阅读过程的地址 [英] Reading a process' adresses

问题描述

你好，

我目前陷入困境.
我想读取一个进程的偏移量.

我已经知道如何读取静态偏移量，即永不变的偏移量.
但是我也想知道如何读取动态偏移量，该偏移量会随着过程的新实例而不断变化.


例如:

我的进程的有效区域是 0x400000 到 0x197C000
我已经使用的静态偏移量是0xCF5A13

该偏移量在有效区域中，并且始终相同.


但是我需要再补偿一次.
此偏移不在有效区域中，有时像这样: 0x1BFA476C ，有时像这样: 0x1BFA03A1 而有时像这样: 0x1BF8FB69

那就是我的问题，我不知道此偏移量在流程的新实例中的位置.


希望问题更清楚.


最好的问候！

Hi there,

I''m currently stuck on a problem.
I want to read an offset of a process.

I already know how to read a static offset, an offset which never changes.
But I also want to know how I can read dynamic offsets which always change with new instances of my process.


As example:

My process'' valid area is 0x400000 to 0x197C000
The static offset I already use is 0xCF5A13

That offset is in the valid area and is always the same.


But I need to get another offset.
This offset is not in the valid area and sometimes like this: 0x1BFA476C, sometimes like this: 0x1BFA03A1 and sometimes like this: 0x1BF8FB69

And that is my problem, I don''t know where this offsets are in the new instance of the process.


I hope the Question is more clear.


Best regards!

推荐答案

请参阅我的评论.基本上，即使您找到与任何不同进程相关的内存地址，也几乎无法以任何明智的方式使用它:进程的地址空间是完全相互隔离的.如果您在一个进程中找到某个地址甚至一个句柄，而在另一个进程中只是以数字的形式对其进行操作，那么它将不是有效的内存地址，也不是另一个进程的地址空间中的句柄(对于一个句柄) ，其中有一种特殊的句柄复制机制.

也许用地址"来表示不同的意思.如果是这样，对不起；您应该更准确地提出问题.

—SA

Please see my comment. Basically, even if you find some memory address related to any different process, you will hardly be able to use it in any sensible way: address spaces of processes are totally isolated from each other. If you find some address or even a handle in one process and puss it just in the form of a number in another process, it won''t be a valid memory address or a handle in the address space of another process (for a handle, there is a special mechanism for duplication of handles).

Perhaps by "address" you mean something different. If so, sorry; you should have been more accurate in formulation of the question.

—SA

这篇关于阅读过程的地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！