// MemRepair.cpp : 定义控制台应用程序的入口点。  //    #include "stdafx.h"  #include <Windows.h>    BOOL FindFirst(DWORD dwValue);  BOOL FindNext(DWORD dwValue);  HANDLE g_hProcess;  DWORD g_arList[1024];  DWORD g_nListCnt;    BOOL CompareAPage(DWORD dwBaseAddr, DWORD dwValue)  {      //读取一页内存      BYTE arBytes[4096];      BOOL bRead = ::ReadProcessMemory(g_hProcess, (LPVOID)dwBaseAddr, arBytes, 4096,NULL);      if (bRead == FALSE)      {          return FALSE;      }      DWORD *pdw;      for (int i=0;i<4096-4;i++)      {                    pdw = (DWORD*)&arBytes[i];           if (pdw[0] == dwValue)          {              g_arList[g_nListCnt++] = dwBaseAddr+i;          }          /*出错，应该将地址先转换成DWORD*,即指向DWORD的地址，然后再取[0]         if ((DWORD)&arBytes[i] == dwValue)         {             g_arList[g_nListCnt++] = dwBaseAddr+i;         }         */      }      if (g_nListCnt > 1024)      {          printf("the position is large than 1024..");          return FALSE;      }      return TRUE;  }    BOOL FindFirst(DWORD dwValue)  {      const DWORD dwOneGB = 1 * 1024 *1024 *1024; // 1GB      const DWORD dwOnePage = 4* 1024; // 4K      DWORD dwBase;      OSVERSIONINFO versionInfo={0};      versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);        ::GetVersionEx(&versionInfo);      if (versionInfo.dwPlatformId ==  VER_PLATFORM_WIN32_WINDOWS ) //win98      {          dwBase = 4 * 1024 *1024; // 4MB      }      else      {          dwBase = 64 * 1024; // 64KB      }      //从开始地址到2GB的空间查找      for (;dwBase<2*dwOneGB;dwBase+=dwOnePage)      {          CompareAPage(dwBase,dwValue);      }      return TRUE;  }    BOOL FindNext(DWORD dwValue)  {      DWORD dwOriCnt = g_nListCnt;      DWORD dwReadValue;      BOOL bRet = FALSE;        g_nListCnt = 0;      for (int i=0;i<dwOriCnt;i++)      {          if (::ReadProcessMemory(g_hProcess,(LPVOID)g_arList[i],&dwReadValue,sizeof(DWORD),0))          {              if (dwReadValue == dwValue)              {                  g_arList[g_nListCnt++] = g_arList[i];                  bRet = TRUE;                          }          }      }      return bRet;  }    void ShowList()  {      for (int i=0;i<g_nListCnt;i++)      {          printf("lX\n", g_arList[i]);      }  }  BOOL WriteMemory(DWORD dwAddr, DWORD dwValue)  {      //出错的情况：写入的是&dwValue，而不是（LPVOID）dwValue      return WriteProcessMemory(g_hProcess,(LPVOID)dwAddr,&dwValue,sizeof(DWORD),NULL);  }  int _tmain(int argc, _TCHAR* argv[])  {      g_nListCnt = 0;      memset(g_arList,0,sizeof(g_arList));        char szCommandLine[]="c:\\testor.exe";      STARTUPINFO si={sizeof(STARTUPINFO)};      si.dwFlags = STARTF_USESHOWWINDOW;      si.wShowWindow = TRUE;        PROCESS_INFORMATION pi;      BOOL bRet = CreateProcess(NULL, szCommandLine,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);      if (bRet == FALSE)      {          printf("createProcess failed...");          return -1;      }      ::CloseHandle(pi.hThread);      g_hProcess = pi.hProcess;      //输入修改值      int iVal;      printf("Input iVal=");      scanf("%d", &iVal);      //进行第一次查找      FindFirst(iVal);      //打印结果      ShowList();        //再次查找      while (g_nListCnt > 1)      {          printf("input iVal:\n");          scanf("%d",&iVal);          FindNext(iVal);          ShowList();      }        //修改值      printf("input new value:\n");      scanf("%d",&iVal);      if (WriteMemory(g_arList[0],iVal))      {          printf("write suc...");      }            ::CloseHandle(g_hProcess);      return 0;  }

#include "stdafx.h"  #include <stdio.h>    int g_nNum = 1003;  int _tmain(int argc, _TCHAR* argv[])  {      int i = 200;      while(1)      {          printf("i=%d,&i=lX...g_nNum=%d,&g_nNum=lX\n\n",i--,&i,--g_nNum,&g_nNum);          getchar();      }            return 0;  }