代码拉取完成,页面将自动刷新
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
namespace ArchiveUnpack
{
public class MemoryDump
{
#region API
//从指定内存中读取字节集数据
[DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);
//public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, IntPtr lpNumberOfBytesRead);
//从指定内存中写入字节集数据
[DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, int[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten);
//打开一个已存在的进程对象,并返回进程的句柄
[DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
//关闭一个内核对象。其中包括文件、文件映射、进程、线程、安全和同步对象等。
[DllImport("kernel32.dll")]
public static extern void CloseHandle(IntPtr hObject);
#endregion
public static byte[] ReadBytes(int pid, long ba, int count)
{
byte[] data = new byte[count];
IntPtr hProcess = OpenProcess(0x1F0FFF, false, pid);
IntPtr lpBaseAddress = new IntPtr(ba);
//IntPtr lpNumberOfBytesRead = new IntPtr(4);
int lpNumberOfBytesRead = 0;
bool b = ReadProcessMemory(hProcess, lpBaseAddress, data, count, out lpNumberOfBytesRead);
if (!b)
{
Console.WriteLine(string.Format("ReadProcessMemory on {0},baseaddress={1},count={2} fail.", pid, ba, lpNumberOfBytesRead));
}
//int BytesRead = Marshal.ReadInt32(lpNumberOfBytesRead);
//Console.WriteLine(string.Format("ReadCount:{0}", BytesRead));
return data;
}
////读取内存中的值
//public static int ReadMemoryValue(int pid,int baseAddress)
//{
// try
// {
// byte[] buffer = new byte[4];
// //获取缓冲区地址
// IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);
// //打开一个已存在的进程对象 0x1F0FFF 最高权限
// IntPtr hProcess = OpenProcess(0x1F0FFF, false, pid);
// Console.WriteLine(hProcess);
// //将制定内存中的值读入缓冲区
// ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero);
// //关闭操作
// CloseHandle(hProcess);
// //从非托管内存中读取一个 32 位带符号整数。
// return Marshal.ReadInt32(byteAddress);
// }
// catch(Exception e)
// {
// Console.WriteLine(string.Format("ReadProcessMemory on {0},baseaddress={1},count={2} fail.", pid, baseAddress, 0));
// return 0;
// }
//}
}
}
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化