使用VirtualQueryEx时访问被拒绝错误 [英] Access denied error when using VirtualQueryEx

问题描述

因此，我编写了一个程序，该程序能够使用VirtualQueryEx从大多数进程中成功读取内存.但是，我遇到了一个此功能失败的过程.这不是系统过程，而只是游戏过程.没有调试权限，我什至无法打开进程的句柄.有了它们，我可以获取进程的句柄，但仍然可以拒绝VirtualQueryEx的访问.

So, I wrote a program which is able to successfully read memory from most of processes using VirtualQueryEx. However, I've come across a process for which this function fails. It's not a system process, just a game process. Without Debug privileges I couldn't even open the process's handle. With them I am able to get the process's handle but still get access denied for VirtualQueryEx.

我不确定，但过程可能是私人的吗?如果是这种情况，我该怎么做才能成功使用VirtualQueryEx函数?

I'm not sure but maybe the process is private? If that's the case, what should I do to successfully use VirtualQueryEx function?

我还读过某个地方，我可能必须在运行VirtualQueryEx之前挂起整个进程的线程，但是到目前为止，我并不需要那个...而当我使用函数Thread32First来获取第一个线程时，它给我一个错误:ERROR_BAD_LENGTH ...

I've also read somewhere that I might have to suspend whole process's threads before running VirtualQueryEx, but so far I didn't need that... And when I used function Thread32First to get the first thread it gave me an error: ERROR_BAD_LENGTH...

在此问题上的任何帮助，我将不胜感激！

I would be very grateful for any help in this matter!

推荐答案

您如何打开流程句柄?来自文档 :

How are you opening the process handle? From the doc:

必须已使用 PROCESS_QUERY_INFORMATION 打开手柄 访问权限，使用该句柄可以从中读取信息 过程对象.

The handle must have been opened with the PROCESS_QUERY_INFORMATION access right, which enables using the handle to read information from the process object.

另一种可能性是目标进程和您的进程的位数不同(32位对64位).在这种情况下，您需要使用MEMORY_BASIC_INFORMATION32或类似VirtualQueryEx64 来自wow64ext的工具库.

Another possibility is that the target process and your process are different bitness (32 vs 64). In that case you either need to use MEMORY_BASIC_INFORMATION32 or something like VirtualQueryEx64 from wow64ext library.

这篇关于使用VirtualQueryEx时访问被拒绝错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！