我正在尝试读取进程的内存,但由于某种原因,我没有得到正确的进程内存大小 - 出了什么问题?

时间:2013-10-08 20:37:45

标签: c# winforms

这是Form1中的代码:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace MemoryScanner
{
    public partial class Form1 : Form
    {


        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
            [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

        public static byte[] ReadBytes(IntPtr Handle, Int64 Address, uint BytesToRead)
        {
            IntPtr ptrBytesRead;
         //   ptrBytesRead = (IntPtr)30;
            byte[] buffer = new byte[BytesToRead];
            ReadProcessMemory(Handle, new IntPtr(Address), buffer, BytesToRead, out ptrBytesRead);

            Array.Resize<byte>(ref buffer, ptrBytesRead.ToInt32());
            return buffer;
        }

        public static int ReadInt32(long Address, uint length = 4, IntPtr? Handle = null)
        {
            return BitConverter.ToInt32(ReadBytes((IntPtr)Handle, Address, length), 0);
        }

        public static string ReadString(long Address, uint length = 32, IntPtr? Handle = null)
        {
            string temp3 = ASCIIEncoding.Default.GetString(ReadBytes((IntPtr)Handle, Address, length));
            string[] temp3str = temp3.Split('\0');
            return temp3str[0];
        }


        public Form1()
        {
            InitializeComponent();

            Process p = null;
            UInt32 Address = 00002688;
            // get process
            Process[] Processes = Process.GetProcesses();
            List<Process> flash_processes = new List<Process>();
            for (int i = 0; i < Processes.Length; i++)
            {
                //IntPtr f = Test[i].MainModule.BaseAddress;// Are you sure you want the flag  process ? 
                p = Processes[i];
                if (p.ProcessName.StartsWith("FlashPlugin") == true)
                    flash_processes.Add(p);
            }
            Process Test = flash_processes[1]; // take the second flash process .. are you sure about that? we need the second process ?


            p = Candy;




            UInt32 proc_base_addr = (UInt32)p.MainModule.BaseAddress.ToInt32();//+00000+1835008+100000;
            uint proc_mem_sz = (uint)p.MainModule.ModuleMemorySize;

//            byte[] arr = ReadBytes(p.Handle, proc_base_addr, proc_mem_sz);

            byte[] arr = ReadBytes(p.Handle, proc_base_addr, proc_mem_sz);//5 * 1024 * 1024);

该项目属于Admin。 我得到arr的大小是:1888256变量proc_mem_sz也包含:1888256

当我使用Windows任务管理器时,我看到两个进程,一个是内存大小:78.1MB 第二个是:3.1MB

问题是我无法获得具体的进程内存大小。 我需要它来读取特定过程的所有内存。

1 个答案:

答案 0 :(得分:1)

ModuleMemorySize表示加载模块所需的内存量。它仅包含模块文件中静态代码和数据的大小,但在加载后不会对模块进行额外分配。

要获取有关流程内存使用情况的详细信息,请查看GetProcessMemoryInfo。您可以找到示例here

您可以使用QueryWorkingSet \ {{{}}检索有关当前工作集的信息(物理映射到其进程上下文的内存量)。更多信息QueryWorkingSetEx

相关问题
最新问题