读取进程的进程内存不会返回所有内容

本文介绍了读取进程的进程内存不会返回所有内容的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在尝试扫描第三方应用程序的内存。我已经找到了地址;现在在 0x0643FB78 。事情是，我永远不能起床，因为 LPMODULEENTRY32-> modBaseAddr 是 0x00400000 和 LPMODULEENTRY32-> modBaseSize 只是 0x006FF000 ，因此我可以扫描这个模块的最大地址是 0x00AFF000 。

I am trying to scan memory of a 3rd party application. I have already found out the address; right now is at 0x0643FB78. The thing is, I can never get up there since LPMODULEENTRY32->modBaseAddr is 0x00400000 and LPMODULEENTRY32->modBaseSize is merely 0x006FF000, thus the max address I can scan for this module is 0x00AFF000.

这是否意味着我寻找的地址住在另一个进程/模块/线程/东西？我相信我的过程，我包含的地址，虽然。那么我应该如何访问内存呢？谢谢。

Does that mean the address I seek does live inside another process/module/thread/something? I am quite confident the process I have does contain the address though. How should I access the memory then? Thank you.

推荐答案

至少在我看来，如果你有一个 LPMODULEENTRY 涉及，你可能开始在错误的方向。我将通过 VirtualQueryEx 在目标进程中的内存块。这将给你一个 MEMORY_BASIC_INFORMATION 关于每个块的过程。然后，您可以使用 ReadProcessMemory 并扫描块以查找您要查找的内容。

At least in my opinion, if you have an LPMODULEENTRY involved, you're probably starting in the wrong direction. I'd walk through the blocks of memory in the target process with VirtualQueryEx instead. This will give you a MEMORY_BASIC_INFORMATION about each block in that process. You can then use ReadProcessMemory and scan through the blocks to find what you're looking for.

代码我写的是做大致相同的事情，但寻找一个字符串，而不是一个指针：

Here's some old code I wrote to do roughly the same thing, but looking for a string rather than a pointer:

#include <iostream> #include <vector> #include <string> #include <windows.h> #include <algorithm> #include <iterator> template <class InIter1, class InIter2, class OutIter> void find_all(unsigned char *base, InIter1 buf_start, InIter1 buf_end, InIter2 pat_start, InIter2 pat_end, OutIter res) { for (InIter1 pos = buf_start; buf_end!=(pos=std::search(pos, buf_end, pat_start, pat_end)); ++pos) { *res++ = base+(pos-buf_start); } } template <class outIter> void find_locs(HANDLE process, std::string const &pattern, outIter output) { unsigned char *p = NULL; MEMORY_BASIC_INFORMATION info; for ( p = NULL; VirtualQueryEx(process, p, &info, sizeof(info)) == sizeof(info); p += info.RegionSize ) { std::vector<char> buffer; std::vector<char>::iterator pos; if (info.State == MEM_COMMIT && (info.Type == MEM_MAPPED || info.Type == MEM_PRIVATE)) { SIZE_T bytes_read; buffer.resize(info.RegionSize); ReadProcessMemory(process, p, &buffer[0], info.RegionSize, &bytes_read); buffer.resize(bytes_read); find_all(p, buffer.begin(), buffer.end(), pattern.begin(), pattern.end(), output); } } } int main(int argc, char **argv) { if (argc != 3) { fprintf(stderr, "Usage: %s <process ID> <pattern>", argv[0]); return 1; } int pid; sscanf(argv[1], "%i", &pid); std::string pattern(argv[2]); HANDLE process = OpenProcess( PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, false, pid); find_locs(process, pattern, std::ostream_iterator<void *>(std::cout, "\n")); return 0; }