OpenProcess句柄对ReadProcessMemory无效
[英]OpenProcess handle invalid for ReadProcessMemory
问题描述
I've made this simple class to open a process and read memory from it: The problem is when I call ReadDWORD with any memory address ReadProcessMemory fails with error code 6: ERROR_INVALID_HANDLE, The handle is invalid . 
我已经创建了这个简单的类来打开一个进程并从中读取内存:问题是当我用任何内存地址调用ReadDWORD ReadProcessMemory失败时出现错误代码6: ERROR_INVALID_HANDLE, The handle is invalid 。 And I can't figure out what I'm doing wrong. 我无法弄清楚我做错了什么。
If I put the OpenProcess part in the ReadDWORD function it works fine. 如果我将OpenProcess部分放在ReadDWORD函数中,它可以正常工作。 Is there something wrong with how I store the handle? 我如何存放手柄有什么问题吗? Why does it become invalid before I use it? 为什么在使用它之前它会变得无效?
Memory.h Memory.h
#ifndef MEMORY_H
#define MEMORY_H
#include <windows.h>
#include <psapi.h>
#pragma comment(lib, "psapi.lib")
#include <iostream>
class Memory
{
public:
Memory();
Memory(DWORD offset);
~Memory();
DWORD ReadDWORD(DWORD addr);
private:
HANDLE m_hProc;
DWORD m_Offset;
};
#endif
Memory.cpp Memory.cpp
#include "Memory.h"
Memory::Memory()
{
Memory(0);
}
Memory::Memory(DWORD offset)
{
m_hProc = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, false, 5444); // 5444 is the PID of a process I'm testing this with
m_Offset = offset;
}
Memory::~Memory()
{
CloseHandle(m_hProc);
}
DWORD Memory::ReadDWORD(DWORD addr)
{
// Optional memory offset
addr += m_Offset;
DWORD value = -1;
int result = ReadProcessMemory(m_hProc, (LPVOID)addr, &value, sizeof(DWORD), NULL);
if (result == 0)
std::cout << "ReadProcessMemory error: " << GetLastError() << std::endl;
return value;
}
3 个解决方案
解决方案1
2 已采纳 2011-03-30 23:43:36
Memory::Memory()
{
Memory(0);
}
This isn't doing what you think its doing: it's not actually calling the other constructor, instead it's creating a temporary that gets discarded. 这不是你认为它做的事情:它实际上并没有调用其他构造函数,而是创建一个被丢弃的临时函数。 So you are opening the process, but in a separate temporary object, while this object remains uninitialized. 所以你打开了这个过程,但是在一个单独的临时对象中,这个对象仍未被初始化。
Safer approach is to have a separate Initialize(offset) method that you call from both ctors. 更安全的方法是使用一个单独的Initialize(offset)方法,您可以从两个ctors调用。
(The advice in the other answers is also good; check your return values, and where you get a E_INVALID_HANDLE, check that the handle is something that looks like a handle. Or set a breakpoint at the OpenHandle and ReadProcessMemory and check that the same value is being used in both places. C++ is often full of surprises, and there's often no substitute for just stepping through the code to make sure it's doing what you think it's doing.) (其他答案中的建议也很好;检查您的返回值,以及获取E_INVALID_HANDLE的位置,检查句柄是否看起来像句柄。或者在OpenHandle和ReadProcessMemory上设置断点并检查相同的值在这两个地方都在使用.C ++通常充满惊喜,而且通常只能单步执行代码来确保它正在执行您认为正在执行的操作。)
解决方案2
0 2013-03-30 12:48:50
You can use RtlAdjustPrivilege function to get SeDebugPrivilege. 您可以使用RtlAdjustPrivilege函数来获取SeDebugPrivilege。
NTSTATUS NTAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN); /*This is the
protoype of RtlAdjustPrivilege function.*/
解决方案3
0 2011-03-30 23:23:14
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.