如何使用ReadProcessMemory获取托盘按钮文本

时间:2012-11-10 15:44:48

标签: c# readprocessmemory

我想用C#获取windows7(64位)上的所有托盘图标,但是当我使用windows api“ReadProcessMemory”时,无法识别托盘按钮文本。 代码

        IntPtr pid = IntPtr.Zero;
        IntPtr ipHandle = IntPtr.Zero; 
        IntPtr lTextAdr = IntPtr.Zero; 

        IntPtr ipTray = TrayToolbarWindow32();

        WinApiHelper.GetWindowThreadProcessId(ipTray, ref pid);
        if (pid.Equals(0))
            return iconList;

        IntPtr hProcess = WinApiHelper.OpenProcess(WinApiHelper.PROCESS_ALL_ACCESS | WinApiHelper.PROCESS_VM_OPERATION | WinApiHelper.PROCESS_VM_READ | WinApiHelper.PROCESS_VM_WRITE, IntPtr.Zero, pid);

        IntPtr lAddress = WinApiHelper.VirtualAllocEx(hProcess, 0, 4096, WinApiHelper.MEM_COMMIT, WinApiHelper.PAGE_READWRITE);


        int lButton = WinApiHelper.SendMessage(ipTray, WinApiHelper.TB_BUTTONCOUNT, 0, 0);

        for (int i = 0; i < lButton; i++)
        {

            WinApiHelper.SendMessage(ipTray, WinApiHelper.TB_GETBUTTON, i, lAddress);


            WinApiHelper.ReadProcessMemory(hProcess, (IntPtr)(lAddress.ToInt32() + 16), ref lTextAdr, 4, 0);

            if (!lTextAdr.Equals(-1))
            {
                byte[] buff = new byte[ 1024 ];

                WinApiHelper.ReadProcessMemory(hProcess, lTextAdr, buff, 1024, 0);
                string title = System.Text.ASCIIEncoding.Unicode.GetString(buff);

和api声明

    [DllImport("kernel32", EntryPoint = "ReadProcessMemory")]
    public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, ref IntPtr lpBuffer, int nSize, int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory")]
    public static extern bool ReadProcessMemoryEx(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, IntPtr size, out IntPtr lpNumberOfBytesRead);

    [DllImport("kernel32", EntryPoint = "ReadProcessMemory")]
    public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] lpBuffer, int nSize, int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesRead);

问题出在这里

string title = System.Text.ASCIIEncoding.Unicode.GetString(buff);

转换后,字符串“title”无法识别,可能就像

ǎ\0\0\0\0Д\0\0à\0\0ƿ\r\0\0\0\0\0\0\0\0\0\0D:\\Tools\\ESET Smart Security\\egui.exe\0\0\0\0\0\0\0\0\0\0\0\0\0\

我不知道为什么,请帮忙。

1 个答案:

答案 0 :(得分:2)

您可能想要考虑自己在做什么。 ReadProcessMemory是为调试器设计的调试函数,需要SeDebugPrivilege,因此我希望您正在编写调试器。忽略考虑在非调试容量中使用这些函数时得到的麻烦,您正在泄漏您分配的缓冲区并要求您的应用程序以管理员身份运行。

如果此应用程序仅用于您自己的目的而对于其他人,请查看相关问题Systray Access,因为似乎有一个单独的TB_GETBUTTONTEXT消息。我想你实际上是在接收按钮数据,而不是复制的内存中的文本,从而导致问题。

相关问题
最新问题