English 中文(简体)
阅读过程记忆
原标题:Reading a process memory

我正在尝试使用ReadProcessMemory() API函数读取控制台程序的进程内存。

www.un.org/Depts/DGACM/index_spanish.htm 增订法典:

    HWND hWnd = FindWindow(NULL, "Read Memory Window");
    DWORD ProcessId;
    ProcessId = GetProcessId(hWnd);
    GetWindowThreadProcessId(hWnd, &ProcessId);
    HANDLE hProcess = OpenProcess(PROCESS_VM_READ,FALSE, ProcessId);

    SIZE_T NumberOfBytesRead;
    CHAR Buffer[128] = {0};
    dwAddr = 0x0012FD6C; //address of array to get
    BOOL sucess = ReadProcessMemory(hProcess, &dwAddr, &Buffer, 128, &NumberOfBytesRead);

在运行该程序并读取数组的程序时,我会得到空值和垃圾值。

最佳回答

您正在使用固定地址,这通常是一个非常糟糕的想法,尤其是现在Windows Vista和Windows 7使用ASLR,即使是基于固定地址的模块也是不安全的(即使没有ASLR,也是不安全的,因为图像可以由于各种原因而被重新分配)。

此外,那个地址看起来非常可疑,你是怎么得出那个地址的?而且,它是否被正确地调整为虚拟地址,而不是相对地址?

最后但最重要的是,您不应该像您所做的那样传递地址和缓冲区,应该这样传递:

BOOL sucess = ReadProcessMem或者y(hProcess, (LPVOID)dwAddr, &Buffer[0], 128, &NumberOfBytesRead);

或者

BOOL sucess = ReadProcessMem或者y(hProcess, (LPVOID)dwAddr, Buffer, 128, &NumberOfBytesRead);
时间:2010-02-20 04:36:14
问题回答

暂无回答


上一篇:
下一篇:


相关问题
Undefined reference

I m getting this linker error. I know a way around it, but it s bugging me because another part of the project s linking fine and it s designed almost identically. First, I have namespace LCD. Then I ...

时间:2009-11-13 05:44:49 回答:2 展示:1
C++ Equivalent of Tidy

Is there an equivalent to tidy for HTML code for C++? I have searched on the internet, but I find nothing but C++ wrappers for tidy, etc... I think the keyword tidy is what has me hung up. I am ...

时间:2009-11-13 05:22:45 回答:4 展示:1
Template Classes in C++ ... a required skill set?

I m new to C++ and am wondering how much time I should invest in learning how to implement template classes. Are they widely used in industry, or is this something I should move through quickly?

时间:2009-11-13 05:17:36 回答:8 展示:1
Print possible strings created from a Number

Given a 10 digit Telephone Number, we have to print all possible strings created from that. The mapping of the numbers is the one as exactly on a phone s keypad. i.e. for 1,0-> No Letter for 2->...

时间:2009-11-13 04:24:12 回答:3 展示:1
typedef ing STL wstring

Why is it when i do the following i get errors when relating to with wchar_t? namespace Foo { typedef std::wstring String; } Now i declare all my strings as Foo::String through out the program, ...

时间:2009-11-13 04:07:57 回答:4 展示:1
C# Marshal / Pinvoke CBitmap?

I cannot figure out how to marshal a C++ CBitmap to a C# Bitmap or Image class. My import looks like this: [DllImport(@"test.dll", CharSet = CharSet.Unicode)] public static extern IntPtr ...

时间:2009-11-13 03:47:30 回答:1 展示:1
Window iconification status via Xlib

Is it possible to check with the means of pure X11/Xlib only whether the given window is iconified/minimized, and, if it is, how?

时间:2009-11-13 03:42:45 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全