讀取其他進程內存將返回問號
[英]Reading other process memory returns question marks
問題描述
我正在使用其他內存掃描工具讀取其他進程內存,然后在此簡單的控制台應用程序中使用給定地址:
const int PROCESS_WM_READ = 0x0010;
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
static void Main(string[] args)
{
Process process = Process.GetProcessesByName("myProcess")[0];
IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
var ptr = int.Parse(Console.ReadLine(), NumberStyles.HexNumber);
Console.WriteLine($"ptr: {ptr}");
for (int i = 1; i < 129; i++)
{
int bytesRead = 0;
byte[] buffer = new byte[i];
try
{
ReadProcessMemory((int)processHandle, ptr, buffer, buffer.Length, ref bytesRead);
if (BitConverter.ToInt32(buffer, 0) == 0)
{
Console.WriteLine("error occured");
continue;
}
Console.WriteLine(bytesRead.ToString());
Console.WriteLine(Encoding.Unicode.GetString(buffer));
}
catch(Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Console.ReadLine();
}
問題在於結果總是一定? ?? ? ? ?? ? 而不是我試圖達到的詮釋
我嘗試了不同的編碼
Console.WriteLine(Encoding.ASCII.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");
Console.WriteLine(Encoding.UTF8.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");
Console.WriteLine(Encoding.Default.GetString(buffer) + " (" + bytesRead.ToString() + "bytes)");
和緩沖區長度-這就是為什么存在循環
這可能是什么問題?
1 個解決方案
解決方案1
1 2019-05-08 05:56:56
您可以將目標進程附加到Visual Studio,以查看要讀取的地址中的值。 如果它們是有效數據,則可以這樣打印:Console.WriteLine(buffer [0]);
以下是您可以參考的BingDict(32位)進程存儲器的讀取示例。
class Program
{
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
const int PROCESS_WM_READ = 0x0010;
static void Main(string[] args)
{
Process process = Process.GetProcessById(13568);
IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
// Get the process start information
ProcessStartInfo myProcessStartInfo = new ProcessStartInfo("BingDict");
// Assign 'StartInfo' of notepad to 'StartInfo' of 'process' object.
process.StartInfo = myProcessStartInfo;
//process.Start();
System.Threading.Thread.Sleep(1000);
ProcessModule myProcessModule;
// Get all the modules associated with the process
ProcessModuleCollection myProcessModuleCollection = process.Modules;
Console.WriteLine("Base addresses of the modules associated are:");
// Display the 'BaseAddress' of each of the modules.
for (int i = 0; i < myProcessModuleCollection.Count; i++)
{
myProcessModule = myProcessModuleCollection[i];
Console.WriteLine(myProcessModule.ModuleName + " : "
+ myProcessModule.BaseAddress);
}
// Get the main module associated with the process
myProcessModule = process.MainModule;
// Display the 'BaseAddress' of the main module.
Console.WriteLine("The process's main module's base address is: {0:X4}",
(int)myProcessModule.BaseAddress);
var ptr = (int)myProcessModule.BaseAddress;
for (int i = 1; i < 129; i++)
{
int bytesRead = 0;
byte[] buffer = new byte[1];
try
{
if (ReadProcessMemory((int)processHandle, ptr, buffer, buffer.Length, ref bytesRead))
{
Console.WriteLine(buffer[0]);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Console.ReadLine();
}
}
從StreamReader讀取文件時的c#編碼問題(問號)
[英]c# encoding problems (question marks) while reading file from StreamReader
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.