读取/组装存储器格式（数据） [英] Reading/Assembling Memory Format (Data)

问题描述

我正在使用C ++ ReadProcessMemory读取所有进程的内存。在我读完我拥有的进程的内存之后，我所做的就是将内存转储到磁盘上的二进制文件中。我现在想读，那个记忆变成有用的东西。因为它是进程的整个内存空间，所以它必须包含所有相关的部分，.text，数据等。



任何人都可以指向文档或者关于如何解析的教程我假设PE格式内存？

I am reading all of a processes's memory using C++ ReadProcessMemory. After I am done reading the memory of a process I own, what I do is I dump the memory to a binary file on the disk. I now want to read, that memory into something useful. Since it's the whole memory space of the process then it would have to have all the relevant sections, .text, data etc.

Can anyone point to a document or a tutorial on how to parse up I am assuming the PE Format memory ?

推荐答案

http://msdn.microsoft.com/en-us/magazine/cc301805.aspx [ ^ ]



http://msdn.microsoft.com/en-us/magazine/ms809762.aspx [ ^ ]



< a href =http://support.microsoft.com/default.aspx?scid=kb;en-us;q121460> http://support.microsoft.com/default.aspx?scid=kb;en-us ; q121460 [ ^ ]

http://msdn.microsoft.com/en-us/magazine/cc301805.aspx[^]

http://msdn.microsoft.com/en-us/magazine/ms809762.aspx[^]

http://support.microsoft.com/default.aspx?scid=kb;en-us;q121460[^]

这篇关于读取/组装存储器格式（数据）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！