获取进程内存的图像
我的目标是创建一个方法,该方法将获取进程句柄并返回表示该进程内存的字节数组。这就是我所拥有的:
[DllImport("Kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
public static byte[] MemRead(IntPtr handle, IntPtr address, UInt32 size, ref UInt32 bytes)
{
byte[] buffer = new byte[size];
ReadProcessMemory(handle, address, buffer, size, ref bytes);
return buffer;
}
我不知道将什么作为参数传递给包装器方法。我可以找到一个句柄,并且字节是一个输出变量,但是地址和大小又如何呢?我可以从哪里获取这些数据?
My goal is to create a method that will take a process handle and return an array of bytes representing that process's memory. Here's what I have:
[DllImport("Kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
public static byte[] MemRead(IntPtr handle, IntPtr address, UInt32 size, ref UInt32 bytes)
{
byte[] buffer = new byte[size];
ReadProcessMemory(handle, address, buffer, size, ref bytes);
return buffer;
}
I don't know what to pass to the wrapper method as arguments. I can find a handle and the bytes is an output variable, but what about address and size? Where can I get this data from?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在调用 MemRead 之前,使用 VirtualQuery 查明地址是否已实际分配。
从零作为地址和 64K 作为页面大小开始,然后在每次迭代中简单地将指针增加 64K,直到达到系统上的最大内存大小。
Use VirtualQuery to find out if an address has actually been allocated before calling MemRead.
Start with zero as the address and 64K as the page size and then simply increment the pointer with 64K on every iteration until you reach the maximum size of memory on your system.