|
#2
低调求学2012-12-06 13:30
|
进程地址通过VirtualQueryEx这个API可以获取。数据的存放地址是ReadProcessMemory的返回值。最后一个变量自然也是返回值,所以无需设置。而你想要读取的数据的长度一般就是VirtualQueryEx返回的MEMORY_BASIC_INFORMATION结构中的RegionSize即区块大小。C++中,对一个进程的全部内存操作过程如下:
程序代码: const SIZE_T BaseInfoLen=sizeof(MEMORY_BASIC_INFORMATION);
LPCVOID lpcEndOfVirtualMemory=(LPCVOID)END_OF_VM; //2G虚拟内存地址结束的地方
SIZE_T SegLen=BaseInfoLen;
MEMORY_BASIC_INFORMATION mbInfo;
LPVOID lpBaseAddr=(LPVOID)0x400000; //4MB,可用虚拟内存开始的地方
while(SegLen==BaseInfoLen&&lpBaseAddr<lpcEndOfVirtualMemory){
SegLen=VirtualQueryEx(pHandle,lpBaseAddr,&mbInfo,BaseInfoLen);
if(mbInfo.State==MEM_COMMIT&&mbInfo.Protect==PAGE_READWRITE) //已分配内存且可读写 {
PUCHAR Seg=(PUCHAR)malloc(mbInfo.RegionSize);
SIZE_T ReadLen;
ReadProcessMemory(pHandle,mbInfo.BaseAddress,Seg,mbInfo.RegionSize,&ReadLen); //这里可以添加对读出来的内存块Seg进行操作
lpBaseAddr=(LPVOID)((char*)lpBaseAddr+mbInfo.RegionSize);
}
else if(mbInfo.State==MEM_FREE&&mbInfo.RegionSize>0x08000000) //这个地方。。真没看懂!!!????
break;
else
lpBaseAddr=(LPVOID)((char*)lpBaseAddr+mbInfo.RegionSize);
}
刚刚接触windows编程!!求高手指点一二!!!! LPCVOID lpcEndOfVirtualMemory=(LPCVOID)END_OF_VM; //2G虚拟内存地址结束的地方
SIZE_T SegLen=BaseInfoLen;
MEMORY_BASIC_INFORMATION mbInfo;
LPVOID lpBaseAddr=(LPVOID)0x400000; //4MB,可用虚拟内存开始的地方
while(SegLen==BaseInfoLen&&lpBaseAddr<lpcEndOfVirtualMemory){
SegLen=VirtualQueryEx(pHandle,lpBaseAddr,&mbInfo,BaseInfoLen);
if(mbInfo.State==MEM_COMMIT&&mbInfo.Protect==PAGE_READWRITE) //已分配内存且可读写 {
PUCHAR Seg=(PUCHAR)malloc(mbInfo.RegionSize);
SIZE_T ReadLen;
ReadProcessMemory(pHandle,mbInfo.BaseAddress,Seg,mbInfo.RegionSize,&ReadLen); //这里可以添加对读出来的内存块Seg进行操作
lpBaseAddr=(LPVOID)((char*)lpBaseAddr+mbInfo.RegionSize);
}
else if(mbInfo.State==MEM_FREE&&mbInfo.RegionSize>0x08000000) //这个地方。。真没看懂!!!????
break;
else
lpBaseAddr=(LPVOID)((char*)lpBaseAddr+mbInfo.RegionSize);
}
