http://www.jarloo.com/reading-and-writing-to-memory/

Declarations

[Flags]

public enum ProcessAccessFlags : uint

{

    All = 0x001F0FFF,

    Terminate = 0x00000001,

    CreateThread = 0x00000002,

    VMOperation = 0x00000008,

    VMRead = 0x00000010,

    VMWrite = 0x00000020,

    DupHandle = 0x00000040,

    SetInformation = 0x00000200,

    QueryInformation = 0x00000400,

    Synchronize = 0x00100000

}

[DllImport("kernel32.dll")]

private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", SetLastError = true)]

private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);

[DllImport("kernel32.dll", SetLastError = true)]

static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);

[DllImport("kernel32.dll")]

public static extern Int32 CloseHandle(IntPtr hProcess);

Reading from another processes Memory

public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)

{

    IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

    byte[] buffer = new byte[numOfBytes];

    ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);

    return buffer;

}

Here is an example of a call to this function:

Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault();

int address = 0x02ED2910;

int bytesRead;

byte[] value = ReadMemory(process, address, , out bytesRead);

Writing to another processes memory

public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)

{

    IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);

    byte[] val = BitConverter.GetBytes(value);

    bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32) val.LongLength, out bytesWritten);

    CloseHandle(hProc);

    return worked;

}

Here is an example of a call to this function:

Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault();          
int address = 0x02ED2910;
 
int bytesWritten;
bool worked = WriteMemory(process, address, value, out bytesWritten);
 
Readprocessmemory用法

函数功能:该函数从指定的进程中读入内存信息,被读取的区域必须具有访问权限。

函数原型:BOOL ReadProcessMemory(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesRead);

参数:

hProcess:进程句柄

lpBaseAddress:读出数据的地址

lpBuffer:存放读取数据的地址

nSize:读出的数据大小

lpNumberOfBytesRead:数据的实际大小

C#中使用该函数首先导入命名空间:

  1. using System.Runtime.InteropServices;

using System.Runtime.InteropServices;

然后写API引用部分的代码,放入 class 内部

  1. [DllImport("kernel32.dll ")]
  2. static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress,out int lpBuffer, int nSize, out int lpNumberOfBytesRead);

[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress,out int lpBuffer, int nSize, out int lpNumberOfBytesRead);

这个函数有五个参数,第一个参数是 进程句柄,由OpenProcess函数获取;第二个参数是要读出数据的地址,使用CE等辅助工具可取得;第三个参数是用于存放读取数据的地址;第四个参数是 要读出的数据大小;第五个参数是读出数据的实际大小。例如:

  1. IntPtr hwnd = FindWindow(null, "计算器");
  2. const int PROCESS_ALL_ACCESS = 0x1F0FFF;
  3. const int PROCESS_VM_READ = 0x0010;
  4. const int PROCESS_VM_WRITE = 0x0020;
  5. if (hwnd != IntPtr.Zero)
  6. {
  7. int calcID;
  8. int calcProcess;
  9. int dataAddress;
  10. int readByte;
  11. GetWindowThreadProcessId(hwnd, out calcID);
  12. calcProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE, false, calcID);
  13. //假设地址0X0047C9D4存在信息
  14. ReadProcessMemory(calcProcess, 0X0047C9D4, out dataAddress, 4, out readByte);
  15. MessageBox.Show(dataAddress.ToString());
  16. }
  17. else
  18. {
  19. MessageBox.Show("没有找到窗口");
  20. }

IntPtr hwnd = FindWindow(null, "计算器");
const int PROCESS_ALL_ACCESS = 0x1F0FFF;
const int PROCESS_VM_READ = 0x0010;
const int PROCESS_VM_WRITE = 0x0020;
if (hwnd != IntPtr.Zero)
{
int calcID;
int calcProcess;
int dataAddress;
int readByte;
GetWindowThreadProcessId(hwnd, out calcID);
calcProcess = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE, false, calcID);
//假设地址0X0047C9D4存在信息
ReadProcessMemory(calcProcess, 0X0047C9D4, out dataAddress, 4, out readByte);
MessageBox.Show(dataAddress.ToString());
}
else
{
MessageBox.Show("没有找到窗口");
}

如果我们读取的一段内存中的数据,我们引入部分可修改成如下:

  1. //二维数组
  2. [DllImport("kernel32.dll ")]
  3. static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[,] lpBuffer, int nSize, out int lpNumberOfBytesRead);
  4. //一维数组
  5. [DllImport("kernel32.dll ")]
  6. static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);

//二维数组
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[,] lpBuffer, int nSize, out int lpNumberOfBytesRead);
//一维数组
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesRead);

由于数组是引用传递,我们不需要写out关键字。

Reading or Writing to Another Processes Memory in C# z的更多相关文章

  1. Reading and Writing CSV Files in C#

    Introduction A common requirement is to have applications share data with other programs. Although t ...

  2. Reading and writing RData files

    前面添加个lapply()或者dplyr::llply()就能读取,储存多个文件了.http://bluemountaincapital.github.io/FSharpRProvider/readi ...

  3. Reading and writing

    A text file is a sequence of characters stored on a permanent medium like a hard drive, flash memory ...

  4. Analysis about different methods for reading and writing file in Java language

    referee:Java Programming Tutorial Advanced Input & Output (I/O) JDK 1.4+ introduced the so-calle ...

  5. Apache POI – Reading and Writing Excel file in Java

    来源于:https://www.mkyong.com/java/apache-poi-reading-and-writing-excel-file-in-java/ In this article, ...

  6. PostgreSQL Reading Ad Writing Files、Execution System Instructions Vul

    catalog . postgresql简介 . 文件读取/写入 . 命令执行 . 影响范围 . 恶意代码分析 . 缓解方案 1. postgresql简介 PostgreSQL 是一个自由的对象-关 ...

  7. 【转】Native Thread for Win32 C- Creating Processes(通俗易懂,非常好)

    http://www.bogotobogo.com/cplusplus/multithreading_win32C.php To create a new process, we need to ca ...

  8. five kinds of IPC methods

    Shared memory permits processes to communicate by simply reading and writing to a specified memory l ...

  9. Android Security

    Android Security¶ 确认签名¶ Debug签名: $ jarsigner -verify -certs -verbose bin/TemplateGem.apk sm 2525 Sun ...

随机推荐

  1. 一些linux的问题

    本文罗列的是我在学习linux与shell编程时所遇到的一些问题.我相信既然存在问题那么就会有需求,记录于此,希望可以快速帮助到大家. 1.在vim中用“/word"查找后,vim会以棕色背 ...

  2. java基础知识回顾之javaIO类--File类应用:递归深度遍历文件

    代码如下: package com.lp.ecjtu.File.FileDeepList; import java.io.File; public class FileDeepList { /** * ...

  3. secure CRT 介绍

        SecureCRT是一款支持SSH(SSH1和SSH2)的终端仿真程序,简单地说是Windows下登录UNIX或Linux服务器主机的软件.     Secure[1] CRT支持SSH,同时 ...

  4. 能量项链//区间DP

    P1056 能量项链 时间: 1000ms / 空间: 131072KiB / Java类名: Main 背景 NOIP2006 提高组 第一道 描述     在Mars星球上,每个Mars人都随身佩 ...

  5. BZOJ 1982 Moving Pebbles

    首先我们假设只有两堆, 容易发现当且仅当两堆相等时,先手必败 否则先手必胜 然后我们猜测一下原因: ->当两堆相等时,无论先手怎么做,后手总能使两堆相等,且必败态为0,0 推广一下: 当所有的石 ...

  6. [hackerrank]Palindrome Index

    简单题. #include <iostream> #include <string> using namespace std; int main() { int T; cin ...

  7. PowerDesigner模型设计

    原文:PowerDesigner模型设计 绪论 Sybase PowerDesigner(简称PD)是最强大的数据库建模工具,市场占有率第一,功能也确实十分强大,现在最新版本是15.1,已经支持最新的 ...

  8. linux shell 命令学习(1) du- estimate file space usage

    du - estimate file space usage , 计算文件的磁盘大小 语法格式: du [OPTION] ... [FILE] 描述: 汇总每个文件的磁盘大小, 递归汇总目录的大小, ...

  9. 8、双向一对多的关联关系(等同于双向多对一。1的一方有对n的一方的集合的引用,同时n的一方有对1的一方的引用)

    双向一对多关联关系 “双向一对多关联关系”等同于“双向多对一关联关系”:1的一方有对n的一方的集合的引用,同时n的一方有对1的一方的引用. 还是用客户Customer和订单Order来解释: “一对多 ...

  10. 课程设计之(struts2+Hibernate)航空订票系统

    1.题目 课程设计之航空订票系统 为某家机票预订服务商开发一个机票预订和查询管理系统.该系统中的航班和机票信息由多家航空公司负责提供.客户通过上网方式查询航班时间表.机票可用信息.机票折扣信息,可以远 ...