开发者

C ReadProcessMemory - how to examine the memory area associated with a process

开发者 https://www.devze.com 2022-12-21 08:40 出处:网络
I wans to read all of the memory associated with a particular process.I am aware of ReadProcessMemory, but as I have little experience of using it and I am fearful that I will just get a load of rubbi
相关专题:cvisual-studio-2008

I wans to read all of the memory associated with a particular process. I am aware of ReadProcessMemory, but as I have little experience of using it and I am fearful that I will just get a load of rubbish out (rubbish in...).

a) how do I work out, from the base pointer to the end) the total region that I can read b) what is the best way/safest to iterate over this area of memory and print it c) how do I print it given that I don't know what values it will contain so that I can look at it?

I would also like to be able to include the actual location of each piece o开发者_开发问答f data from within memory in my output.

Thanks R.

Memory is accessible in units of pages (typically 4096 bytes). If you read each page individually, you can know that if the read fails, that page is not readable and you can skip it.

#define PAGESIZE 4096
char *base = (char *)0;
do {

    char buffer[PAGESIZE];

    if (ReadProcessMemory(handle, base, buffer, PAGESIZE, NULL) != 0)
    {
        // buffer is valid

        // the address of buffer[X] is base+X
    }

    base += PAGESIZE;

// keep looping going until we wrap back around to 0
} while (base != 0);

Start with VirtualQueryEx to determine what parts of the process's address space have pages backing them up, then once you know what is where, you can use ReadProcessMemory to look at the actual data.

There are a couple of things you generally need (or at least want) to use to make much use of ReadProcessMemory. For your first question, finding blocks of memory that can be read, you can use VirtualQueryEx to find the regions of memory in a process, and how the virtual memory manager has marked each region.

To find things like locations of individual variables, you normally need to use the debugging API -- specifically the Symbol part -- SymInitialize, SymGetSymFromName, and possibly SymEnumerateSymbols should get you a decent start. There are quite a few more though...

Thank you Jerry Coffin. This is just i was looking for in winnt.h:

typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
DWORD RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;

in winbase.h:

VirtualQueryEx(
HANDLE hProcess,
LPCVOID lpAddress,
PMEMORY_BASIC_INFORMATION lpBuffer,
DWORD dwLength
);
0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9