磁盘分区
获取或修改指定进程ID的内存数据
2021-08-30
73
0
磁盘分区
在进程ID已知的前提下,如何获取该进程在内存中的数据,下面提供一种方法。
void GetProcessMemory(ULONG PID,,PVOID PVOID pRaddAddr)
{
PROCESS_INFORMATION pi;
ZeroMemory(&pi, sizeof(pi));
pi.dwProcessId = PID;
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION, FALSE, pi.dwProcessId);
if (hProcess == NULL)
{
::MessageBoxA(NULL,"openprocess error", NULL, MB_OK);
return;
}
SIZE_T nRead;
BOOL ISOK = ::ReadProcessMemory(hProcess, pRaddAddr, buff, sizeof(buff), &nRead);
if (!ISOK)
{
::MessageBoxA(NULL, "ReadProcessMemory error", NULL, MB_OK);
CloseHandle(hProcess);
return;
}
//这里的数组缓冲区需要足够大,否则会产生缓冲区溢出
char tmp[4096] = { 0 };
int index = 0;
if (nRead > 0)
{
for (SIZE_T i = 0; i < nRead; i++)
{
index += sprintf_s(tmp + index,128, "%02X ", buff[i]);
}
}
else
{
::MessageBoxA(NULL, "no date to read error", NULL, MB_OK);
}
CloseHandle(hProcess);
}
当然也可以使用WriteProcessMemory来重入进程内存。
注意:打开进程需要足够的权限,否则OpenProcess会失败,可提高本进程的权限或本进程以高权限运行。
