c 获取asm汇编的16进制代码

#include"stdafx.h"
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <stdio.h>
#include <iostream>
#include <string>

using namespace std;



//将string转换成wstring  
wstring string2wstring(string str)
{
    wstring result;
    //获取缓冲区大小，并申请空间，缓冲区大小按字符计算  
    int len = MultiByteToWideChar(CP_ACP, 0, str.c_str(), str.size(), NULL, 0);
    TCHAR* buffer = new TCHAR[len + 1];
    //多字节编码转换成宽字节编码  
    MultiByteToWideChar(CP_ACP, 0, str.c_str(), str.size(), buffer, len);
    buffer[len] = '\0';             //添加字符串结尾  
    //删除缓冲区并返回值  
    result.append(buffer);
    delete[] buffer;
    return result;
}

//将wstring转换成string  
string wstring2string(wstring wstr)
{
    string result;
    //获取缓冲区大小，并申请空间，缓冲区大小事按字节计算的  
    int len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), wstr.size(), NULL, 0, NULL, NULL);
    char* buffer = new char[len + 1];
    //宽字节编码转换成多字节编码  
    WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), wstr.size(), buffer, len, NULL, NULL);
    buffer[len] = '\0';
    //删除缓冲区并返回值  
    result.append(buffer);
    delete[] buffer;

    return result;
}

HANDLE get_handle(int pid)
{
    HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    return handle;
}

int* read_memory(DWORD pid, uintptr_t addr, int bytes)
{
    HANDLE handle = get_handle(pid);
    int* t = (int*)malloc(bytes);
    bool state = ReadProcessMemory(handle, (LPVOID)addr, t, bytes, NULL);
    if (!state)
    {
        free(t);
        t = NULL;
    }
    CloseHandle(handle);
    return t;
}

int FindPID(string ProcessName)
{
    int pid = -1;
    PROCESSENTRY32 pe32;
    pe32.dwSize = sizeof(pe32);
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hProcessSnap == INVALID_HANDLE_VALUE) {
        cout << "CreateToolhelp32Snapshot Error!" << endl;;
        return false;
    }
    BOOL bResult = Process32First(hProcessSnap, &pe32);
    int num(0);
    while (bResult)
    {
        if (wstring2string(wstring(pe32.szExeFile)) == ProcessName)
        {
            pid = pe32.th32ProcessID;
            break;
        }
        bResult = Process32Next(hProcessSnap, &pe32);
    }
    CloseHandle(hProcessSnap);
    return pid;
}


uintptr_t read_true_process_address(DWORD pid, void* p)
{
    uint8_t* jmp_content = (uint8_t*)read_memory(pid, (uintptr_t)p, 5);
    // 去掉jmp命令的E9
    jmp_content += 1;
    // 拿到偏移
    uint32_t offset = *(uint32_t*)jmp_content;
    // 注意回收内存
    jmp_content -= 1;
    free(jmp_content);
    uintptr_t true_address = (uintptr_t)p + 5 + offset;
    return true_address;
}





uintptr_t find_asm_code_start_offset(DWORD pid, uintptr_t start_address, uintptr_t max_search_size = 1024);
uintptr_t find_asm_code_start_offset(DWORD pid, uintptr_t start_address, uintptr_t max_search_size)
{
    uintptr_t offset = -1;
    // 特征码
    const unsigned int start_feature_size = 7;
    uint8_t start_feature_code[start_feature_size] = { 0xb8,0xcc,0xcc,0xcc,0xcc,0xf3,0xab };
    for (int i = 0; i != max_search_size; i++)
    {
        uint8_t* data = (uint8_t*)read_memory(pid, start_address+i, start_feature_size);
        bool flag = TRUE;
        for (int j = 0; j != start_feature_size; j++)
        {
            if (start_feature_code[j] != data[j])
            {
                flag = FALSE;
                break;
            }
        }
        free(data);
        if (flag == TRUE)
        {
            offset = i;
            break;
        }
    }
    return offset+start_feature_size;
}

uintptr_t find_asm_code_end_offset(DWORD pid, uintptr_t start_address, uintptr_t max_search_size = 1024);
uintptr_t find_asm_code_end_offset(DWORD pid, uintptr_t start_address, uintptr_t max_search_size)
{
    uintptr_t offset = -1;
    // 特征码
    const unsigned int end_feature_size = 11;
    uint8_t end_feature_code[end_feature_size] = { 0x5f,0x5e,0x5b,0x81,0xc4,0xc0,0x00,0x00,0x00,0x3b,0xec };
    for (int i = 0; i != max_search_size; i++)
    {
        uint8_t* data = (uint8_t*)read_memory(pid, start_address + i, end_feature_size);
        bool flag = TRUE;
        for (int j = 0; j != end_feature_size; j++)
        {
            if (end_feature_code[j] != data[j])
            {
                flag = FALSE;
                break;
            }
        }
        free(data);
        if (flag == TRUE)
        {
            offset = i;
            break;
        }
    }
    return offset;
}

char* read_asm_function_code(DWORD pid, void* f, unsigned int &asm_code_size)
{
    char* code_data = NULL;
    uintptr_t true_process_address = read_true_process_address(pid, f);
    uintptr_t start_offset = find_asm_code_start_offset(pid, true_process_address);
    uintptr_t end_offset = find_asm_code_end_offset(pid, true_process_address);
    asm_code_size = end_offset - start_offset;
    code_data = (char*)read_memory(pid, true_process_address + start_offset, asm_code_size);
    return code_data;
}

extern "C"
{
    void f1()
    {
        __asm
        {
            mov edx,edx
            add eax,edx
        }
    }

    void f2()
    {
        __asm
        {
            sub edx, edx
            add eax, edx
        }
    }

    void f3()
    {
        __asm
        {
            jmp edx
            add eax, edx
        }
    }
    void f4()
    {
        __asm
        {
            mov edx, edx
            add eax, edx
            sub eax, edx
        }
    }
}

int main()
{
    unsigned int asm_code_size = 0;
    uint8_t* code_data = (uint8_t*)read_asm_function_code(FindPID("test.exe"), f1, asm_code_size);
    for (int i = 0; i != asm_code_size; i++)
    {
        printf("%02x", code_data[i]);
    }
    printf("\n");
    free(code_data);
    return 0;
}

结果：

8bd203c2