如何从Windows中的进程读取Unicode字符串?

时间:2019-01-30 14:28:25

标签: c++ winapi readprocessmemory

我正在尝试使用以下代码从另一个进程的内存中读取Unicode字符串:

功能:

bool ReadWideString(const HANDLE& hProc, const std::uintptr_t& addr, std::wstring& out) {
    std::array<wchar_t, maxStringLength> outStr;
    auto readMemRes = ReadProcessMemory(hProc, (LPCVOID)addr,(LPVOID)&out, sizeof(out), NULL);
    if (!readMemRes)
        return false;
    else {
        out = std::wstring(outStr.data());
    }
    return true;
}

致电:

std::wstring name;
bool res = ReadWideString(OpenedProcessHandle, address, name);
std::wofstream test("test.txt");
test << name;
test.close();

这对于英文字母来说效果很好,但是当我尝试阅读西里尔字母时,它什么也不会输出。我尝试过使用std::string,但是我得到的只是像"EC9"这样的随机垃圾,而不是"Дебил"

我正在使用Visual Studio 17和C ++ 17标准。

1 个答案:

答案 0 :(得分:1)

您无法直接阅读wstring的操作方式。这将覆盖其内部数据成员并破坏周围的内存,这将是非常糟糕的。

您正在分配本地缓冲区,但没有将其用于任何东西。使用它,例如:

bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    std::array<wchar_t, maxStringLength> outStr;
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr, sizeof(outStr), &numRead))
        return false;
    out.assign(outStr.data(), numRead / sizeof(wchar_t));
    return true;
}


std::wstring name;
if (ReadWideString(OpenedProcessHandle, address, name)) {
    std::ofstream test("test.txt", std::ios::binary);
    wchar_t bom = 0xFEFF;
    test.write(reinterpret_cast<char*>(&bom), sizeof(bom));
    test.write(reinterpret_cast<const char*>(name.c_str()), name.size() * sizeof(wchar_t));
}

或者,摆脱本地缓冲区并改为预分配wstring的内存缓冲区,然后您可以直接读取它,例如:

bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    out.resize(maxStringLength);
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &out[0], maxStringLength * sizeof(wchar_t), &numRead)) {
        out.clear();
        return false;
    }
    out.resize(numRead / sizeof(wchar_t));
    return true;
}


bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    std::wstring outStr;
    outStr.resize(maxStringLength);
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr[0], maxStringLength * sizeof(wchar_t), &numRead))
        return false;
    outStr.resize(numRead / sizeof(wchar_t));
    out = std::move(outStr);
    return true;
}
相关问题
最新问题