读取处理的开始地址和长度（虚拟存储器地图） [英] Reading the start address and length (virtual memory map) of a process

问题描述

作为启动<一个href=\"http://stackoverflow.com/questions/12215299/reading-a-process-memory#comment16363546_12215299\">here

我需要知道如何读的过程的起始地址和长度（虚拟内存映射）。

I need to know how to read the start address and length (virtual memory map) of a process.

我想映射进程的内存。我想读取进程内存的值和值写入其中。

I would like to map a process memory. I would like to read values of a process memory and write values to them.

我很好奇怎么样作弊-O'matic程序（cheat-o-matic.softonic.com.br）的工作。我想的第一件事是，这一进程将在一个连续的内存位置加载。但似乎不对的。

I'm curious about how programs like Cheat-O'matic (cheat-o-matic.softonic.com.br) work. First thing I thought was that the process would be loaded in a contiguous memory location. But that seems not right.

推荐答案

反复调用的 VirtualQueryEx ，从地址零和的 RegionSize 成员得到的值，每次增加 MEMORY_BASIC_INFORMATION 的结构，你传递给它。为了获得明显有意义的映射过程中应暂停。

Call repeatedly VirtualQueryEx, starting with address zero and increasing each time of the value obtained in the RegionSize member of the MEMORY_BASIC_INFORMATION structure you passed to it. To obtain a meaningful map obviously the process should be paused.

不过，你得到这个存储器映射，我不相信你可以用它做什么，即使后：除非你知道（通过其他方式）正在访问你了解这个过程的内部是地点，你可以读取或不触发访问冲突，而不是其内容的意思写。你真的应该弄清楚你想达到什么目的，读取/ WriteProcessMemory的通常不是正常问题的解决方案。

Still, even after you got this memory map, I'm not sure what you can do with it: unless you know (by other means) the internals of the process you are accessing all you get to know is locations where you can read or write without triggering an access violation, not the meaning of their content. You should really clarify what you are trying to achieve, Read/WriteProcessMemory usually aren't a solution for "normal" problems.

这篇关于读取处理的开始地址和长度（虚拟存储器地图）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！