读取进程的起始地址和长度(虚拟内存映射)
[英]Reading the start address and length (virtual memory map) of a process
问题描述
I need to know how to read the start address and length (virtual memory map) of a process. 
我需要知道如何读取进程的起始地址和长度(虚拟内存映射)。
I would like to map a process memory. 我想映射一个过程存储器。 I would like to read values of a process memory and write values to them. 我想读取过程存储器的值并将值写入它们。
I'm curious about how programs like Cheat-O'matic (cheat-o-matic.softonic.com.br) work. 我很好奇Cheat-O'matic(cheat-o-matic.softonic.com.br)之类的程序是如何工作的。 First thing I thought was that the process would be loaded in a contiguous memory location. 我想的第一件事是,过程将在一个连续的内存位置加载。 But that seems not right. 但这似乎是不对的。
1 个解决方案
解决方案1
0 已采纳 2012-08-31 12:58:54
Call repeatedly VirtualQueryEx , starting with address zero and increasing each time of the value obtained in the RegionSize member of the MEMORY_BASIC_INFORMATION structure you passed to it. 重复调用VirtualQueryEx ,从地址0开始,每次增加传递给它的MEMORY_BASIC_INFORMATION结构的RegionSize成员中获得的值。 To obtain a meaningful map obviously the process should be paused. 为了获得有意义的地图,显然应该暂停该过程。
Still, even after you got this memory map, I'm not sure what you can do with it: unless you know (by other means) the internals of the process you are accessing all you get to know is locations where you can read or write without triggering an access violation, not the meaning of their content. 尽管如此,即使获得了此内存映射,我也不知道该怎么做:除非您(通过其他方式)知道要访问的过程的内部知识,否则您所知道的就是可以读取或读取的位置。写而不触发访问冲突,而不是其内容的含义。 You should really clarify what you are trying to achieve, Read/WriteProcessMemory usually aren't a solution for "normal" problems. 您应该真正弄清楚要实现的目标,Read / WriteProcessMemory通常不是解决“正常”问题的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.