获取进程内存的图像
[英]Get an image of process memory
问题描述
My goal is to create a method that will take a process handle and return an array of bytes representing that process's memory. 
我的目标是创建一个方法,该方法将获取进程句柄并返回表示该进程内存的字节数组。 Here's what I have: 这就是我所拥有的:
[DllImport("Kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
public static byte[] MemRead(IntPtr handle, IntPtr address, UInt32 size, ref UInt32 bytes)
{
byte[] buffer = new byte[size];
ReadProcessMemory(handle, address, buffer, size, ref bytes);
return buffer;
}
I don't know what to pass to the wrapper method as arguments. 我不知道将什么作为参数传递给包装器方法。 I can find a handle and the bytes is an output variable, but what about address and size ? 我可以找到一个handle , bytes是输出变量,但是address和size呢? Where can I get this data from? 我在哪里可以获得这些数据?
1 个解决方案
解决方案1
0 2011-05-20 20:33:35
Use VirtualQuery to find out if an address has actually been allocated before calling MemRead. 在调用MemRead之前,使用VirtualQuery查明是否实际分配了一个地址。 Start with zero as the address and 64K as the page size and then simply increment the pointer with 64K on every iteration until you reach the maximum size of memory on your system. 以零作为地址开始,64K作为页面大小,然后在每次迭代时以64K递增指针,直到达到系统上的最大内存大小。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.