是否可以在 Unix/Linux 上读取虚拟 memory? 在 Windows 上?
[英]Is possible to read virtual memory on Unix/Linux? And on Windows?
问题描述
I am working on Debian GNU/Hurd with Mach.
我正在使用 Mach 研究 Debian GNU/Hurd。 I have been asked to write a program that, given a PID and an address, executes vm_read over the address and prints the result.我被要求编写一个程序,给定一个 PID 和一个地址,在地址上执行vm_read并打印结果。
This is the code I have written:这是我写的代码:
#include <mach_error.h>
#include <mach/mig_errors.h>
#include <mach/thread_status.h>
#include <mach/processor_info.h>
#include <mach/i386/vm_param.h>
#include <stdio.h>
#include <stdlib.h>
#include <hurd.h>
#include <string.h>
int main(int argc, char * argv[]) {
if(argc != 3) {
printf ("Wrong arguments: ./vm_read PID address\n");
exit(1);
}
int res;
mach_port_t target_task = pid2task(atoi(argv[1]));
vm_address_t addr = atoi(argv[2]);
vm_offset_t *data;
mach_msg_type_number_t data_count;
res = vm_read (target_task, addr, sizeof(int), &data, &data_count);
if (res != KERN_SUCCESS) {
printf ("Error reading virtual mem (0x%x), %s \n", res,
mach_error_string(res));
exit(1);
}
printf("done\n");
for (int i=0; i<data_count; ++i){
printf("byte %d : %x\n",i,((char*)data)[i]);
}
}
It works correctly, but now I'm asked if it is possible to write a version for Unix/Linux and another for Windows that do the same thing.它工作正常,但现在我被问到是否可以为 Unix/Linux 编写一个版本,为 Windows 编写另一个版本,做同样的事情。
I've been searching and it looks like it shouldn't be any problem because both use virtual memory in their procceses, but I'm not sure if there could be complications with permissions or anything else.我一直在搜索,看起来应该没有问题,因为两者都在他们的过程中使用虚拟 memory,但我不确定权限或其他任何事情是否会出现并发症。
2 个解决方案
解决方案1
1 已采纳 2021-03-20 20:19:02
For Windows, if you need to read memory from a process, you'll need to request the PROCESS_VM_READ when you get your handle to the process (ReadProcessMemory is the appropriate call).对于 Windows,如果您需要从进程中读取 memory,则需要在获得进程句柄时请求 PROCESS_VM_READ(ReadProcessMemory 是适当的调用)。 In order to get that Handle, it's usually easier to start the process yourself with OpenProcess.为了获得该句柄,通常使用 OpenProcess 自己启动进程会更容易。
解决方案2
1 2021-03-21 01:41:38
There's no standard way to access the memory of another process on UNIX, but on Linux, you can do it by reading the special file /proc/ pid /mem:没有标准方法可以访问 UNIX 上另一个进程的 memory,但是在 Linux 上,您可以通过阅读特殊文件 /proc/ pid /me 来完成
char memfile[32];
snprintf(memfile, sizeof(memfile), "/proc/%s/mem", argv[1]);
int mfd = open(memfile, O_RDONLY);
if (mfd < 0) {
perror("Can't open pid/mem file");
exit(1); }
if (lseek(mfd, (off_t)strtoull(argv[2], 0, 0), SEEK_SET) {
perror("Can't seek to address");
exit(1); }
if (read(mfd, &data, sizeof(data)) <= 0) {
fprintf(stderr, "No data at address %s\n", argv[2]);
exit(1); }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.