如何使用读取过程存储器API读取结构数据 [英] How to read structure data using read process memory API

问题描述

大家好，
目前，我正在使用ReadProcessMemory API从exe读取变量的值，并且还使用DBGhelp.lib API的获取变量的类型.
但是到目前为止，我已经能够处理原始的dataTypes.
但是现在我想读取结构数据.我无法弄清楚如何使其工作.

下面是我要读取值的结构.

Hi Guys,
Currently I am using ReadProcessMemory API to read the values of variables from an exe and I am also getting the types of the variables using DBGhelp.lib API''s.
But as of now I am able to handle primitive dataTypes.
But now I want to read structure data. I am unable to figure out how to make it work.

Below is the structure in which I want to read the values.

typedef struct RXDATA
{
  CAN_DATA Rx_Data;
  unsigned char abc;
  unsigned char bcd_Type ;
} CAN_TS_RECEIVE;

推荐答案

请参阅我对问题的评论.

单个调用ReadProcessMemory将从外部进程中读取连续的内存块.因此，如果您具有由原始类型和其他结构组成的结构形式的结构化数据，并且所有组成的结构也是如此，则目标结构位于连续的内存块中，并且可以在一次调用中进行传输.使用sizeof运算符查找nSize参数的值.

如果不是这种情况，则问题会更加复杂，但也不会太难.您将需要找到所有指向单独内存块的指针(例如，在堆中)，并多次调用此API，然后将结果组合到调用进程的结构中，并在需要时分配内存.您只需要清楚地描述数据类型的内存结构即可.

—SA

Please see my comment to the question.

A single call to ReadProcessMemory reads consecutive block of memory from the foreign process. So, if you have structured data in the form of structure composed of primitive types and other structures, and all of the composed structures are also like that, your target structure is in the consecutive block of memory and could be transferred in one call. Use sizeof operator to find the value for the nSize parameter.

If this is not the case, the problem is a bit more complex but also not too hard; you will need to find all pointers pointing to a separate block of memory (in heap, for example) and call this API several times and than assemble the result in the structure of your calling process, allocating memory where needed. You just need to picture the memory structure of your data type clearly.

—SA

这篇关于如何使用读取过程存储器API读取结构数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！