如何从Windows中的进程读取Unicode字符串?
[英]How to read Unicode string from process in Windows?
问题描述
I'm trying to read a Unicode string from another process's memory with this code: 
我正在尝试使用以下代码从另一个进程的内存中读取Unicode字符串:
Function: 功能:
bool ReadWideString(const HANDLE& hProc, const std::uintptr_t& addr, std::wstring& out) {
std::array<wchar_t, maxStringLength> outStr;
auto readMemRes = ReadProcessMemory(hProc, (LPCVOID)addr,(LPVOID)&out, sizeof(out), NULL);
if (!readMemRes)
return false;
else {
out = std::wstring(outStr.data());
}
return true;
}
Call: 呼叫:
std::wstring name;
bool res = ReadWideString(OpenedProcessHandle, address, name);
std::wofstream test("test.txt");
test << name;
test.close();
This is working well with English letters, but when I try to read Cyrillic, it outputs nothing. 这可以很好地处理英文字母,但是当我尝试阅读西里尔字母时,它什么也没输出。 I tried with std::string , but all I get is just a random junk like "EC9" instead of "Дебил" . 我试着用std::string ,但我得到的是就像一个随机的垃圾"EC9" ,而不是"Дебил" 。
I'm using Visual Studio 17 and the C++17 standard. 我正在使用Visual Studio 17和C ++ 17标准。
1 个解决方案
解决方案1
1 已采纳 2019-01-30 17:40:05
You can't read directly into the wstring the way you are doing. 您无法以您的方式直接读入wstring 。 That will overwrite it's internal data members and corrupt surrounding memory, which would be very bad. 这将覆盖其内部数据成员并破坏周围的内存,这将是非常糟糕的。
You are allocating a local buffer, but you are not using it for anything. 您正在分配本地缓冲区,但没有将其用于任何东西。 Use it, eg: 使用它,例如:
bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
std::array<wchar_t, maxStringLength> outStr;
SIZE_T numRead = 0;
if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr, sizeof(outStr), &numRead))
return false;
out.assign(outStr.data(), numRead / sizeof(wchar_t));
return true;
}
std::wstring name;
if (ReadWideString(OpenedProcessHandle, address, name)) {
std::ofstream test("test.txt", std::ios::binary);
wchar_t bom = 0xFEFF;
test.write(reinterpret_cast<char*>(&bom), sizeof(bom));
test.write(reinterpret_cast<const char*>(name.c_str()), name.size() * sizeof(wchar_t));
}
Alternatively, get rid of the local buffer and preallocate the wstring 's memory buffer instead, then you can read directly into it, eg: 或者,摆脱本地缓冲区并改为预分配wstring的内存缓冲区,然后您可以直接读取它,例如:
bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
out.resize(maxStringLength);
SIZE_T numRead = 0;
if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &out[0], maxStringLength * sizeof(wchar_t), &numRead)) {
out.clear();
return false;
}
out.resize(numRead / sizeof(wchar_t));
return true;
}
Or 要么
bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
std::wstring outStr;
outStr.resize(maxStringLength);
SIZE_T numRead = 0;
if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr[0], maxStringLength * sizeof(wchar_t), &numRead))
return false;
outStr.resize(numRead / sizeof(wchar_t));
out = std::move(outStr);
return true;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.