-
ReadProcessMemory
鎖定
ReadProcessMemory是一個內存操作函數, 其作用為根據進程句柄讀入該進程的某個內存空間;函數原型為BOOL ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead); 由布爾聲明可以看出, 當函數讀取成功時返回1, 失敗則返回0, 具體參數含義將在下文中指出。
- 中文名
- ReadProcessMemory
- 歸 屬
- 編程中的內存操作函數
- 失 敗
- 則返回0
- 成 功
- 返回1
ReadProcessMemory英文解釋
ReadProcessMemory原型
This function reads memory in a specified process. The entire area to be read must be accessible or the operation fails.
BOOL ReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesRead ); ReadProcessMemory (hProcess, 十六到十 (“02C20100”), 矩陣 [1] [1], 64, 0)//E語言讀矩陣4*4
ReadProcessMemory參數
(1)hProcess
[in] Handle to the process whose memory is being read.
In Windows CE, any call to OpenProcess returns a process handle with the proper access rights.
進程句柄
(2)lpBaseAddress
[in] Pointer to the base address in the specified process to be read.
Before data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for read access. If so, the function proceeds; otherwise, the function fails.
內存地址
(3)lpBuffer
[out] Pointer to a buffer that receives the contents from the address space of the specified process.
接收的內容,緩衝區指針
(4)nSize
[in] Specifies the requested number of bytes to read from the specified process.
讀取字節數
(5)lpNumberOfBytesRead
[out] Pointer to the number of bytes transferred into the specified buffer.
If lpNumberOfBytesRead is NULL, the parameter is ignored.
指向傳輸到指定緩衝區的字節數的指針。
如果lpNumberOfBytesRead為空,則忽略該參數
ReadProcessMemory返回值
Nonzero indicates success.
Zero indicatesfailure.
To get extended error information, call GetLastError.
The function fails if the requested read operation crosses into an area of the process that is inaccessible.
Remarks
ReadProcessMemory copies data in the specified address range from the address space of the specified process into the specified buffer of the current process. The process whose address space is read is typically, but not necessarily, being debugged.
The entire area to be read must be accessible. If it is not, the function fails.
ReadProcessMemory要求
OS Versions: Windows CE 2.0 and later.
Header: Winbase.h.
Link Library: Coredll.lib, Nk.lib.
ReadProcessMemory參考資料
OpenProcess | WriteProcessMemory
---------------------------------------------------------------------------------------
ReadProcessMemory中文解釋
ReadProcessMemory
BOOL ReadProcessMemory( HANDLE hProcess, PVOID pvAddressRemote, PVOIDpvBufferLocal, DWORD dwSize, PDWORDpdwNumBytesRead );
實際應用
hProcess [in]遠程進程句柄。 被讀取者
pvAddressRemote [in]遠程進程中內存地址。 從具體何處讀取
pvBufferLocal [out]本地進程中內存地址. 函數將讀取的內容寫入此處
dwSize [in]要傳送的字節數。要寫入多少
pdwNumBytesRead [out]實際傳送的字節數. 函數返回時報告實際寫入多少
ReadProcessMemory例子
ReadProcessMemoryC++
ReadProcessMemory讀出數據,權限要大一些。下面這個打開進程的方式具備了 查詢 讀和寫的權限
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, 0, ProcessId)
ReadProcessMemoryDelphi
var
hProcess:HWND;
wltId:DWord;
hProcess:=OpenProcess(PROCESS_CREATE_THREAD + PROCESS_VM_OPERATION+ PROCESS_VM_WRITE, FALSE, wltId);
然後就要結合上面的程序來搜索了。只有當內存是處於被佔用狀態時才去讀取其中的內容,而忽略空閒狀態的內存。程序我就不在這兒寫了,和上面那段差不多。只是把dwTotalCommit = dwTotalCommit + mi.RegionSize換成了讀取內存以及搜索這一塊內存的函數而已。
1.通過FindWindow讀取窗體的句柄
2.通過GetWindowThreadProcessId讀取查找窗體句柄進程的PID值
var
nProcId:DWord;
nProcId:=GetWindowThreadProcessId(hFound, @nProcId);
3.用OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, ProcessId)打開查到PID值的進程. 此打開具備讀取,寫入,查詢的權限
4.ReadProcessMemory讀出指定的內存地址數據
BOOL ReadProcessMemory( HANDLE hProcess, // 被讀取進程的句柄; LPCVOID lpBaseAddress, // 讀的起始地址; LPVOID lpBuffer, // 存放讀取數據緩衝區; DWORD nSize, // 一次讀取的字節數; LPDWORD lpNumberOfBytesRead // 實際讀取的字節數; );
例題:
ReadProcessMemory(dwProcessId, (LPVOID)數據地址, szPassBuff, sizeof(szPassBuff), 0);
ReadProcessMemoryC#
/// <summary>
/// 從指定內存中讀取字節集數據
/// </summary>
/// <param name="handle">進程句柄</param>
/// <param name="address">內存地址</param>
/// <param name="data">數據存儲變量</param>
/// <param name="size">長度</param>
/// <param name="read">讀取長度</param>
[DllImport("Kernel32.dll")]
private static extern void ReadProcessMemory(IntPtr handle, uint address, [Out] byte[] data, int size, int read);
- 詞條統計
-
- 瀏覽次數:次
- 編輯次數:22次歷史版本
- 最近更新: 畅想千年