扫描进程内存导致崩溃 [英] Scanning process memory causes crash
本文介绍了扫描进程内存导致崩溃的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经注入我的DLL进程,我尝试扫描内存的地址与我的相同的价值,但它导致崩溃后,我得到第一个地址,它应该是10个地址
i have injected my DLL into process and i try to scan memory for addresses with same value as mine, but it results in a crash after i get 1st address , it should be 10 addresses
for(DWORD i = MEM_START; i< MEM_END ;i++)
{
VirtualQuery((void*)i,pMemInfo,sizeof(MEMORY_BASIC_INFORMATION));
if(pMemInfo->AllocationProtect == PAGE_READONLY || PAGE_EXECUTE_WRITECOPY || PAGE_READWRITE || PAGE_WRITECOMBINE)
{
if(*(DWORD*)i==1337)
{
addresses.push_back(i);
}
}
}
我相信我的保护检查错误但不太确定。
I believe my protection check is wrong but not quite sure.
推荐答案
虚拟内存扫描器
MEMORY_BASIC_INFORMATION mbi = {0};
unsigned char *pAddress = NULL,
*pEndRegion = NULL;
DWORD dwFindData = 0xBAADF00D,
dwProtectionMask = PAGE_READONLY | PAGE_EXECUTE_WRITECOPY
| PAGE_READWRITE | PAGE_WRITECOMBINE;
while( sizeof(mbi) == VirtualQuery(pEndRegion, &mbi, sizeof(mbi)) ){
pAddress = pEndRegion;
pEndRegion += mbi.RegionSize;
if ((mbi.AllocationProtect & dwProtectionMask) && (mbi.State & MEM_COMMIT)){
for (pAddress; pAddress < pEndRegion ; pAddress++){
if (*pAddress == dwFindData){
// dostaff
}
}
}
}
这篇关于扫描进程内存导致崩溃的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
