识别 PROCESSENTRY32 成员变量
我在内存地址 0x0012FC20 处有一个具有 PROCESSENTRY32 结构的内存转储。任务是识别 PROCESSENTRY32 成员变量的值。我知道第一个成员 - DWORD dwSize,指的是转储的前 32 位或 8 个十六进制字符,因此它应该是 0X00000128 或 296 字节。 有谁知道我如何找到其余的值?内存转储显示如下。
多谢!
0012FC28 6C 06 00 00 00 00 00 00 l......
0012FC30 00 00 00 00 15 00 00 00 .......
0012FC38 1C 06 00 00 0D 00 00 00 ......
0012FC40 00 00 00 00 77 69 6E 6C ....winl
0012FC48 6F 67 6F 6E 2E 65 78 65 ogon.exe
0012FC50 00 73 73 5D 00 00 00 00 .ss]....
0012FC58 10 05 15 00 00 00 00 00 .....
0012FC60 00 00 00 00 3F 00 3F 00 ....?.?.
0012FC68 00 00 00 00 00 00 00 00 ........
0012FC70 B4 21 91 7C 00 00 00 00 ¥!ë|....
0012FC78 00 00 00 00 00 00 15 00 .......
0012FC80 CB A3 91 7C B8 FC 12 00 À£ë|∏¸.
0012FC88 D7 F2 96 7C 00 00 15 00 ◊Úñ|...
0012FC90 00 00 00 00 68 2C 15 00 ....h,.
0012FC98 00 00 15 00 70 2C 15 00 ...p,.
0012FCA0 B4 FC 12 00 18 FD 12 00 ¥¸.˝.
0012FCA8 20 E9 90 7C 00 00 34 00 Èê|..4.
0012FCB0 AC FA 12 00 00 00 00 00 ¨˙.....
0012FCB8 EC FE 12 00 20 E9 90 7C Ï˛. Èê|
0012FCC0 00 A0 91 7C FF FF FF FF .†ë|ˇˇˇˇ
0012FCC8 FA 9F 91 7C 0C 9C 91 7C ˙üë|.úë|
0012FCD0 00 00 34 00 60 00 00 40 ..4.`..@
0012FCD8 DB 01 91 7C 08 00 00 00 ۑ|...
0012FCE0 00 00 00 00 A6 00 00 00 ....¶...
0012FCE8 00 00 00 00 86 BA 80 7C ....Ü∫Ä|
0012FCF0 FF FF FF FF 00 00 00 00 ˇˇˇˇ....
0012FCF8 20 02 00 00 68 2C 15 00 ..h,.
0012FD00 00 00 15 00 4D 3C 86 7C ...M<Ü|
0012FD08 00 00 00 00 18 FD 01 01 ....˝
0012FD10 C8 FC 12 00 00 00 00 00 »¸.....
0012FD18 00 FE 12 00 20 E9 90 7C .˛. Èê|
0012FD20 E8 05 97 7C FF FF FF FF Ëó|ˇˇˇˇ
0012FD28 C4 05 97 7C FC BA 94 7C ƒó|¸∫î|
0012FD30 00 00 15 00 61 00 00 50 ...a..P
0012FD38 CB A3 91 7C 00 00 15 00 À£ë|...
0012FD40 70 2C 15 00 60 p,.````
I have a memory dump with PROCESSENTRY32 structure at memory address 0x0012FC20. The task is to identify the values of the PROCESSENTRY32 member variables. I know that the first member - DWORD dwSize, refers to the first 32 bits, or 8 hex characters, of the dump, so it should be 0X00000128 or 296 bytes.
Does anyone know how do I find the rest of the values? The memory dump is displayed below.
Thanks a lot!
0012FC28 6C 06 00 00 00 00 00 00 l......
0012FC30 00 00 00 00 15 00 00 00 .......
0012FC38 1C 06 00 00 0D 00 00 00 ......
0012FC40 00 00 00 00 77 69 6E 6C ....winl
0012FC48 6F 67 6F 6E 2E 65 78 65 ogon.exe
0012FC50 00 73 73 5D 00 00 00 00 .ss]....
0012FC58 10 05 15 00 00 00 00 00 .....
0012FC60 00 00 00 00 3F 00 3F 00 ....?.?.
0012FC68 00 00 00 00 00 00 00 00 ........
0012FC70 B4 21 91 7C 00 00 00 00 ¥!ë|....
0012FC78 00 00 00 00 00 00 15 00 .......
0012FC80 CB A3 91 7C B8 FC 12 00 À£ë|∏¸.
0012FC88 D7 F2 96 7C 00 00 15 00 ◊Úñ|...
0012FC90 00 00 00 00 68 2C 15 00 ....h,.
0012FC98 00 00 15 00 70 2C 15 00 ...p,.
0012FCA0 B4 FC 12 00 18 FD 12 00 ¥¸.˝.
0012FCA8 20 E9 90 7C 00 00 34 00 Èê|..4.
0012FCB0 AC FA 12 00 00 00 00 00 ¨˙.....
0012FCB8 EC FE 12 00 20 E9 90 7C Ï˛. Èê|
0012FCC0 00 A0 91 7C FF FF FF FF .†ë|ˇˇˇˇ
0012FCC8 FA 9F 91 7C 0C 9C 91 7C ˙üë|.úë|
0012FCD0 00 00 34 00 60 00 00 40 ..4.`..@
0012FCD8 DB 01 91 7C 08 00 00 00 ۑ|...
0012FCE0 00 00 00 00 A6 00 00 00 ....¶...
0012FCE8 00 00 00 00 86 BA 80 7C ....Ü∫Ä|
0012FCF0 FF FF FF FF 00 00 00 00 ˇˇˇˇ....
0012FCF8 20 02 00 00 68 2C 15 00 ..h,.
0012FD00 00 00 15 00 4D 3C 86 7C ...M<Ü|
0012FD08 00 00 00 00 18 FD 01 01 ....˝
0012FD10 C8 FC 12 00 00 00 00 00 »¸.....
0012FD18 00 FE 12 00 20 E9 90 7C .˛. Èê|
0012FD20 E8 05 97 7C FF FF FF FF Ëó|ˇˇˇˇ
0012FD28 C4 05 97 7C FC BA 94 7C ƒó|¸∫î|
0012FD30 00 00 15 00 61 00 00 50 ...a..P
0012FD38 CB A3 91 7C 00 00 15 00 À£ë|...
0012FD40 70 2C 15 00 60 p,.````
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论