Reading or Writing to Another Processes Memory in C# z
http://www.jarloo.com/reading-and-writing-to-memory/
Declarations
[Flags]
public enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
} [DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId); [DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); [DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead); [DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);
Reading from another processes Memory
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id); byte[] buffer = new byte[numOfBytes]; ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
return buffer;
}
Here is an example of a call to this function:
Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault();
int address = 0x02ED2910;
int bytesRead;
byte[] value = ReadMemory(process, address, , out bytesRead);
Writing to another processes memory
public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)
{
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id); byte[] val = BitConverter.GetBytes(value); bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32) val.LongLength, out bytesWritten); CloseHandle(hProc); return worked;
}
Here is an example of a call to this function:
Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault(); int address = 0x02ED2910;int bytesWritten;bool worked = WriteMemory(process, address, value, out bytesWritten);函数功能:该函数从指定的进程中读入内存信息,被读取的区域必须具有访问权限。
函数原型:BOOL ReadProcessMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead);
参数:
hProcess:进程句柄
lpBaseAddress:读出数据的地址
lpBuffer:存放读取数据的地址
nSize:读出的数据大小
lpNumberOfBytesRead:数据的实际大小
C#中使用该函数首先导入命名空间:
- using System.Runtime.InteropServices;
using System.Runtime.InteropServices;
然后写API引用部分的代码,放入 class 内部
- [DllImport("kernel32.dll ")]
- static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress,out int lpBuffer, int nSize, out int lpNumberOfBytesRead);
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress,out int lpBuffer, int nSize, out int lpNumberOfBytesRead);
这个函数有五个参数,第一个参数是 进程句柄,由OpenProcess函数获取;第二个参数是要读出数据的地址,使用CE等辅助工具可取得;第三个参数是用于存放读取数据的地址;第四个参数是 要读出的数据大小;第五个参数是读出数据的实际大小。例如:
- IntPtr hwnd = FindWindow(null, "计算器");
- const int PROCESS_ALL_ACCESS = 0x1F0FFF;
- const int PROCESS_VM_READ = 0x0010;
- const int PROCESS_VM_WRITE = 0x0020;
- if (hwnd != IntPtr.Zero)
- {
- int calcID;
- int calcProcess;
- int dataAddress;
- int readByte;
- GetWindowThreadProcessId(hwnd, out calcID);
- calcProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE, false, calcID);
- //假设地址0X0047C9D4存在信息
- ReadProcessMemory(calcProcess, 0X0047C9D4, out dataAddress, 4, out readByte);
- MessageBox.Show(dataAddress.ToString());
- }
- else
- {
- MessageBox.Show("没有找到窗口");
- }
IntPtr hwnd = FindWindow(null, "计算器");
const int PROCESS_ALL_ACCESS = 0x1F0FFF;
const int PROCESS_VM_READ = 0x0010;
const int PROCESS_VM_WRITE = 0x0020;
if (hwnd != IntPtr.Zero)
{
int calcID;
int calcProcess;
int dataAddress;
int readByte;
GetWindowThreadProcessId(hwnd, out calcID);
calcProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE, false, calcID);
//假设地址0X0047C9D4存在信息
ReadProcessMemory(calcProcess, 0X0047C9D4, out dataAddress, 4, out readByte);
MessageBox.Show(dataAddress.ToString());
}
else
{
MessageBox.Show("没有找到窗口");
}
如果我们读取的一段内存中的数据,我们引入部分可修改成如下:
- //二维数组
- [DllImport("kernel32.dll ")]
- static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[,] lpBuffer, int nSize, out int lpNumberOfBytesRead);
- //一维数组
- [DllImport("kernel32.dll ")]
- static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);
//二维数组
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[,] lpBuffer, int nSize, out int lpNumberOfBytesRead);
//一维数组
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);
由于数组是引用传递,我们不需要写out关键字。
Reading or Writing to Another Processes Memory in C# z的更多相关文章
- Reading and Writing CSV Files in C#
Introduction A common requirement is to have applications share data with other programs. Although t ...
- Reading and writing RData files
前面添加个lapply()或者dplyr::llply()就能读取,储存多个文件了.http://bluemountaincapital.github.io/FSharpRProvider/readi ...
- Reading and writing
A text file is a sequence of characters stored on a permanent medium like a hard drive, flash memory ...
- Analysis about different methods for reading and writing file in Java language
referee:Java Programming Tutorial Advanced Input & Output (I/O) JDK 1.4+ introduced the so-calle ...
- Apache POI – Reading and Writing Excel file in Java
来源于:https://www.mkyong.com/java/apache-poi-reading-and-writing-excel-file-in-java/ In this article, ...
- PostgreSQL Reading Ad Writing Files、Execution System Instructions Vul
catalog . postgresql简介 . 文件读取/写入 . 命令执行 . 影响范围 . 恶意代码分析 . 缓解方案 1. postgresql简介 PostgreSQL 是一个自由的对象-关 ...
- 【转】Native Thread for Win32 C- Creating Processes(通俗易懂,非常好)
http://www.bogotobogo.com/cplusplus/multithreading_win32C.php To create a new process, we need to ca ...
- five kinds of IPC methods
Shared memory permits processes to communicate by simply reading and writing to a specified memory l ...
- Android Security
Android Security¶ 确认签名¶ Debug签名: $ jarsigner -verify -certs -verbose bin/TemplateGem.apk sm 2525 Sun ...
随机推荐
- Fragment (一)
1,简介 Fragement(碎片)允许将Activity拆分成多个完全独立封装的可重用组件,每个组件有它自己的生命周期和UI布局,由此可见,Fragement依赖于Activity,它的生命周期 ...
- hdu 1370 Biorhythms
中国剩余定理……. 链接http://acm.hdu.edu.cn/showproblem.php?pid=1370 /**************************************** ...
- 欧拉工程第70题:Totient permutation
题目链接 和上面几题差不多的 Euler's Totient function, φ(n) [sometimes called the phi function]:小于等于n的数并且和n是互质的数的个 ...
- lintcode :Binary Tree Preorder Traversal 二叉树的前序遍历
题目: 二叉树的前序遍历 给出一棵二叉树,返回其节点值的前序遍历. 样例 给出一棵二叉树 {1,#,2,3}, 1 \ 2 / 3 返回 [1,2,3]. 挑战 你能使用非递归实现么? 解题: 通过递 ...
- SDK 与MFC
SDK 就是Software Development Kit 软件开发包MFC 就是Microsoft Foundation Classes 微软函数类库.是以C++类的形式封装了Windows的AP ...
- ios(苹果公司的移动操作系统)
iOS是由苹果公司开发的移动操作系统. 苹果公司最早于2007年1月9日的Macworld大会上公布这个系统,最初是设计给iPhone使用的, 后来陆续套用到iPod touch.iPad以及Appl ...
- Linux进程调度和切换过程分析
内容: (1):从schedule()开始,几种不同类型的进程之间的调度选择;在相同类型的进程之间的调度选择算法 (2):从CPU的IP值的变化上,说明在switch_to宏执行后,执行分析 (3): ...
- Visaul Studio2015安装以及c++单元测试使用方法
Visual Studio 2015安装流程 vs2015是一款十分好用的IDE,接下来就介绍一下安装流程.这里采用在线安装方式,从官网下载使得安装更加安全. 第一步:在百度中搜索Visual ...
- cololection
package cn.bjsxt.col; /** * 简化迭代器原理 * hasNext * next * @author Administrator * */ public class MyArr ...
- tlProPlayer for windows
tlProPlayer tlProPlayer简介 tlProPlayer是一款定位高性能产品,支持透传,原生输出,并支持硬解码(硬件加速)的多媒体产品,兼容tlplayer所有特性.支持视频加密播放 ...