99.遍历进程并直接写入内存

包含头文件
```
1 //进程快照
2 #include<TlHelp32.h>
```

进程名

1 //进程名
2 #define exename  "PlantsVsZombies.exe"

创建进程快照

 1 HANDLE hpro=NULL;
 2 
 3     //存储进程快照信息
 4     PROCESSENTRY32 pe32 = { 0 };
 5 
 6     //设置进程快照结构体大小
 7     pe32.dwSize = sizeof(pe32);
 8 
 9     //创建进程快照
10     HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

遍历进程快照

//遍历进程快照
    BOOL  bmore = Process32First(hprocess, &pe32);
    while (bmore)
    {
        //如果找到打开进程
        if (strcmp(exename, pe32.szExeFile) == 0)
        {
            hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
            break;
        }
        
        //遍历下一个
        bmore = Process32Next(hprocess, &pe32);
    }

初始化指向的地址并读取

 1 //用于读取
 2     int *p = malloc(4);
 3     //指向的地址
 4     int *pfind = 0x09121D88;
 5     //标识读取了几个字节
 6     int size = 0;
 7     //读取内存
 8     ReadProcessMemory(hpro, pfind, p, 4, &size);
 9 
10     printf("%d", *p);

初始化指向的地址并写入

1 　　int *p = malloc(4);
2     *p = 888;
3 
4     //指向的地址
5     int *pfind = 0x09121D88;
6     //标识写入了几个字节
7     int size = 0;
8     //写入
9     WriteProcessMemory(hpro, pfind, p, 4, &size);

关闭进程
```
1 TerminateProcess(hpro, 0);
```

完整代码

 1 #include<stdio.h>
 2 #include <stdlib.h>
 3 #include<Windows.h>
 4 //进程快照
 5 #include<TlHelp32.h>
 6 //进程名
 7 #define exename  "PlantsVsZombies.exe"
 8 
 9 //读取进程
10 void read()
11 {
12     HANDLE hpro=NULL;
13 
14     //存储进程快照信息
15     PROCESSENTRY32 pe32 = { 0 };
16 
17     //设置进程快照结构体大小
18     pe32.dwSize = sizeof(pe32);
19 
20     //创建进程快照
21     HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
22 
23     //遍历进程快照
24     BOOL  bmore = Process32First(hprocess, &pe32);
25     while (bmore)
26     {
27         //如果找到打开进程
28         if (strcmp(exename, pe32.szExeFile) == 0)
29         {
30             hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
31             break;
32         }
33         
34         //遍历下一个
35         bmore = Process32Next(hprocess, &pe32);
36     }
37     //用于读取
38     int *p = malloc(4);
39     //指向的地址
40     int *pfind = 0x09121D88;
41     //标识读取了几个字节
42     int size = 0;
43     //读取内存
44     ReadProcessMemory(hpro, pfind, p, 4, &size);
45 
46     printf("%d", *p);
47 }
48 
49 //写入内存
50 void write()
51 {
52     //用于遍历进程
53     HANDLE hpro = NULL;
54 
55     //存储进程快照信息
56     PROCESSENTRY32 pe32 = { 0 };
57 
58     //设置进程快照结构体大小
59     pe32.dwSize = sizeof(pe32);
60 
61     //创建进程快照
62     HANDLE hprocess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
63 
64     //遍历进程快照
65     BOOL  bmore = Process32First(hprocess, &pe32);
66     while (bmore)
67     {
68         //如果找到打开进程
69         if (strcmp(exename, pe32.szExeFile) == 0)
70         {
71             hpro = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
72             break;
73         }
74 
75         //遍历下一个
76         bmore = Process32Next(hprocess, &pe32);
77     }
78     int *p = malloc(4);
79     *p = 888;
80 
81     //指向的地址
82     int *pfind = 0x09121D88;
83     //标识写入了几个字节
84     int size = 0;
85     //写入
86     WriteProcessMemory(hpro, pfind, p, 4, &size);
87 
88     printf("%d", *p);
89 }
90 
91 void main()
92 {
93     read();
94     write();
95 
96     system("pause");
97 }