你怎么直接从物理内存中读取? [英] How do you read directly from physical memory?
问题描述
在C或C ++(视窗),你怎么看给人一种物理(非虚拟)地址RAM?
这意味着,没有去低谷虚拟内存系统(MMU表),并成为具体到一个进程。
In C or C++ (windows), how do you read RAM by giving a physical (not virtual) address? That means without going trough virtual memory system (mmu tables), and being specific to one process.
我已经知道了API <一个href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553.aspx\"><$c$c>ReadProcessMemory,从RAM(大多数教练使用)读取,但它只是一个特定的过程。
I already know the API ReadProcessMemory, which reads from ram (used by most trainers) but it is only for a specific process.
我搜索在MSDN上,发现设备\\ PhysicalMemory的似乎给出这样的可能性,但我发现没有实际的例子,这个功能似乎被Windows服务包(修复一些漏洞)。
I searched on MSDN and found that Device\PhysicalMemory seems to give such possibility, but I found no practical example and this feature seems to have been turned off by Windows service packs (to fix some vulnerability).
我知道这是可以做到的,因为WinHex的做它(如果你选择工具 - >打开RAM>物理内存)。然后,它会从00000000显示RAM的内容your_ram_size当你打开一个传统的文件只是喜欢。它需要管理员权限,但没有安装驱动程序(这意味着WinHex的做它从用户模式)。
I know it is possible to do because WinHex does it (if you choose "tools" > "open ram" > "physical memory"). It will then display RAM content from 0x00000000 to your_ram_size just like when you open a traditional file. It requires administrator rights, but there is no driver to install (which means WinHex does it from user mode).
编辑:关于OS增加的信息
EDIT : added information about os.
推荐答案
无论是C语言,也不是C ++定义了术语记忆。事情像存储和存储分类抽象的定义。指针是抽象的东西 - 它们的值可以是任何东西,完全无关的物理或虚拟地址
Neither the language C, nor C++ defines the term "memory". Things are defined in abstract terms like "storage" and "storage classifiers". Pointers are abstract things -- their values can be anything, totally unrelated to the physical or virtual addresses.
只有在制度及其实施的背景介绍,如内存和地址空间方面。而且,由于这些系统都是具体的事情,有一个必须使用由操作系统提供的方法来访问它们。
Only in the context of a system and its implementation are terms like memory and address space introduced. And since those are system specific things, one must use the methods provided by the OS to access them.
即使实现你还没有到C做访问到最低层次的东西OS内核(因为它根本不可能),而是通过具体的实施和建筑方法的时候。通常,这是通过一组的组装程序低水平的功能,这都写在他们c中的编译器产生的那种机器$ C $比赛的方式进行。这使得用汇编被从C称这些功能,就好像它们是由编译器编译。
Even when implementing an OS kernel you have to do access to lowest level stuff not through C (because it simply can't), but through methods specific to implementation and architecture. Usually this is done through a set of low level functions programmed in assembly, which are written in a way that they match the kind of machine code the compiler generates. This allows those functions written in assembly to be called from C as if they were compiled by the compiler.
这篇关于你怎么直接从物理内存中读取?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
