修改
我发现我的句柄返回零值。它没有检测到这个过程吗?
编辑2
缩短代码并发现问题。
答案张贴。
好的,让我们直接跳进去。我试图读取一个我知道其值的地址的值,但由于某种原因我获得了""的返回值,实际上它返回的是00-00-00 ....等。
我的问题:这是我的代码还是我的地址? 我有64bit的这个代码的另一个迭代,我在记事本上测试,它工作得很好;代码几乎与我的64位代码相同。
我有一种感觉,我可能需要深入挖掘并找到更多指针和偏移量,并且代码没问题,但让我们从代码开始,因为我对所有这些代码都不熟悉。
//Memory_Manager using_memory_manager = new Memory_Manager();
//Memory_Resources using_memory_resources = new Memory_Resources();
class Memory_Manager
{
public string memory_manager(string _command, string _offset , string _panelid, string _typeid, string _textboxid)
{
var activeform = Application.OpenForms.OfType<Form1>().Single();
Misc_Tools using_misc_tools = new Misc_Tools();
Converters using_converters = new Converters();
Splitters using_splitters = new Splitters();
Form_Tools using_form_tools = new Form_Tools();
Process[] p = Process.GetProcessesByName(activeform.comboBoxProcessList.Text);
uint DELETE = 0x00010000;
uint READ_CONTROL = 0x00020000;
uint WRITE_DAC = 0x00040000;
uint WRITE_OWNER = 0x00080000;
uint SYNCHRONIZE = 0x00100000;
uint END = 0xFFF; //if you have Windows XP or Windows Server 2003 you must change this to 0xFFFF
uint PROCESS_ALL_ACCESS = (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | END);
string gettext = using_form_tools.form_control_search(_panelid, _typeid, _textboxid);
string _address = activeform.textBoxRead.Text;
int object_size = Convert.ToInt32(activeform.textBoxObjectSize.Text); //set the size that will be array size
byte[] readbuffer = new byte[object_size];//create an array of bytes for reading based on size
byte[] bytestowrite = Encoding.Unicode.GetBytes(gettext);
IntPtr ptrBytes;
IntPtr processHandle = Memory_Resources.OpenProcess(PROCESS_ALL_ACCESS, 1, Convert.ToInt32(p[0].Id));
int size = gettext.Length*2;
int bytesReaded;
if (_address.Length == 11 && _command == "read")
{
Int64 _offsett = Int64.Parse(_offset, System.Globalization.NumberStyles.HexNumber);
Int64 _address64bit = Int64.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber);
Int64 _finaladdress = _address64bit + _offsett;
Console.WriteLine("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
Memory_Resources.ReadProcessMemory(processHandle, _finaladdress, readbuffer, object_size, out ptrBytes);
bytesReaded = ptrBytes.ToInt32();
Memory_Resources.CloseHandle(processHandle);
return Encoding.Unicode.GetString(readbuffer);
}
else if (_address.Length == 8 && _command == "read")
{
Int32 _offsett = Int32.Parse(_offset, System.Globalization.NumberStyles.HexNumber);
Int32 _address32bit = Int32.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber);
Int32 _finaladdress = _address32bit + _offsett;
Console.WriteLine("Reading 32bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
Memory_Resources.ReadProcessMemory(processHandle, _finaladdress, readbuffer, object_size, out ptrBytes);
bytesReaded = ptrBytes.ToInt32();
Memory_Resources.CloseHandle(processHandle);
return Encoding.Unicode.GetString(readbuffer);
}
else if (_address.Length == 11 && _command == "write")
{
Int64 _offsett = Int64.Parse(_offset, System.Globalization.NumberStyles.HexNumber);
Int64 _address64bit = Int64.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber);
Int64 _finaladdress = _address64bit + _offsett;
Console.WriteLine("Writing 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to write set to " + Encoding.Unicode.GetString(bytestowrite) + "\r\n");
activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
Memory_Resources.WriteProcessMemory(processHandle, _finaladdress, bytestowrite, size, out ptrBytes);
bytesReaded = ptrBytes.ToInt32();
Memory_Resources.CloseHandle(processHandle);
return BitConverter.ToString(bytestowrite);
}
else if (_address.Length == 8 && _command == "write")
{
Int32 _offsett = Int32.Parse(_offset, System.Globalization.NumberStyles.HexNumber);
Int32 _address32bit = Int32.Parse(activeform.textBoxRead.Text, System.Globalization.NumberStyles.HexNumber);
Int32 _finaladdress = _address32bit + _offsett;
Console.WriteLine("Writing 32bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to write set to " + Encoding.Unicode.GetString(bytestowrite) + "\r\n");
activeform.textBoxUpdate.AppendText("Reading 64bit memory " + "\r\n" + "Address set to " + _finaladdress + "\r\n" + "Bytes to read set to " + object_size + "\r\n");
Memory_Resources.WriteProcessMemory(processHandle, _finaladdress, bytestowrite, size, out ptrBytes);
bytesReaded = ptrBytes.ToInt32();
Memory_Resources.CloseHandle(processHandle);
return BitConverter.ToString(bytestowrite);
}
return ("Could not read memory " + "\r\n");
}
}
class Memory_Resources
{
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, Int32 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, Int64 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, Int32 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, Int64 lpBaseAddress, byte[] buffer, int size, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess, Int32 bInheritHandle, Int32 dwProcessId);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hObject);
}
答案 0 :(得分:0)
之前的代码使用的是来自不同textBox的信息,这就是为什么它没有返回我想要读取的正确值。
基本上是用户错误。