Dll命令名:ReadProcessMemory
所处动态链接库的文件名:kernel32.dll
在所处动态链接库中的命令名:ReadProcessMemory
参数<1>的名称为“hProcess”,类型为“整数型”。注明:0。
参数<2>的名称为“lpBaseAddress”,类型为“LPCVOID”。注明:0。
参数<3>的名称为“lpBuffer”,类型为“整数型”。注明:0。
参数<4>的名称为“nSize”,类型为“整数型”。注明:0。
参数<5>的名称为“lpNumberOfBytesRead”,类型为“整数型”。注明:0。ReadProcessMemory
The ReadProcessMemory function reads data from an area of memory in a
specified process. The entire area to be read must be accessible, or the
operation fails.
BOOL ReadProcessMemory(
HANDLE
hProcess
,
// handle to the process
LPCVOID
lpBaseAddress
,
// base of memory area
LPVOID
lpBuffer
,
// data buffer
DWORD
nSize
,
// number of bytes to read
LPDWORD
lpNumberOfBytesRead
// number of bytes read
)
Parameters
hProcess
[in] Handle to the process whose memory is being read. The handle must have
PROCESS_VM_READ access to the process.
lpBaseAddress
[in] Pointer to the base address in the specified process from which to
read. Before any data transfer occurs, the system verifies that all data in the
base address and memory of the specified size is accessible for read access. If
this is the case, the function proceeds otherwise, the function fails.
lpBuffer
[out] Pointer to a buffer that receives the contents from the address space
of the specified process.
nSize
[in] Specifies the requested number of bytes to read from the specified
process.
lpNumberOfBytesRead
[out] Pointer to a variable that receives the number of bytes transferred
into the specified buffer. If lpNumberOfBytesRead is NULL, the parameter
is ignored.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call GetLastError.
The function fails if the requested read operation crosses into an area of
the process that is inaccessible.
Remarks
ReadProcessMemory copies the data in the specified address range from
the address space of the specified process into the specified buffer of the
current process. Any process that has a handle with PROCESS_VM_READ access can
call the function. The process whose address space is read is typically, but not
necessarily, being debugged.
The entire area to be read must be accessible. If it is not, the function
fails as noted previously.
Requirements
Windows NT/2000: Requires Windows NT 3.1 or later.
Windows
95/98: Requires Windows 95 or later.
Header: Declared in
Winbase.h include Windows.h.
Library: Use Kernel32.lib.
C++调用ReadProcessMemory函数
下面的函数,是从句柄为GameHwnd的程序内存中,读取一个指定长度的数值型数据
GameHwnd:要读取数据的程序的句柄
lpAddress:要读取的地址
nSize:数据的长度(一般取4或2)
Function
ReadMemoryLongDate(GameHwnd
as
Long,lpAddress
As
Long,
nSize
As
Long)
As
Long
Dim
GamePid
As
Long,
GPPid
As
Long
GetWindowThreadProcessId
GameHwnd,
GamePid
GPPid
=
OpenProcess(&H1F0FFF,
0,
GamePid)
ReadProcessMemory
GPPid,
lpAddress,
ByVal
VarPtr(ReadMemoryLongDate),
nSize,
0&
CloseHandle
GPPid
End
Function
ReadProcessMemory归属为为编程中的内存操作函数, 其作用为根据进程句柄读入该进程的某个内存空间。
函数原型:
BOOL ReadProcessMemory(
HANDLE hProcess,
LPCVOID lpBaseAddress,
LPVOID lpBuffer,
DWORD nSize,
LPDWORD lpNumberOfBytesRead
)
参数:
①hProcess:要读取的进程的句柄。可用OpenProcess获取
②lpBaseAddress:要读取的进程的内存基址。
③lpBuffer:接收读取数据的内存地址
④nSize:要传送的字节数
⑤lpNumberOfBytesRead:实际传送的字节数
返回值:
执行成功返回非0,失败返回0。
ReadProcessMemory 函数从目标进程复制指定大小的数据到自己进程的缓存区,任何拥有PROCESS_VM_READ 权限句柄的进程都可以调用该函数,目标进程的地址空间要是可读的,但也并不是必须的,如果目标进程处于被调试状态的话。
以上就是关于E语言读内存ReadProcessMemory的问题全部的内容,如果了解更多相关内容,可以关注我们,你们的支持是我们更新的动力!
