"Turn" A in-memory search QQ number source, from the Snow Forum

#include <windows.h>#include<tlhelp32.h>#include<tchar.h>#include<stdlib.h>#include<stdio.h>intSearchstr (Ptstr pszstring,intIstrlen, Ptstr pszsearchstr) {    inti =0; intIsearchstrlen =_tcslen (PSZSEARCHSTR);  while((i + Isearchstrlen) <=Istrlen) {        intn =0; //Match first character of two string first        if(pszsearchstr[0] ==Pszstring[i]) {            //If equal, begins a character-by-word match             for(intj =0; J <iSearchStrlen; J + +)            {                //same position character match                if(Pszsearchstr[j] = = Pszstring[i +J]) {//if the same position character matches successfully, the counter adds 1n++; }                Else  //the same position character match failed                {                    //source string position skipped matches the same n charactersi = i +N; //jump out of the current match loop to start a new position match                     Break; }            }            //If the match succeeds, the count and the target string are equal in length, the target is found            if(Isearchstrlen = =N) {//I is the starting position of the target string found in the source string,//return here, where the target string found first appears                returni; //find a target, move back one to keep looking,//If you want to continue looking, please note that the final return, the code needs to make a few minor changes//i++;            }        }        Else  //if the first character of two strings is different        {            //starts reverse lookup of source string whether the next character in the target string is within the target string             for(intj = Isearchstrlen-1; J >=0; j--)            {                //find the character that is immediately behind                if(Pszsearchstr[j] = = Pszstring[i +Isearchstrlen]) {                    //where the character appears in the target stringn =J; //just know the first place in the bottom line, jump out of the loop and start moving position                     Break; }            }            //move to position (a target string length minus the occurrence of matching characters in the target string),//that is, if the character is present, the same two characters are aligned and if not present, move the length of the target string directlyi = i + Isearchstrlen-N; }    }    return 0;}intReadmem (DWORD dwpid) {//signatures to search forTCHAR szsub[] = TEXT ("index?uin="); //where the signature appears    intIPos =0; HANDLE hprocess= OpenProcess (Process_query_information | Process_vm_read,0, Dwpid); if(hprocess = =NULL) {        return 0;    } System_info Sisysinfo; GetSystemInfo (&sisysinfo);    Memory_basic_information MBI; DWORD paddress=(DWORD) sisysinfo.lpminimumapplicationaddress; intCount =GetTickCount ();  while(Paddress <(DWORD) sisysinfo.lpmaximumapplicationaddress) {        if(VirtualQueryEx (hprocess, (LPVOID) paddress, &mbi,sizeof(MBI)) !=sizeof(MBI)) {            return 0; }        if(MBI. state = = Mem_commit) && (MBI. Protect = =page_readwrite)) {DWORD Base=paddress; intReadSize =MBI.            Regionsize; if(ReadSize >=1024x768) {DWORD dwbytes=0; TCHAR*membuf = (TCHAR *)malloc(ReadSize *sizeof(TCHAR)); if(ReadProcessMemory (hprocess, (lpcvoid) Base, Membuf, ReadSize, &dwbytes)) {                    //Start searching for signaturesIPos =searchstr (Membuf, dwbytes, szsub); if(IPos) {_tprintf (TEXT (">>> address:0x%.8x\n"), Base + IPos *sizeof(TCHAR)); //the first character that points to the QQ numberTCHAR *ptsqq = &membuf[ipos +_tcslen (szsub)]; _tprintf (TEXT (">>> QQ:")); //use the pointer to print out the QQ number of the current QQ process,//the character after the QQ number is ' & '                         for(; *PTSQQ! ='&'; *ptsqq++)                        {                            //Note Here is a loop to print out the QQ number for each character instead of the entire string_tprintf (TEXT ("%c"), *ptsqq); } _tprintf (TEXT ("\ n")); //Find 1, OK, remove break can continue to find                         Break; }                }                 Free(MEMBUF); }        }        //keep looking from the next block of memory .Paddress = (DWORD) mbi. BaseAddress +MBI.    Regionsize; }    //calculate the time to find the QQ numberCount = GetTickCount ()-Count; _tprintf (TEXT (">>> Time:%d ms\n"), Count); returnIPos;} DWORD Findbypid (Ptstr Pszprocessname) {DWORD Dwprocessid=0;    HANDLE Hprocesssnap;    PROCESSENTRY32 pe32; Hprocesssnap= CreateToolhelp32Snapshot (th32cs_snapprocess,0); if(Hprocesssnap = =Invalid_handle_value) {        return 0; } pe32.dwsize=sizeof(PROCESSENTRY32); if(! Process32First (Hprocesssnap, &pe32))        {CloseHandle (HPROCESSSNAP); return 0; }     Do    {        //Find QQ Process        if(WCSCMP (pszprocessname, pe32.szexefile) = =0) {Dwprocessid=Pe32.th32processid; wprintf (TEXT (">>>------PID =%d------\ n"), DWPROCESSID); //Start a memory searchReadmem (DWPROCESSID); wprintf (TEXT (">>>------------------------\ n"), DWPROCESSID); }    }    //keep looking for the next process .     while(Process32Next (Hprocesssnap, &pe32));    CloseHandle (HPROCESSSNAP); //If there is a QQ process, return here is the last QQ process ID,//if it is not in the QQ process, return here is the initial value of Dwprocessid 0    returnDwprocessid;}intMain () {TCHAR pszp[]= TEXT ("QQ.exe"); DWORD Dwpid=findbypid (PSZP); if(!dwpid) {wprintf (TEXT (">>> do not found the qq.exe\n")); }    return 0;}

"Turn" A in-memory search QQ number source, from the Snow Forum