How can I scan another process memory to find what follows a specific string?
Question
I want to scan the entire heap of a currently running native application through another process.
For example, I want to know what follows all the instances of the ASCII sequence "test" in this process memory (in this case I would scan for "test" and keep reading after it).
I tried to google for more information but didn't find much: I found ReadProcessMemory which looked interesting, but how can I know the memory addresses a process has allocated?
1 answers
solution1
6 ACCPTED 2010-08-17 17:31:02
Try VirtualQueryEx .
If you're finding that you're accessing a lot of memory in the other process, consider using CreateRemoveThread ( sample code ). This will allow you to inject your own DLL into the other process and run code there directly. Once you're running code in the other process, you'll be able to access memory as normal, without needing to use ReadProcessMemory . (You'll still need VirtualQuery to determine the process's memory layout.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.