64位內存地址不適合Win32（64？）的API WriteProcessMemory？

Question

好的，所以我試圖做老黑客計算器教程在這裏： http://www.youtube.com/watch?v=I0zPwg4iUDk 但通過添加一個表單和一個按鈕，以注入新的價值到計算器給我自己的旋轉。但它不斷吐出「無法寫入內存」的錯誤。現在我不知道爲什麼，但我認爲這是因爲我想寫的內存地址是來自64位操作系統。誰能告訴我爲什麼這不起作用？

#include <iostream> 
#include <windows.h> 

#define IDBUTTON 102 

//prototypes 
void injectValue(); 

using namespace std; 

/* Declare Windows procedure */ 
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM); 

/* Make the class name into a global variable */ 
char szClassName[ ] = "CodeBlocksWindowsApp"; 
HINSTANCE g_hInst; 
int newValue = 500; 

int WINAPI WinMain (HINSTANCE hThisInstance, 
        HINSTANCE hPrevInstance, 
        LPSTR lpszArgument, 
        int nCmdShow) 
{ 
    HWND hwnd;    /* This is the handle for our window */ 
    MSG messages;   /* Here messages to the application are saved */ 
    WNDCLASSEX wincl;  /* Data structure for the windowclass */ 

    /* The Window structure */ 
    g_hInst = hThisInstance; 
    wincl.hInstance = hThisInstance; 
    wincl.lpszClassName = szClassName; 
    wincl.lpfnWndProc = WindowProcedure;  /* This function is called by windows */ 
    wincl.style = CS_DBLCLKS;     /* Catch double-clicks */ 
    wincl.cbSize = sizeof (WNDCLASSEX); 

    /* Use default icon and mouse-pointer */ 
    wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION); 
    wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION); 
    wincl.hCursor = LoadCursor (NULL, IDC_ARROW); 
    wincl.lpszMenuName = NULL;     /* No menu */ 
    wincl.cbClsExtra = 0;      /* No extra bytes after the window class */ 
    wincl.cbWndExtra = 0;      /* structure or the window instance */ 
    /* Use Windows's default colour as the background of the window */ 
    wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND; 

    /* Register the window class, and if it fails quit the program */ 
    if (!RegisterClassEx (&wincl)) 
     return 0; 

    /* The class is registered, let's create the program*/ 
    hwnd = CreateWindowEx (
      0,     /* Extended possibilites for variation */ 
      szClassName,   /* Classname */ 
      "Calculator Trainer",  /* Title Text */ 
      WS_OVERLAPPEDWINDOW, /* default window */ 
      CW_USEDEFAULT,  /* Windows decides the position */ 
      CW_USEDEFAULT,  /* where the window ends up on the screen */ 
      544,     /* The programs width */ 
      375,     /* and height in pixels */ 
      HWND_DESKTOP,  /* The window is a child-window to desktop */ 
      NULL,    /* No menu */ 
      hThisInstance,  /* Program Instance handler */ 
      NULL     /* No Window Creation data */ 
      ); 


    /* Make the window visible on the screen */ 
    ShowWindow (hwnd, nCmdShow); 

    /* Run the message loop. It will run until GetMessage() returns 0 */ 
    while (GetMessage (&messages, NULL, 0, 0)) 
    { 
     /* Translate virtual-key messages into character messages */ 
     TranslateMessage(&messages); 
     /* Send message to WindowProcedure */ 
     DispatchMessage(&messages); 
    } 

    /* The program return-value is 0 - The value that PostQuitMessage() gave */ 
    return messages.wParam; 
} 


/* This function is called by the Windows function DispatchMessage() */ 

LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) 
{ 
    HWND hwndButton; 
    switch (message)     /* handle the messages */ 
    { 
     case WM_COMMAND: 
      if(((HWND)lParam) && (HIWORD(wParam) == BN_CLICKED)){ 
      switch(LOWORD(wParam)){ 
       case IDBUTTON:{ 
        injectValue(); 
        break; 
       } 
       default: 
        break; 
      } 
      } 
      break; 


     case WM_CREATE: 
      hwndButton = CreateWindowEx(0,     /* more or ''extended'' styles */ 
        TEXT("BUTTON"),       /* GUI ''class'' to create */ 
        TEXT("Inject Value"),      /* GUI caption */ 
        WS_CHILD|WS_VISIBLE|BS_DEFPUSHBUTTON, /* control styles separated by | */ 
        10,          /* LEFT POSITION (Position from left) */ 
        10,          /* TOP POSITION (Position from Top) */ 
        200,         /* WIDTH OF CONTROL */ 
        30,          /* HEIGHT OF CONTROL */ 
        hwnd,         /* Parent window handle */ 
        (HMENU)IDBUTTON,      /* control''s ID for WM_COMMAND */ 
        g_hInst,        /* application instance */ 
        NULL); 
      break; 

     case WM_DESTROY: 
      PostQuitMessage (0);  /* send a WM_QUIT to the message queue */ 
      break; 

     default:      /* for messages that we don't deal with */ 
      return DefWindowProc (hwnd, message, wParam, lParam); 
    } 

    return 0; 
} 

void injectValue(){ 
    cout << "button pushed" << endl; 

    HWND chwnd = FindWindow(0, "Calculator"); 
    if(chwnd == 0) 
     cerr << "HWND not found!" << endl; 

    else{ 
     DWORD pID; 
     GetWindowThreadProcessId(chwnd, &pID); 
     HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID); 

     if(!hProc) 
      cerr << "Can't open hProc!" << endl; 

     else{ 
      int success = WriteProcessMemory(hProc, (LPVOID) 0xA4283C508C, &newValue, (DWORD_PTR) sizeof(newValue), NULL); 

      if(success > 0) 
       cout << "wrote to memory" << endl; 

      else 
       cerr << "Can't write to memory" << endl; 
     } 
    } 
} 

Answer 1

首先，只要你有WINAPI的問題，您應該使用GetLastError找到*具體*錯誤。

在這種情況下，我敢肯定你沒有調試特權，所以OS否認寫入權限，請參閱AdjustTokenPrivilages和this例如，你想SE_DEBUG_NAME特權。

然而，應該指出的是，你不應該使用（你的情況0xA4283C508C）固定的虛擬地址，因爲所有的程序將搬遷， 無效地址（由於ASLR，代碼頁重疊或者僅僅指剛純缺少首選的加載地址）