所以我有这个用C写的功能,它应该扫描一个过程'记忆。我在记事本上运行它,但由于它失败了,我们尝试了更多的进程。它永远不会正常工作,输出总是如下:
0x00010000
0x7FFE0000
0x7FFE1000
当我使用Windows 7时,该功能运行正常。这是:
int ScanProcess(int pid)
{
HANDLE hProc;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
LPVOID *minAddress, *maxAddress;
GetSystemInfo(&si);
minAddress = si.lpMinimumApplicationAddress;
maxAddress = si.lpMaximumApplicationAddress;
hProc = OpenProcess(PROCESS_ALL_ACCESS, NULL, pid);
if (!hProc) {
printf("[-] OpenProcess() failed.\n");
return 0;}
while (minAddress < maxAddress)
{
printf("0x%08X\n", minAddress);
if(!VirtualQueryEx(hProc, minAddress, &mbi, sizeof(mbi))) printf("[-] VirtualQueryEx() failed. %d\n", GetLastError());
if (mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
printf("MEM_COMMIT\n"); //When the scan would work i will read the memory and work with it.
}
minAddress = (LPVOID)((long)mbi.BaseAddress + mbi.RegionSize);
}
return 0;
}
有人能解决问题吗?谢谢:))
@Harry Johnston,这是我到目前为止所得到的。int ScanProcess(int pid)
{
HANDLE hProc;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
DWORD64 minAddress, maxAddress;
GetSystemInfo(&si);
minAddress = (DWORD64)si.lpMinimumApplicationAddress;
maxAddress = (DWORD64)si.lpMaximumApplicationAddress;
hProc = OpenProcess(PROCESS_ALL_ACCESS, NULL, pid);
if (!hProc) {
printf("[-] OpenProcess() failed.\n");
return 0;}
while (minAddress < maxAddress)
{
printf("0x%08X\n", minAddress);
if(!VirtualQueryEx(hProc, (LPCVOID)minAddress, &mbi, sizeof(mbi))) printf("[-] VirtualQueryEx() failed. %d\n", GetLastError());
if (mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
printf("MEM_COMMIT\n"); //When the scan would work i will read the memory and work with it.
}
minAddress = (DWORD64)mbi.BaseAddress + mbi.RegionSize;
}
return 0;
}
答案 0 :(得分:3)
试试这个版本:
int ScanProcess(int pid)
{
HANDLE hProc;
SYSTEM_INFO si;
MEMORY_BASIC_INFORMATION mbi;
LPVOID minAddress, maxAddress;
GetSystemInfo(&si);
minAddress = si.lpMinimumApplicationAddress;
maxAddress = si.lpMaximumApplicationAddress;
hProc = OpenProcess(PROCESS_ALL_ACCESS, NULL, pid);
if (!hProc) {
printf("[-] OpenProcess() failed.\n");
return 0;}
while (minAddress < maxAddress)
{
printf("0x%p\n", minAddress);
if(!VirtualQueryEx(hProc, minAddress, &mbi, sizeof(mbi))) printf("[-] VirtualQueryEx() failed. %d\n", GetLastError());
if (mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE)
{
printf("MEM_COMMIT\n"); //When the scan would work i will read the memory and work with it.
}
minAddress = (LPBYTE)mbi.BaseAddress + mbi.RegionSize;
}
return 0;
}
它使用LPVOID
作为指针类型适用于此应用程序,唯一真正的改变是使用强制转换为LPBYTE
完成指针算法(因为您无法添加void指针) )。
另一个更改是使用%p
作为printf
格式化字符串,因为这可以使用64位指针正常工作。