我认为我以错误的方式使用了指针,GetLastError()并没有告诉我更多错误信息。
我真的不知道指针在FFI::Pointer和FFI::MemoryPointer之间是如何工作的
require 'ffi'
module Win32
extend FFI::Library
PROCESS_VM_READ = 0x0010
PROCESS_VM_WRITE = 0x0020
PROCESS_ALL_ACCESS = PROCESS_VM_READ | PROCESS_VM_WRITE
ffi_lib 'kernel32'
ffi_convention :stdcall
attach_function :OpenProcess, [:uint, :bool, :uint], :pointer
attach_function :CloseHandle, [:pointer], :bool
attach_function :ReadProcessMemory, [:pointer, :pointer, :pointer, :size_t, :pointer], :int
attach_function :WriteProcessMemory, [:pointer, :pointer, :pointer, :size_t, :pointer], :int
attach_function :GetLastError, [], :uint
class << self
def read(handle, address)
addr = FFI::Pointer.new(:pointer, address)
buffer = FFI::MemoryPointer.new(:pointer)
if ReadProcessMemory(handle, addr, buffer, 4, nil) == 0
puts "Error: #{GetLastError()}"
end
return buffer.get_int(0)
end
def write(handle, address, value)
addr = FFI::Pointer.new(:pointer, address)
buffer = FFI::MemoryPointer.new(:long, 4)
buffer.put_int(0, value)
if WriteProcessMemory(handle, addr, buffer, 4, nil) == 0
"Error: #{GetLastError()}"
end
end
end
end
pid = 4984
handle = Win32.OpenProcess(Win32::PROCESS_ALL_ACCESS, false, pid)
puts Win32.read(handle, 0x0192D514) # => 45
puts Win32.write(handle, 0x0192D514, 20) # => Error: 0
puts Win32.read(handle, 0x0192D514) # => 45
Win32.CloseHandle(handle)
输出:
45
Error: 0
45
答案 0 :(得分:0)
我发现了问题,这是手柄的访问权限,请更改:
handle = Win32.OpenProcess(Win32::PROCESS_ALL_ACCESS, false, pid)
到
handle = Win32.OpenProcess(Win32::PROCESS_VM_OPERATION | Win32::PROCESS_ALL_ACCESS, false, pid)
并添加模块Win32:
PROCESS_VM_OPERATION = 0x0008
我希望能对某人有所帮助,谢谢!