指针
608 | return HEAD;
609 | }
610 | MAR Read_Maps_Ruturn_MAR_A(int pid)
611 | {
612 | MAR HEAD = nullptr;
613 | MAR Begin = nullptr;
614 | MAR End = nullptr;
615 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
616 |
617 | FILE *fp;
618 | int i = 0,flag=1;
619 | char lj[64], buff[256];
620 |
621 | sprintf(lj, "/proc/%d/maps", pid);
622 | fp = fopen(lj, "r");
623 | if (fp == NULL)
624 | {
625 | puts("分析失败");
626 | return NULL;
627 | }
628 | while (!feof(fp))
629 | {
630 | fgets(buff,sizeof(buff),fp);//读取一行
631 | if (strstr(buff, "rw") != NULL && strlen(buff) < 42)
632 | {
633 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
634 | //这里使用lx是为了能成功读取特别长的地址
635 | flag=1;
636 | }
637 | else
638 | {
639 | flag=0;
640 | }
641 | if (flag==1)
642 | {
643 | i++;
644 | if (i==1)
645 | {
646 | End->next=nullptr;
647 | Begin = End;
648 | HEAD = Begin;
649 | }
650 | else
651 | {
652 | End->next = nullptr;
653 | Begin->next = End;
654 | Begin = End;
655 | }
656 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
657 | }
658 | }
659 | free(End);//将多余的空间释放
660 | fclose(fp);//关闭文件指针
661 | return HEAD;
662 | }
663 | MAR Read_Maps_Ruturn_MAR_Xs(int pid)
664 | {
665 | MAR HEAD = nullptr;
666 | MAR Begin = nullptr;
667 | MAR End = nullptr;
668 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
669 |
670 | FILE *fp;
671 | int i = 0,flag=1;
672 | char lj[64], buff[256];
673 |
674 | sprintf(lj, "/proc/%d/maps", pid);
675 | fp = fopen(lj, "r");
676 | if (fp == NULL)
677 | {
678 | puts("分析失败");
679 | return NULL;
680 | }
681 | while (!feof(fp))
682 | {
683 | fgets(buff,sizeof(buff),fp);//读取一行
684 | if (strstr(buff, "rw") != NULL && strstr(buff,"/system") != NULL)
685 | {
686 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
687 | //这里使用lx是为了能成功读取特别长的地址
688 | flag=1;
689 | }
690 | else
691 | {
692 | flag=0;
693 | }
694 | if (flag==1)
695 | {
696 | i++;
697 | if (i==1)
698 | {
699 | End->next=nullptr;
700 | Begin = End;
701 | HEAD = Begin;
702 | }
703 | else
704 | {
705 | End->next = nullptr;
706 | Begin->next = End;
707 | Begin = End;
708 | }
709 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
710 | }
711 | }
712 | free(End);//将多余的空间释放
713 | fclose(fp);//关闭文件指针
714 | return HEAD;
715 | }
716 | MAR Read_Maps_Ruturn_MAR_S(int pid)
717 | {
718 | MAR HEAD = nullptr;
719 | MAR Begin = nullptr;
720 | MAR End = nullptr;
721 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
722 |
723 | FILE *fp;
724 | int i = 0,flag=1;
725 | char lj[64], buff[256];
726 |
727 | sprintf(lj, "/proc/%d/maps", pid);
728 | fp = fopen(lj, "r");
729 | if (fp == NULL)
730 | {
731 | puts("分析失败");
732 | return NULL;
733 | }
734 | while (!feof(fp))
735 | {
736 | fgets(buff,sizeof(buff),fp);//读取一行
737 | if (strstr(buff, "rw") != NULL && strstr(buff,"[stack]") != NULL)
738 | {
739 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
740 | //这里使用lx是为了能成功读取特别长的地址
741 | flag=1;
742 | }
743 | else
744 | {
745 | flag=0;
746 | }
747 | if (flag==1)
748 | {
749 | i++;
750 | if (i==1)
751 | {
752 | End->next=nullptr;
753 | Begin = End;
754 | HEAD = Begin;
755 | }
756 | else
757 | {
758 | End->next = nullptr;
759 | Begin->next = End;
760 | Begin = End;
761 | }
762 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
763 | }
764 | }
765 | free(End);//将多余的空间释放
766 | fclose(fp);//关闭文件指针
767 | return HEAD;
768 | }
769 | MAR Read_Maps_Ruturn_MAR_As(int pid)
770 | {
771 | MAR HEAD = nullptr;
772 | MAR Begin = nullptr;
773 | MAR End = nullptr;
774 | HEAD = Begin = End = (MAR)malloc(MemoryAddress_Size);
775 |
776 | FILE *fp;
777 | int i = 0,flag=1;
778 | char lj[64], buff[256];
779 |
780 | sprintf(lj, "/proc/%d/maps", pid);
781 | fp = fopen(lj, "r");
782 | if (fp == NULL)
783 | {
784 | puts("分析失败");
785 | return NULL;
786 | }
787 | while (!feof(fp))
788 | {
789 | fgets(buff,sizeof(buff),fp);//读取一行
790 | if (strstr(buff, "rw") != NULL && strstr(buff,"/dev/ashmem/") != NULL && !strstr(buff,"dalvik"))
791 | {
792 | sscanf(buff, "%lx-%lx", &End->Begin_address, &End->End_address);
793 | //这里使用lx是为了能成功读取特别长的地址
794 | flag=1;
795 | }
796 | else
797 | {
798 | flag=0;
799 | }
800 | if (flag==1)
801 | {
802 | i++;
803 | if (i==1)
804 | {
805 | End->next=nullptr;
806 | Begin = End;
807 | HEAD = Begin;
808 | }
809 | else
810 | {
811 | End->next = nullptr;
812 | Begin->next = End;
813 | Begin = End;
814 | }
815 | End = (MAR)malloc(MemoryAddress_Size);//不重新分配会导致链表无法串起
816 | }
817 | }
818 | free(End);//将多余的空间释放
819 | fclose(fp);//关闭文件指针
820 | return HEAD;
821 | }
822 |
823 | //返回的是一个存储了各个内存范围的maps链表
824 | MAR SetMemorySearchRange(int type,int pid){
825 | MAR HEAD = nullptr;
826 |
827 | switch(type){
828 | case 0:
829 | HEAD = Read_Maps_Ruturn_MAR_all(pid);
830 | return HEAD;
831 | case 1:
832 | HEAD = Read_Maps_Ruturn_MAR_B(pid);
833 | return HEAD;
834 | case 2:
835 | HEAD = Read_Maps_Ruturn_MAR_V(pid);
836 | return HEAD;
837 | case 3:
838 | HEAD = Read_Maps_Ruturn_MAR_Ca(pid);
839 | return HEAD;
840 | case 4:
841 | HEAD = Read_Maps_Ruturn_MAR_Cb(pid);
842 | return HEAD;
843 | case 5:
844 | HEAD = Read_Maps_Ruturn_MAR_Cd(pid);
845 | return HEAD;
846 | case 6:
847 | HEAD = Read_Maps_Ruturn_MAR_Ch(pid);
848 | return HEAD;
849 | case 7:
850 | HEAD = Read_Maps_Ruturn_MAR_jh(pid);
851 | return HEAD;
852 | case 8:
853 | HEAD = Read_Maps_Ruturn_MAR_A(pid);
854 | return HEAD;
855 | case 9:
856 | HEAD = Read_Maps_Ruturn_MAR_Xs(pid);
857 | return HEAD;
858 | case 10:
859 | HEAD = Read_Maps_Ruturn_MAR_S(pid);
860 | return HEAD;
861 | case 11:
862 | HEAD = Read_Maps_Ruturn_MAR_As(pid);
863 | return HEAD;
864 |
865 | }
866 |
867 | return HEAD;
868 | }
869 |
870 | //--------------------------------------------------------------------------------------------------
871 |
872 |
873 | //获取进程pid需要在linux系统下,Clion下不测试了
874 | int getPID(PACKAGENAME *PackageName)
875 | {
876 | DIR *dir=NULL;
877 | struct dirent *ptr=NULL;
878 | FILE *fp=NULL;
879 | char filepath[256]; // 大小随意,能装下cmdline文件的路径即可
880 | char filetext[128]; // 大小随意,能装下要识别的命令行文本即可
881 | dir = opendir("/proc"); // 打开路径
882 | if (NULL != dir)
883 | {
884 | while ((ptr = readdir(dir)) != NULL) // 循环读取路径下的每一个文件/文件夹
885 | {
886 | // 如果读取到的是"."或者".."则跳过,读取到的不是文件夹名字也跳过
887 | if ((strcmp(ptr->d_name, ".") == 0) || (strcmp(ptr->d_name, "..") == 0))
888 | continue;
889 | if (ptr->d_type != DT_DIR)
890 | continue;
891 | sprintf(filepath, "/proc/%s/cmdline", ptr->d_name); // 生成要读取的文件的路径
892 | fp = fopen(filepath, "r"); // 打开文件
893 | if (NULL != fp)
894 | {
895 | fgets(filetext,sizeof(filetext),fp); // 读取文件
896 | if (strcmp(filetext,PackageName)==0)
897 | {
898 | //puts(filepath);
899 | //printf("packagename:%s\n",filetext);
900 | break;
901 | }
902 | fclose(fp);
903 | }
904 | }
905 | }
906 | if (readdir(dir) == NULL)
907 | {
908 | //puts("Get pid fail");
909 | return 0;
910 | }
911 | closedir(dir); // 关闭路径
912 | return atoi(ptr->d_name);
913 | }
914 |
915 | //--------------------------------------------------------------------------------------------------
916 |
917 |
918 | //联合搜索
919 | //这种方法已经放弃
920 | void FirstSearch(std::initializer_list il)
921 | {
922 | // c_str:string转char
923 | for (auto s:il)
924 | {
925 |
926 | if (strstr(s.c_str(),"D") != NULL){
927 | cout << "your search num is DWORD" << endl;
928 | }else if(strstr(s.c_str(),"F") != NULL){
929 | cout << "your search num is float" << endl;
930 | }else if(strstr(s.c_str(),"E") != NULL){
931 | cout << "your search num is double" << endl;
932 | }else if(strstr(s.c_str(),"W") != NULL){
933 | cout << "your search num is Word" << endl;
934 | }else if(strstr(s.c_str(),"B") != NULL) {
935 | cout << "your search num is Byte" << endl;
936 | }else if(strstr(s.c_str(),"~") != NULL){
937 | cout << "your search num is RangeValue" << endl;
938 | }else{
939 | cout << "please Input value_style" << endl;
940 | }
941 | // cout << s << endl;
942 | }
943 | }
944 |
945 | //--------------------------------------------------------------------------------------------------
946 |
947 | //分割范围搜索的范围数值
948 | void mySplit(const string& inStr, vector& outStr,char *split)
949 | {
950 | /*此代码之下为切割*/
951 | //char *split = "+-";//23+86-6+37+24-8-13
952 |
953 | //string转char *。c_str()是string转const char *
954 | char *tempStr = new char[inStr.size()];
955 | //#pragma warning(disable:4996)
956 | inStr.copy(tempStr, inStr.size(), 0); //这里5,代表复制几个字符,0代表复制的位置
957 | *(tempStr + inStr.size()) = '\0'; //要手动加上结束符
958 |
959 | char *p2 = strtok(tempStr, split);
960 | while (p2 != NULL)
961 | {
962 | outStr.push_back(p2);
963 | //cout << p2 << endl;
964 | p2 = strtok(NULL, split);
965 | }
966 | /*此代码之上为切割*/
967 | }
968 | //根据~分割
969 | string mySplit_Result(char str[],int flag){
970 | string str_new = str;
971 | string str1 = "~";
972 | vector outStr;
973 | char* chr1 = const_cast(str1.c_str());
974 | mySplit(str, outStr, chr1);
975 | if(flag == 0){
976 | return outStr[0];
977 |
978 | } else if (flag == 1){
979 | return outStr[1];
980 | }else{
981 | return NULL;
982 | }
983 |
984 |
985 | }
986 | //获取除去最后一位的前面的数值
987 | string SplitString_CutLastcChar(char YourString[]){
988 | int len = strlen(YourString);
989 | string str = YourString;
990 | string newstr = str.substr(0,len-1);
991 | return newstr;
992 | }
993 |
994 |
995 |
996 | //--------------------------------------------------------------------------------------------------
997 |
998 | //暂停某个应用
999 | int StopPID(int pid)
1000 | {
1001 | char ml[64];
1002 | sprintf(ml,"kill -STOP %d",pid);
1003 | if (getuid() != 0)
1004 | {
1005 | system(ml);
1006 | exit(1);//退出没有root的进程
1007 | }
1008 | }
1009 | //恢复某个应用
1010 | int ResetFromStopPID(int pid)
1011 | {
1012 | char ml[64];
1013 | sprintf(ml,"kill -CONT %d",pid);
1014 | if (getuid() != 0)
1015 | {
1016 | system(ml);
1017 | exit(1);//退出没有root的进程
1018 | }
1019 | }
1020 |
1021 |
1022 |
1023 |
1024 | //-----------------------------------------------链表合并---------------------------------------------------
1025 | //链表合并:合并la、lb到lc
1026 | void MergeLinkList_LL(MAFS &LA, MAFS &LB, MAFS &LC) {
1027 | MAFS pa, pb, pc; // 定义三个链表
1028 | pa = LA->next; // pa指向LA指针
1029 | pb = LB->next; // pb指向LB指针
1030 | LC = LA; // 用La的头结点作为LC头结点
1031 | pc = LC; // pc的初值指向LC的头结点
1032 |
1033 | while (pa && pb) { //链表不为空
1034 | if (pa->Address <= pb->Address) //先放小的数据
1035 | {
1036 | pc->next = pa; //pc的next指向pa
1037 | pc = pa; //pc指向pa
1038 | pa = pa->next; //pa指向pa的next
1039 | }
1040 | else
1041 | {
1042 | pc->next = pb; //pc的next指向pb
1043 | pc = pb; //pc指向pb
1044 | pb = pb->next; //pa指向pb的next
1045 | }
1046 | }
1047 | pc->next = pa ? pa : pb; // 插入非空表的剩余段
1048 | delete LB;
1049 | }
1050 | //本人clion编译器版本会莫名其妙错误输出最后一个值
1051 | MAFS add(MAFS heada,MAFS p0)
1052 | {
1053 | MAFS p1,p2;
1054 | p1 = heada;
1055 | while(/*p1->next!=NULL*/p1!=NULL && p1->AddressAddress) {
1056 | p2 = p1;
1057 | p1 = p1->next;
1058 | }
1059 | if(p1 == heada) {
1060 | heada = p0;
1061 | p0->next = p1;
1062 | }else {
1063 | if(p2->next != NULL) {
1064 | // p2->next = p0;
1065 | // p0->next = p1; /*顺序不要搞错*/
1066 | p0->next = p1;
1067 | p2->next = p0;
1068 | }else {
1069 | p2->next = p0;
1070 | p0->next = NULL;
1071 | }
1072 | }
1073 | return heada;
1074 | }
1075 | MAFS mergeTwoListsV2(MAFS TEST1, MAFS TEST2)
1076 | {
1077 | MAFS p0,p;
1078 | do {
1079 | p0 = (MAFS)malloc(sizeof(MemoryAddressFromSearch_Size));
1080 | p0->Address = TEST2->Address;
1081 | p = add(TEST1, p0);
1082 | TEST2 = TEST2->next;
1083 | } while(TEST2);
1084 | return p;
1085 | }
1086 |
1087 |
1088 | //-----------------------------------------------内存搜索---------------------------------------------------
1089 | //1.联合搜索
1090 | //ValueType:
1091 | // 0.Dword-4字节
1092 | // 1.float-4字节
1093 | // 2.Double-8字节
1094 | // 3.Word-2字节
1095 | // 4.Byte-1字节
1096 | MAFS UnionSearch_First(int Rangetype,int pid,string value,int ValueType){
1097 | cout << "Begin Search" << endl;
1098 |
1099 | MAR Head = SetMemorySearchRange(Rangetype,pid);
1100 | print("GetMARHead-->OK");
1101 | MAFS Address_From_FirstSearch_End = nullptr;
1102 | MAFS Address_From_FirstSearch_Begin = nullptr;
1103 | MAFS Address_From_FirstSearch_Head = nullptr;
1104 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin = Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1105 | print("PREPARE1-->OK");
1106 | char valueChar[] = "";
1107 | String_To_Char(valueChar,value);
1108 | print("PREPARE2-->OK");
1109 | int num_count = 0;
1110 |
1111 | if (strstr(valueChar,"~")){
1112 | char value_From[] = "";
1113 | char value_To[] = "";
1114 |
1115 | string From_Value = mySplit_Result(valueChar,0);
1116 | string To_Value = mySplit_Result(valueChar,1);
1117 |
1118 | String_To_Char(value_From,From_Value);
1119 | String_To_Char(value_To,To_Value);
1120 |
1121 | int int_value_real_From,int_value_real_To;
1122 | float float_value_real_from,float_value_real_to;
1123 | double double_value_real_from,double_value_real_to;
1124 | WORD WORD_value_real_from,WORD_value_real_to;//需要转换int再转换char
1125 | BYTE BYTE_value_real_from,BYTE_value_real_to;//需要转化int再转换short
1126 |
1127 | switch (ValueType){
1128 | case 0:
1129 | int_value_real_From = atoi(value_From);
1130 | int_value_real_To = atoi(value_To);
1131 |
1132 | break;
1133 | case 1:
1134 | float_value_real_from = atof(value_From);
1135 | float_value_real_to = atof(value_To);
1136 | break;
1137 | case 2:
1138 | double_value_real_from = hexToDec(value_From);
1139 | double_value_real_to = hexToDec(value_To);
1140 | break;
1141 | case 3:
1142 | WORD_value_real_from = (WORD)atoi(value_From);
1143 | WORD_value_real_to = (WORD)atoi(value_To);
1144 | break;
1145 | case 4:
1146 | BYTE_value_real_from = (BYTE)atoi(value_From);
1147 | BYTE_value_real_to = (BYTE)atoi(value_To);
1148 | break;
1149 |
1150 | }
1151 |
1152 | char lj[] = "";
1153 | sprintf(lj,"/proc/%d/mem",pid);
1154 | int handle = open(lj,00000002);
1155 |
1156 |
1157 | if (ValueType == 0){
1158 | buff[1024] = {0};
1159 |
1160 | } else if (ValueType == 1){
1161 | buff1[1024] = {0};
1162 |
1163 | } else if (ValueType == 2){
1164 | buff2[1024] = {0};
1165 |
1166 | } else if (ValueType == 3){
1167 | buff3[1024] = {0};
1168 |
1169 | } else if (ValueType == 4){
1170 | buff4[1024] = {0};
1171 |
1172 | }
1173 |
1174 |
1175 | //pread=read+lseek,所以其实可以不用lseek
1176 | //clion中当前编译器的linux内核版本不支持pread64
1177 |
1178 | MAR pointer = Head;
1179 | int IsRight_address = 0;
1180 |
1181 | printf("BeginSearchValue");
1182 | while (pointer){
1183 | for (long int i = (*pointer).Begin_address; i <= (*pointer).End_address; i = i + 0x4) {
1184 | switch (ValueType){
1185 | case 0:
1186 | memset(buff,0,4);
1187 | pread64(handle,buff,4,i);
1188 | if (buff[0] >= int_value_real_From && buff[0] <= int_value_real_To){
1189 | IsRight_address = 1;
1190 | } else{
1191 | IsRight_address = 0;
1192 | }
1193 | break;
1194 | case 1:
1195 | memset(buff1,0,4);
1196 | pread64(handle,buff1,4,i);
1197 | if (buff1[0] >= float_value_real_from && buff1[0] <= float_value_real_to){
1198 | IsRight_address = 1;
1199 | }else{
1200 | IsRight_address = 0;
1201 | }
1202 | break;
1203 | case 2:
1204 | memset(buff2,0,8);
1205 | pread64(handle,buff2,8,i);
1206 | if (buff2[0] >= double_value_real_from && buff2[0] <= double_value_real_to){
1207 | IsRight_address = 1;
1208 | }else{
1209 | IsRight_address = 0;
1210 | }
1211 | break;
1212 | case 3:
1213 | memset(buff3,0,2);
1214 | pread64(handle,buff3,2,i);
1215 | if (buff3[0] >= WORD_value_real_from && buff3[0] <= WORD_value_real_to){
1216 | IsRight_address = 1;
1217 | }else{
1218 | IsRight_address = 0;
1219 | }
1220 | break;
1221 | case 4:
1222 | memset(buff4,0,1);
1223 | pread64(handle,buff4,1,i);
1224 | if (buff4[0] >= BYTE_value_real_from && buff4[0] <= BYTE_value_real_to){
1225 | IsRight_address = 1;
1226 | }else{
1227 | IsRight_address = 0;
1228 | }
1229 | break;
1230 | }
1231 | if (IsRight_address == 1){
1232 | Address_From_FirstSearch_End->Address = i;
1233 | print("address:");
1234 | cout << i << endl;
1235 | if (num_count == 0){
1236 | num_count ++;
1237 | Address_From_FirstSearch_End->next=nullptr;
1238 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
1239 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin;
1240 | } else{
1241 | num_count ++;
1242 | Address_From_FirstSearch_End->next = nullptr;
1243 | Address_From_FirstSearch_Begin->next = Address_From_FirstSearch_End;
1244 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
1245 | }
1246 | Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1247 |
1248 | }
1249 |
1250 | }
1251 | pointer = (*pointer).next;
1252 |
1253 | }
1254 | close(handle);
1255 | free(Address_From_FirstSearch_End);
1256 | return Address_From_FirstSearch_Head;
1257 |
1258 |
1259 |
1260 |
1261 |
1262 | }else{
1263 | char value_[] = "";
1264 |
1265 |
1266 | String_To_Char(value_,value);
1267 |
1268 |
1269 | int int_value_real;
1270 | float float_value_real;
1271 | double double_value_real;
1272 | WORD WORD_value_real;//需要转换int再转换char
1273 | BYTE BYTE_value_real;//需要转化int再转换short
1274 |
1275 | switch (ValueType){
1276 | case 0:
1277 | int_value_real = atoi(value_);
1278 | break;
1279 | case 1:
1280 | float_value_real = atof(value_);
1281 | break;
1282 | case 2:
1283 | double_value_real = hexToDec(value_);
1284 | break;
1285 | case 3:
1286 | WORD_value_real = (WORD)atoi(value_);
1287 | break;
1288 | case 4:
1289 | BYTE_value_real = (BYTE)atoi(value_);
1290 | break;
1291 |
1292 | }
1293 |
1294 | char lj[] = "";
1295 | sprintf(lj,"/proc/%d/mem",pid);
1296 | int handle = open(lj,00000002);
1297 |
1298 |
1299 | if (ValueType == 0){
1300 | buff[1024] = {0};
1301 |
1302 | } else if (ValueType == 1){
1303 | buff1[1024] = {0};
1304 |
1305 | } else if (ValueType == 2){
1306 | buff2[1024] = {0};
1307 |
1308 | } else if (ValueType == 3){
1309 | buff3[1024] = {0};
1310 |
1311 | } else if (ValueType == 4){
1312 | buff4[1024] = {0};
1313 |
1314 | }
1315 |
1316 |
1317 | //pread=read+lseek,所以其实可以不用lseek
1318 | //clion中当前编译器的linux内核版本不支持pread64
1319 |
1320 | MAR pointer = Head;
1321 | int IsRight_address = 0;
1322 |
1323 | // int int_value_real;
1324 | // float float_value_real;
1325 | // double double_value_real;
1326 | // WORD WORD_value_real;//需要转换int再转换char
1327 | // BYTE BYTE_value_real;//需要转化int再转换short
1328 | while (pointer){
1329 | for (long int i = (*pointer).Begin_address; i <= (*pointer).End_address; i = i + 0x4) {
1330 | switch (ValueType){
1331 | case 0:
1332 | memset(buff,0,4);
1333 | pread64(handle,buff,4,i);
1334 | if (buff[0] == int_value_real){
1335 | IsRight_address = 1;
1336 | } else{
1337 | IsRight_address = 0;
1338 | }
1339 | break;
1340 | case 1:
1341 | memset(buff1,0,4);
1342 | pread64(handle,buff1,4,i);
1343 | if (buff1[0] == float_value_real){
1344 | IsRight_address = 1;
1345 | }else{
1346 | IsRight_address = 0;
1347 | }
1348 | break;
1349 | case 2:
1350 |
1351 | memset(buff2,0,8);
1352 | pread64(handle,buff2,8,i);
1353 | if (buff2[0] == double_value_real){
1354 | IsRight_address = 1;
1355 | }else{
1356 | IsRight_address = 0;
1357 | }
1358 | break;
1359 | case 3:
1360 | memset(buff3,0,2);
1361 | pread64(handle,buff3,2,i);
1362 | if (buff3[0] == WORD_value_real){
1363 | IsRight_address = 1;
1364 | }else{
1365 | IsRight_address = 0;
1366 | }
1367 | break;
1368 | case 4:
1369 | memset(buff4,0,1);
1370 | pread64(handle,buff4,1,i);
1371 | if (buff4[0] == BYTE_value_real){
1372 | IsRight_address = 1;
1373 | }else{
1374 | IsRight_address = 0;
1375 | }
1376 | break;
1377 | }
1378 | if (IsRight_address == 1){
1379 | Address_From_FirstSearch_End->Address = i;
1380 | cout << i << endl;
1381 |
1382 |
1383 | if (num_count == 0){
1384 | num_count ++;
1385 | Address_From_FirstSearch_End->next=nullptr;
1386 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
1387 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin;
1388 | } else{
1389 | num_count ++;
1390 | Address_From_FirstSearch_End->next = nullptr;
1391 | Address_From_FirstSearch_Begin->next = Address_From_FirstSearch_End;
1392 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
1393 | }
1394 | Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1395 |
1396 | }
1397 |
1398 |
1399 | }
1400 | cout << "next" << endl;
1401 | pointer = (*pointer).next;
1402 | }
1403 | close(handle);
1404 | free(Address_From_FirstSearch_End);
1405 | return Address_From_FirstSearch_Head;
1406 | }
1407 | }
1408 | MAFS UnionSearch_Filter_value(MAFS Head,int pid,string value,int ValueType){
1409 | MAFS pointer = Head;
1410 | //mem文件读取
1411 | char lj[] = "";
1412 | sprintf(lj,"/proc/%d/mem",pid);
1413 | int handle = open(lj,00000002);
1414 |
1415 | //返回的新的MAFS
1416 | MAFS Address_From_FilterSearch_End = nullptr;
1417 | MAFS Address_From_FilterSearch_Begin = nullptr;
1418 | MAFS Address_From_FilterSearch_Head = nullptr;
1419 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin = Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1420 |
1421 |
1422 | char value_[] = "";
1423 | String_To_Char(value_,value);
1424 |
1425 |
1426 | int IsRight_address = 0;
1427 |
1428 | int int_value_real;
1429 | float float_value_real;
1430 | double double_value_real;
1431 | WORD WORD_value_real;//需要转换int再转换char
1432 | BYTE BYTE_value_real;//需要转化int再转换short
1433 |
1434 | switch (ValueType){
1435 | case 0:
1436 | int_value_real = atoi(value_);
1437 | break;
1438 | case 1:
1439 | float_value_real = atof(value_);
1440 | break;
1441 | case 2:
1442 | double_value_real = hexToDec(value_);
1443 | break;
1444 | case 3:
1445 | WORD_value_real = (WORD)atoi(value_);
1446 | break;
1447 | case 4:
1448 | BYTE_value_real = (BYTE)atoi(value_);
1449 | break;
1450 |
1451 | }
1452 |
1453 | if (ValueType == 0){
1454 | buff[1024] = {0};
1455 |
1456 | } else if (ValueType == 1){
1457 | buff1[1024] = {0};
1458 |
1459 | } else if (ValueType == 2){
1460 | buff2[1024] = {0};
1461 |
1462 | } else if (ValueType == 3){
1463 | buff3[1024] = {0};
1464 |
1465 | } else if (ValueType == 4){
1466 | buff4[1024] = {0};
1467 |
1468 | }
1469 |
1470 |
1471 | int num_count = 0;
1472 | while (pointer){
1473 | long int Address_Filter = (*pointer).Address;
1474 |
1475 | switch (ValueType){
1476 | case 0:
1477 | memset(buff,0,4);
1478 | pread64(handle,buff,4,Address_Filter);
1479 | if (buff[0] == int_value_real){
1480 | IsRight_address = 1;
1481 | } else{
1482 | IsRight_address = 0;
1483 | }
1484 | break;
1485 | case 1:
1486 | memset(buff1,0,4);
1487 | pread64(handle,buff1,4,Address_Filter);
1488 | if (buff1[0] == float_value_real){
1489 | IsRight_address = 1;
1490 | }else{
1491 | IsRight_address = 0;
1492 | }
1493 | break;
1494 | case 2:
1495 | memset(buff2,0,8);
1496 | pread64(handle,buff2,8,Address_Filter);
1497 | if (buff2[0] == double_value_real){
1498 | IsRight_address = 1;
1499 | }else{
1500 | IsRight_address = 0;
1501 | }
1502 | break;
1503 | case 3:
1504 | memset(buff3,0,2);
1505 | pread64(handle,buff3,2,Address_Filter);
1506 | if (buff3[0] == WORD_value_real){
1507 | IsRight_address = 1;
1508 | }else{
1509 | IsRight_address = 0;
1510 | }
1511 | break;
1512 | case 4:
1513 | memset(buff4,0,1);
1514 | pread64(handle,buff4,1,Address_Filter);
1515 | if (buff4[0] == BYTE_value_real){
1516 | IsRight_address = 1;
1517 | }else{
1518 | IsRight_address = 0;
1519 | }
1520 | break;
1521 | }
1522 |
1523 | if (IsRight_address == 1){
1524 | Address_From_FilterSearch_End->Address = Address_Filter;
1525 | cout << Address_Filter << endl;
1526 |
1527 |
1528 | if (num_count == 0){
1529 | num_count ++;
1530 | Address_From_FilterSearch_End->next=nullptr;
1531 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
1532 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin;
1533 | } else{
1534 | num_count ++;
1535 | Address_From_FilterSearch_End->next = nullptr;
1536 | Address_From_FilterSearch_Begin->next = Address_From_FilterSearch_End;
1537 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
1538 | }
1539 | Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1540 |
1541 | }
1542 |
1543 | pointer = (*pointer).next;
1544 |
1545 | }
1546 | free(Address_From_FilterSearch_End);
1547 | return Address_From_FilterSearch_Head;
1548 | };
1549 | MAFS UnionSearch_Filter_Rangevalue(MAFS Head,int pid,string value,int ValueType){
1550 |
1551 | //返回的新的MAFS
1552 | MAFS Address_From_FilterSearch_End = nullptr;
1553 | MAFS Address_From_FilterSearch_Begin = nullptr;
1554 | MAFS Address_From_FilterSearch_Head = nullptr;
1555 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin = Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1556 |
1557 |
1558 | char value_From[] = "";
1559 | char value_To[] = "";
1560 | char value_[] = "";
1561 |
1562 | String_To_Char(value_,value);
1563 |
1564 | string From_Value = mySplit_Result(value_,0);
1565 | string To_Value = mySplit_Result(value_,1);
1566 |
1567 | String_To_Char(value_From,From_Value);
1568 | String_To_Char(value_To,To_Value);
1569 |
1570 | int int_value_real_From,int_value_real_To;
1571 | float float_value_real_from,float_value_real_to;
1572 | double double_value_real_from,double_value_real_to;
1573 | WORD WORD_value_real_from,WORD_value_real_to;//需要转换int再转换char
1574 | BYTE BYTE_value_real_from,BYTE_value_real_to;//需要转化int再转换short
1575 |
1576 | switch (ValueType){
1577 | case 0:
1578 | int_value_real_From = atoi(value_From);
1579 | int_value_real_To = atoi(value_To);
1580 |
1581 | break;
1582 | case 1:
1583 | float_value_real_from = atof(value_From);
1584 | float_value_real_to = atof(value_To);
1585 | break;
1586 | case 2:
1587 | double_value_real_from = hexToDec(value_From);
1588 | double_value_real_to = hexToDec(value_To);
1589 | break;
1590 | case 3:
1591 | WORD_value_real_from = (WORD)atoi(value_From);
1592 | WORD_value_real_to = (WORD)atoi(value_To);
1593 | break;
1594 | case 4:
1595 | BYTE_value_real_from = (BYTE)atoi(value_From);
1596 | BYTE_value_real_to = (BYTE)atoi(value_To);
1597 | break;
1598 |
1599 | }
1600 |
1601 | char lj[] = "";
1602 | sprintf(lj,"/proc/%d/mem",pid);
1603 | int handle = open(lj,00000002);
1604 |
1605 | //此用来计数
1606 | int num_count = 0;
1607 |
1608 | if (ValueType == 0){
1609 | buff[1024] = {0};
1610 |
1611 | } else if (ValueType == 1){
1612 | buff1[1024] = {0};
1613 |
1614 | } else if (ValueType == 2){
1615 | buff2[1024] = {0};
1616 |
1617 | } else if (ValueType == 3){
1618 | buff3[1024] = {0};
1619 |
1620 | } else if (ValueType == 4){
1621 | buff4[1024] = {0};
1622 |
1623 | }
1624 |
1625 |
1626 | //pread=read+lseek,所以其实可以不用lseek
1627 | //clion中当前编译器的linux内核版本不支持pread64
1628 |
1629 | MAFS pointer = Head;
1630 | int IsRight_address = 0;
1631 |
1632 | printf("BeginSearchValue");
1633 | while (pointer){
1634 | long int address = (*pointer).Address;
1635 | switch (ValueType){
1636 | case 0:
1637 | memset(buff,0,4);
1638 | pread64(handle,buff,4,address);
1639 | if (buff[0] >= int_value_real_From && buff[0] <= int_value_real_To){
1640 | IsRight_address = 1;
1641 | } else{
1642 | IsRight_address = 0;
1643 | }
1644 | break;
1645 | case 1:
1646 | memset(buff1,0,4);
1647 | pread64(handle,buff1,4,address);
1648 | if (buff1[0] >= float_value_real_from && buff1[0] <= float_value_real_to){
1649 | IsRight_address = 1;
1650 | }else{
1651 | IsRight_address = 0;
1652 | }
1653 | break;
1654 | case 2:
1655 | memset(buff2,0,8);
1656 | pread64(handle,buff2,8,address);
1657 | if (buff2[0] >= double_value_real_from && buff2[0] <= double_value_real_to){
1658 | IsRight_address = 1;
1659 | }else{
1660 | IsRight_address = 0;
1661 | }
1662 | break;
1663 | case 3:
1664 | memset(buff3,0,2);
1665 | pread64(handle,buff3,2,address);
1666 | if (buff3[0] >= WORD_value_real_from && buff3[0] <= WORD_value_real_to){
1667 | IsRight_address = 1;
1668 | }else{
1669 | IsRight_address = 0;
1670 | }
1671 | break;
1672 | case 4:
1673 | memset(buff4,0,1);
1674 | pread64(handle,buff4,1,address);
1675 | if (buff4[0] >= BYTE_value_real_from && buff4[0] <= BYTE_value_real_to){
1676 | IsRight_address = 1;
1677 | }else{
1678 | IsRight_address = 0;
1679 | }
1680 | break;
1681 | }
1682 |
1683 | // //返回的新的MAFS
1684 | // MAFS Address_From_FilterSearch_End = nullptr;
1685 | // MAFS Address_From_FilterSearch_Begin = nullptr;
1686 | // MAFS Address_From_FilterSearch_Head = nullptr;
1687 | // Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin = Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1688 |
1689 |
1690 |
1691 | if (IsRight_address == 1){
1692 | Address_From_FilterSearch_End->Address = address;
1693 | print("address:");
1694 | cout << (*pointer).Address << endl;
1695 | if (num_count == 0){
1696 | num_count ++;
1697 | Address_From_FilterSearch_End->next=nullptr;
1698 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
1699 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin;
1700 | } else{
1701 | num_count ++;
1702 | Address_From_FilterSearch_End->next = nullptr;
1703 | Address_From_FilterSearch_Begin->next = Address_From_FilterSearch_End;
1704 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
1705 | }
1706 | Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1707 |
1708 | }
1709 |
1710 | pointer = (*pointer).next;
1711 |
1712 | }
1713 | close(handle);
1714 | free(Address_From_FilterSearch_End);
1715 | return Address_From_FilterSearch_Head;
1716 | };
1717 |
1718 | bool EditMemory(MAFS Head,int pid,string value,int ValueType,int WantedEditAddressCout){
1719 | MAFS pointer = Head;
1720 |
1721 | char lj[] = "";
1722 | sprintf(lj,"/proc/%d/mem",pid);
1723 | int handle = open(lj,00000002);
1724 |
1725 | char value_[] = "";
1726 | String_To_Char(value_,value);
1727 |
1728 | int int_value_real;
1729 | float float_value_real;
1730 | double double_value_real;
1731 | WORD WORD_value_real;//需要转换int再转换char
1732 | BYTE BYTE_value_real;//需要转化int再转换short
1733 |
1734 | switch (ValueType){
1735 | case 0:
1736 | int_value_real = atoi(value_);
1737 | break;
1738 | case 1:
1739 | float_value_real = atof(value_);
1740 | break;
1741 | case 2:
1742 | double_value_real = hexToDec(value_);
1743 | break;
1744 | case 3:
1745 | WORD_value_real = (WORD)atoi(value_);
1746 | break;
1747 | case 4:
1748 | BYTE_value_real = (BYTE)atoi(value_);
1749 | break;
1750 |
1751 | }
1752 | int count = 0;
1753 | try {
1754 |
1755 | while (pointer){
1756 | count++;
1757 | if (WantedEditAddressCout != -1){
1758 | goto BeginWrite;
1759 | } else if(count <= WantedEditAddressCout){
1760 | goto BeginWrite;
1761 | }else{
1762 | break;
1763 | }
1764 |
1765 | BeginWrite:
1766 | long int address = (*pointer).Address;
1767 | switch (ValueType){
1768 | case 0:
1769 |
1770 | pwrite64(handle,&int_value_real,4,address);
1771 |
1772 | break;
1773 | case 1:
1774 |
1775 | pwrite64(handle,&float_value_real,4,address);
1776 |
1777 | break;
1778 | case 2:
1779 |
1780 | pwrite64(handle,&double_value_real,8,address);
1781 |
1782 | break;
1783 | case 3:
1784 |
1785 | pwrite64(handle,&WORD_value_real,2,address);
1786 |
1787 | break;
1788 | case 4:
1789 | pwrite64(handle,&BYTE_value_real,1,address);
1790 |
1791 | break;
1792 | }
1793 |
1794 | pointer = (*pointer).next;
1795 | }
1796 |
1797 |
1798 |
1799 |
1800 | }catch (...){
1801 | return false;
1802 | }
1803 | return true;
1804 | }
1805 |
1806 |
1807 | //String转换成char []
1808 | void String_To_Char(char valueChar[], const string &value){
1809 | strncpy(valueChar, value.c_str(), value.length() + 1);
1810 | }
1811 |
1812 |
1813 |
1814 |
1815 | //char转换double
1816 | double sqrt(double sum,int i)
1817 | {
1818 | double root = sum;
1819 | while (i>0,i--)
1820 | sum *= root;
1821 |
1822 | return sum;
1823 | }
1824 | double hexToDec(char *str)
1825 | {
1826 | int i = 0;
1827 | float sumd = 0.0;
1828 | double sumf = 0.0;
1829 | bool error = false;
1830 | bool negative = false;
1831 |
1832 | for (; *str; str++) {
1833 | if (*str == '-') {
1834 | negative = true;
1835 | continue;
1836 | }
1837 | if (*str == '.') {
1838 | error = true;
1839 | continue;
1840 | }
1841 |
1842 | if (error)
1843 | {
1844 | sumf = sumf + (*str - '0')/sqrt(10.0,i);
1845 | i++;
1846 | }
1847 | else {
1848 | sumd = 10.0 * sumd + (*str - '0');
1849 | }
1850 | }
1851 |
1852 | if (negative)
1853 | sumd = -(sumd + sumf);
1854 | else
1855 | sumd += sumf;
1856 |
1857 | return sumd;
1858 | }
1859 |
1860 | //----------------------------------------------------------------------------------------
1861 | // 偏移搜索部分
1862 | // 先用第一个搜索出来数值,然后存储在链表里面,再搜索偏移的地址即可
1863 | MAFS OFFSETSearch_First(int Rangetype,int pid,string value,int ValueType){
1864 | cout << "Begin Search" << endl;
1865 |
1866 | MAR Head = SetMemorySearchRange(Rangetype,pid);
1867 | print("GetMARHead-->OK");
1868 | MAFS Address_From_FirstSearch_End = nullptr;
1869 | MAFS Address_From_FirstSearch_Begin = nullptr;
1870 | MAFS Address_From_FirstSearch_Head = nullptr;
1871 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin = Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
1872 | print("PREPARE1-->OK");
1873 | char valueChar[] = "";
1874 | String_To_Char(valueChar,value);
1875 | print("PREPARE2-->OK");
1876 | int num_count = 0;
1877 |
1878 | if (strstr(valueChar,"~")){
1879 | char value_From[] = "";
1880 | char value_To[] = "";
1881 |
1882 | string From_Value = mySplit_Result(valueChar,0);
1883 | string To_Value = mySplit_Result(valueChar,1);
1884 |
1885 | String_To_Char(value_From,From_Value);
1886 | String_To_Char(value_To,To_Value);
1887 |
1888 | int int_value_real_From,int_value_real_To;
1889 | float float_value_real_from,float_value_real_to;
1890 | double double_value_real_from,double_value_real_to;
1891 | WORD WORD_value_real_from,WORD_value_real_to;//需要转换int再转换char
1892 | BYTE BYTE_value_real_from,BYTE_value_real_to;//需要转化int再转换short
1893 |
1894 | switch (ValueType){
1895 | case 0:
1896 | int_value_real_From = atoi(value_From);
1897 | int_value_real_To = atoi(value_To);
1898 |
1899 | break;
1900 | case 1:
1901 | float_value_real_from = atof(value_From);
1902 | float_value_real_to = atof(value_To);
1903 | break;
1904 | case 2:
1905 | double_value_real_from = hexToDec(value_From);
1906 | double_value_real_to = hexToDec(value_To);
1907 | break;
1908 | case 3:
1909 | WORD_value_real_from = (WORD)atoi(value_From);
1910 | WORD_value_real_to = (WORD)atoi(value_To);
1911 | break;
1912 | case 4:
1913 | BYTE_value_real_from = (BYTE)atoi(value_From);
1914 | BYTE_value_real_to = (BYTE)atoi(value_To);
1915 | break;
1916 |
1917 | }
1918 |
1919 | char lj[] = "";
1920 | sprintf(lj,"/proc/%d/mem",pid);
1921 | int handle = open(lj,00000002);
1922 |
1923 |
1924 | if (ValueType == 0){
1925 | buff[1024] = {0};
1926 |
1927 | } else if (ValueType == 1){
1928 | buff1[1024] = {0};
1929 |
1930 | } else if (ValueType == 2){
1931 | buff2[1024] = {0};
1932 |
1933 | } else if (ValueType == 3){
1934 | buff3[1024] = {0};
1935 |
1936 | } else if (ValueType == 4){
1937 | buff4[1024] = {0};
1938 |
1939 | }
1940 |
1941 |
1942 | //pread=read+lseek,所以其实可以不用lseek
1943 | //clion中当前编译器的linux内核版本不支持pread64
1944 |
1945 | MAR pointer = Head;
1946 | int IsRight_address = 0;
1947 |
1948 | printf("BeginSearchValue");
1949 | while (pointer){
1950 | for (long int i = (*pointer).Begin_address; i <= (*pointer).End_address; i = i + 0x4) {
1951 | switch (ValueType){
1952 | case 0:
1953 | memset(buff,0,4);
1954 | pread64(handle,buff,4,i);
1955 | if (buff[0] >= int_value_real_From && buff[0] <= int_value_real_To){
1956 | IsRight_address = 1;
1957 | } else{
1958 | IsRight_address = 0;
1959 | }
1960 | break;
1961 | case 1:
1962 | memset(buff1,0,4);
1963 | pread64(handle,buff1,4,i);
1964 | if (buff1[0] >= float_value_real_from && buff1[0] <= float_value_real_to){
1965 | IsRight_address = 1;
1966 | }else{
1967 | IsRight_address = 0;
1968 | }
1969 | break;
1970 | case 2:
1971 | memset(buff2,0,8);
1972 | pread64(handle,buff2,8,i);
1973 | if (buff2[0] >= double_value_real_from && buff2[0] <= double_value_real_to){
1974 | IsRight_address = 1;
1975 | }else{
1976 | IsRight_address = 0;
1977 | }
1978 | break;
1979 | case 3:
1980 | memset(buff3,0,2);
1981 | pread64(handle,buff3,2,i);
1982 | if (buff3[0] >= WORD_value_real_from && buff3[0] <= WORD_value_real_to){
1983 | IsRight_address = 1;
1984 | }else{
1985 | IsRight_address = 0;
1986 | }
1987 | break;
1988 | case 4:
1989 | memset(buff4,0,1);
1990 | pread64(handle,buff4,1,i);
1991 | if (buff4[0] >= BYTE_value_real_from && buff4[0] <= BYTE_value_real_to){
1992 | IsRight_address = 1;
1993 | }else{
1994 | IsRight_address = 0;
1995 | }
1996 | break;
1997 | }
1998 | if (IsRight_address == 1){
1999 | Address_From_FirstSearch_End->Address = i;
2000 | print("address:");
2001 | cout << i << endl;
2002 | if (num_count == 0){
2003 | num_count ++;
2004 | Address_From_FirstSearch_End->next=nullptr;
2005 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
2006 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin;
2007 | } else{
2008 | num_count ++;
2009 | Address_From_FirstSearch_End->next = nullptr;
2010 | Address_From_FirstSearch_Begin->next = Address_From_FirstSearch_End;
2011 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
2012 | }
2013 | Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
2014 |
2015 | }
2016 |
2017 | }
2018 | pointer = (*pointer).next;
2019 |
2020 | }
2021 | close(handle);
2022 | free(Address_From_FirstSearch_End);
2023 | return Address_From_FirstSearch_Head;
2024 |
2025 |
2026 |
2027 |
2028 |
2029 | }else{
2030 | char value_[] = "";
2031 |
2032 |
2033 | String_To_Char(value_,value);
2034 |
2035 |
2036 | int int_value_real;
2037 | float float_value_real;
2038 | double double_value_real;
2039 | WORD WORD_value_real;//需要转换int再转换char
2040 | BYTE BYTE_value_real;//需要转化int再转换short
2041 |
2042 | switch (ValueType){
2043 | case 0:
2044 | int_value_real = atoi(value_);
2045 | break;
2046 | case 1:
2047 | float_value_real = atof(value_);
2048 | break;
2049 | case 2:
2050 | double_value_real = hexToDec(value_);
2051 | break;
2052 | case 3:
2053 | WORD_value_real = (WORD)atoi(value_);
2054 | break;
2055 | case 4:
2056 | BYTE_value_real = (BYTE)atoi(value_);
2057 | break;
2058 |
2059 | }
2060 |
2061 | char lj[] = "";
2062 | sprintf(lj,"/proc/%d/mem",pid);
2063 | int handle = open(lj,00000002);
2064 |
2065 |
2066 | if (ValueType == 0){
2067 | buff[1024] = {0};
2068 |
2069 | } else if (ValueType == 1){
2070 | buff1[1024] = {0};
2071 |
2072 | } else if (ValueType == 2){
2073 | buff2[1024] = {0};
2074 |
2075 | } else if (ValueType == 3){
2076 | buff3[1024] = {0};
2077 |
2078 | } else if (ValueType == 4){
2079 | buff4[1024] = {0};
2080 |
2081 | }
2082 |
2083 |
2084 | //pread=read+lseek,所以其实可以不用lseek
2085 | //clion中当前编译器的linux内核版本不支持pread64
2086 |
2087 | MAR pointer = Head;
2088 | int IsRight_address = 0;
2089 |
2090 | // int int_value_real;
2091 | // float float_value_real;
2092 | // double double_value_real;
2093 | // WORD WORD_value_real;//需要转换int再转换char
2094 | // BYTE BYTE_value_real;//需要转化int再转换short
2095 | while (pointer){
2096 | for (long int i = (*pointer).Begin_address; i <= (*pointer).End_address; i = i + 0x4) {
2097 | switch (ValueType){
2098 | case 0:
2099 | memset(buff,0,4);
2100 | pread64(handle,buff,4,i);
2101 | if (buff[0] == int_value_real){
2102 | IsRight_address = 1;
2103 | } else{
2104 | IsRight_address = 0;
2105 | }
2106 | break;
2107 | case 1:
2108 | memset(buff1,0,4);
2109 | pread64(handle,buff1,4,i);
2110 | if (buff1[0] == float_value_real){
2111 | IsRight_address = 1;
2112 | }else{
2113 | IsRight_address = 0;
2114 | }
2115 | break;
2116 | case 2:
2117 |
2118 | memset(buff2,0,8);
2119 | pread64(handle,buff2,8,i);
2120 | if (buff2[0] == double_value_real){
2121 | IsRight_address = 1;
2122 | }else{
2123 | IsRight_address = 0;
2124 | }
2125 | break;
2126 | case 3:
2127 | memset(buff3,0,2);
2128 | pread64(handle,buff3,2,i);
2129 | if (buff3[0] == WORD_value_real){
2130 | IsRight_address = 1;
2131 | }else{
2132 | IsRight_address = 0;
2133 | }
2134 | break;
2135 | case 4:
2136 | memset(buff4,0,1);
2137 | pread64(handle,buff4,1,i);
2138 | if (buff4[0] == BYTE_value_real){
2139 | IsRight_address = 1;
2140 | }else{
2141 | IsRight_address = 0;
2142 | }
2143 | break;
2144 | }
2145 | if (IsRight_address == 1){
2146 | Address_From_FirstSearch_End->Address = i;
2147 | cout << i << endl;
2148 |
2149 |
2150 | if (num_count == 0){
2151 | num_count ++;
2152 | Address_From_FirstSearch_End->next=nullptr;
2153 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
2154 | Address_From_FirstSearch_Head = Address_From_FirstSearch_Begin;
2155 | } else{
2156 | num_count ++;
2157 | Address_From_FirstSearch_End->next = nullptr;
2158 | Address_From_FirstSearch_Begin->next = Address_From_FirstSearch_End;
2159 | Address_From_FirstSearch_Begin = Address_From_FirstSearch_End;
2160 | }
2161 | Address_From_FirstSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
2162 |
2163 | }
2164 |
2165 |
2166 | }
2167 | cout << "next" << endl;
2168 | pointer = (*pointer).next;
2169 | }
2170 | close(handle);
2171 | free(Address_From_FirstSearch_End);
2172 | return Address_From_FirstSearch_Head;
2173 | }
2174 | }
2175 | MAFS OFFSETSearch_value(MAFS Head,int pid,string value,int ValueType,int offset){
2176 | MAFS pointer = Head;
2177 | //mem文件读取
2178 | char lj[] = "";
2179 | sprintf(lj,"/proc/%d/mem",pid);
2180 | int handle = open(lj,00000002);
2181 |
2182 | //返回的新的MAFS
2183 | MAFS Address_From_FilterSearch_End = nullptr;
2184 | MAFS Address_From_FilterSearch_Begin = nullptr;
2185 | MAFS Address_From_FilterSearch_Head = nullptr;
2186 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin = Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
2187 |
2188 |
2189 | char value_[] = "";
2190 | String_To_Char(value_,value);
2191 |
2192 |
2193 | int IsRight_address = 0;
2194 |
2195 | int int_value_real;
2196 | float float_value_real;
2197 | double double_value_real;
2198 | WORD WORD_value_real;//需要转换int再转换char
2199 | BYTE BYTE_value_real;//需要转化int再转换short
2200 |
2201 | switch (ValueType){
2202 | case 0:
2203 | int_value_real = atoi(value_);
2204 | break;
2205 | case 1:
2206 | float_value_real = atof(value_);
2207 | break;
2208 | case 2:
2209 | double_value_real = hexToDec(value_);
2210 | break;
2211 | case 3:
2212 | WORD_value_real = (WORD)atoi(value_);
2213 | break;
2214 | case 4:
2215 | BYTE_value_real = (BYTE)atoi(value_);
2216 | break;
2217 |
2218 | }
2219 |
2220 | if (ValueType == 0){
2221 | buff[1024] = {0};
2222 |
2223 | } else if (ValueType == 1){
2224 | buff1[1024] = {0};
2225 |
2226 | } else if (ValueType == 2){
2227 | buff2[1024] = {0};
2228 |
2229 | } else if (ValueType == 3){
2230 | buff3[1024] = {0};
2231 |
2232 | } else if (ValueType == 4){
2233 | buff4[1024] = {0};
2234 |
2235 | }
2236 |
2237 |
2238 | int num_count = 0;
2239 | while (pointer){
2240 | long int Address_Filter = (*pointer).Address;
2241 |
2242 | switch (ValueType){
2243 | case 0:
2244 | memset(buff,0,4);
2245 | pread64(handle,buff,4,Address_Filter + offset);
2246 | if (buff[0] == int_value_real){
2247 | IsRight_address = 1;
2248 | } else{
2249 | IsRight_address = 0;
2250 | }
2251 | break;
2252 | case 1:
2253 | memset(buff1,0,4);
2254 | pread64(handle,buff1,4,Address_Filter + offset);
2255 | if (buff1[0] == float_value_real){
2256 | IsRight_address = 1;
2257 | }else{
2258 | IsRight_address = 0;
2259 | }
2260 | break;
2261 | case 2:
2262 | memset(buff2,0,8);
2263 | pread64(handle,buff2,8,Address_Filter + offset);
2264 | if (buff2[0] == double_value_real){
2265 | IsRight_address = 1;
2266 | }else{
2267 | IsRight_address = 0;
2268 | }
2269 | break;
2270 | case 3:
2271 | memset(buff3,0,2);
2272 | pread64(handle,buff3,2,Address_Filter + offset);
2273 | if (buff3[0] == WORD_value_real){
2274 | IsRight_address = 1;
2275 | }else{
2276 | IsRight_address = 0;
2277 | }
2278 | break;
2279 | case 4:
2280 | memset(buff4,0,1);
2281 | pread64(handle,buff4,1,Address_Filter + offset);
2282 | if (buff4[0] == BYTE_value_real){
2283 | IsRight_address = 1;
2284 | }else{
2285 | IsRight_address = 0;
2286 | }
2287 | break;
2288 | }
2289 |
2290 | if (IsRight_address == 1){
2291 | Address_From_FilterSearch_End->Address = Address_Filter;
2292 | cout << Address_Filter << endl;
2293 |
2294 |
2295 | if (num_count == 0){
2296 | num_count ++;
2297 | Address_From_FilterSearch_End->next=nullptr;
2298 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
2299 | Address_From_FilterSearch_Head = Address_From_FilterSearch_Begin;
2300 | } else{
2301 | num_count ++;
2302 | Address_From_FilterSearch_End->next = nullptr;
2303 | Address_From_FilterSearch_Begin->next = Address_From_FilterSearch_End;
2304 | Address_From_FilterSearch_Begin = Address_From_FilterSearch_End;
2305 | }
2306 | Address_From_FilterSearch_End = (MAFS)malloc(MemoryAddressFromSearch_Size);
2307 |
2308 | }
2309 |
2310 | pointer = (*pointer).next;
2311 |
2312 | }
2313 | free(Address_From_FilterSearch_End);
2314 | return Address_From_FilterSearch_Head;
2315 | };
2316 |
2317 |
2318 | int main() {
2319 | std::cout << "Memory_Search_by_nm" << std::endl;
2320 | print("Memory_Search------");
2321 | print("Your Select packageName-----");
2322 | PACKAGENAME PKGN[] = "com.ybkj.ol";
2323 | print(PKGN);
2324 | int pid = getPID(PKGN);
2325 |
2326 |
2327 |
2328 |
2329 |
2330 |
2331 | int Mode = 2;
2332 | if (Mode == 0){
2333 | StopPID(pid);
2334 |
2335 |
2336 | //修改的方法:以GG修改器为例
2337 | // gg.setrange(BAD)
2338 | // 1.gg.search("1.1F;1.2~1.3F;3D")
2339 | // 2.gg.search("1.2~1.3F")
2340 | // 3.gg.getResualt(30)
2341 | // 4.gg.edit("3D")
2342 |
2343 |
2344 | MAFS Address_From_Fs = UnionSearch_First(1, pid, "1.1", 1);
2345 | MAFS Address_From_Fs1 = UnionSearch_First(1, pid, "1.2~1.3", 1);
2346 | MAFS Address_From_Fs2 = UnionSearch_First(1, pid, "3", 0);
2347 |
2348 | MAFS ADD;
2349 | MAFS ADD1;
2350 | MergeLinkList_LL(Address_From_Fs,Address_From_Fs1,ADD);
2351 | MergeLinkList_LL(ADD,Address_From_Fs2,ADD1);
2352 |
2353 | string ab = "1.2~1.3";
2354 |
2355 |
2356 | MAFS ADD2;
2357 | ADD2 = UnionSearch_Filter_Rangevalue(ADD1,pid,ab,1);
2358 |
2359 |
2360 |
2361 | //Print_Linked_list_MAFS(Address_From_Fs);
2362 |
2363 |
2364 | bool Is_ok = EditMemory(Address_From_Fs,pid,"2",0,30);
2365 | if (Is_ok){
2366 | print("Edit ok --> ok");
2367 | } else{
2368 | print("Edit --> false");
2369 | }
2370 | ResetFromStopPID(pid);
2371 | } else if (Mode == 1){
2372 | MAFS Address_From_Fs = UnionSearch_First(1, pid, "1", 0);
2373 | //Print_Linked_list_MAFS(Address_From_Fs);
2374 | bool Is_ok = EditMemory(Address_From_Fs,pid,"2",0,30);
2375 | if (Is_ok){
2376 | print("Edit ok --> ok");
2377 | } else{
2378 | print("Edit --> false");
2379 | }
2380 | } else if(Mode == 2){
2381 | print("begin offset search");
2382 | MAFS Address_From_Fs = OFFSETSearch_First(8,pid,"800~2000",0);
2383 | MAFS Address_From_Fs1 = OFFSETSearch_value(Address_From_Fs,pid,"136068113",0,-8);
2384 | MAFS Address_From_Fs2 = OFFSETSearch_value(Address_From_Fs1,pid,"1",0,-12);
2385 | MAFS Address_From_Fs3 = OFFSETSearch_value(Address_From_Fs2,pid,"136068113",0,-16);
2386 | bool Is_ok = EditMemory(Address_From_Fs3,pid,"999999999",0,-1);
2387 | if (Is_ok){
2388 | print("Edit ok --> ok");
2389 | } else{
2390 | print("Edit --> false");
2391 | }
2392 | Address_From_Fs = nullptr;
2393 | Address_From_Fs1 = nullptr;
2394 | Address_From_Fs2 = nullptr;
2395 | Address_From_Fs3 = nullptr;
2396 |
2397 | }
2398 |
2399 | return 0;
2400 | }
2401 |
--------------------------------------------------------------------------------