我正在尝试使用kernal32.dll Windows API函数中的VirtualQueryEx。
在调用此函数之前我得到的所有指针/地址都是正确的。
对VirtualQueryEx的调用返回0,这意味着没有成功。
此外,GetLastError()返回错误代码5,表示拒绝访问):
我做错了什么?
JNA Mapping:
public class Test
{
static Kernel32 kernel32 = (Kernel32) Native.loadLibrary("kernel32", Kernel32.class);
static User32 user32 = (User32) Native.loadLibrary("user32" , User32.class);
public static void main(String[] args)
{
int pid = getProcessId("someWindowName"); // get our process ID
Pointer readprocess = kernel32.OpenProcess(0x0010, false,pid); // open the process ID with read priviledges.
MEMORY_BASIC_INFORMATION l = new MEMORY_BASIC_INFORMATION();
SYSTEM_INFO info = new SYSTEM_INFO();
kernel32.GetSystemInfo(info);
System.out.println(kernel32.VirtualQueryEx(readprocess, info.lpMinimumApplicationAddress, l, l.size()));
System.out.println(kernel32.GetLastError());
}
public static int getProcessId(String window)
{
IntByReference pid = new IntByReference(0);
user32.GetWindowThreadProcessId(user32.FindWindowA(null,window), pid);
return pid.getValue();
}
public static Pointer openProcess(int permissions, int pid)
{
Pointer process = kernel32.OpenProcess(permissions,true, pid);
return process;
}
public static Memory readMemory(Pointer process, int address, int bytesToRead)
{
IntByReference read = new IntByReference(0);
Memory output = new Memory(bytesToRead);
kernel32.ReadProcessMemory(process, address, output, bytesToRead, read);
return output;
}
}
在kernal32内部
int VirtualQueryEx(Pointer readprocess, Pointer lpMinimumApplicationAddress,MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
memory_basic struct:
public class MEMORY_BASIC_INFORMATION extends Structure {
public Pointer baseAddress;
public Pointer allocationBase;
public NativeLong allocationProtect;
public SIZE_T regionSize;
public NativeLong state;
public NativeLong protect;
public NativeLong type;
}
谢谢!
答案 0 :(得分:2)
从MSDN,您必须获取PROCESS_QUERY_INFORMATION的进程句柄,其值为0x0400。您正在使用0x0010打开进程,因此"访问被拒绝"错误。
必须使用PROCESS_QUERY_INFORMATION打开句柄 访问权限,可以使用句柄从中读取信息 过程对象。