ReadProcessMemory

ReadProcessMemory

关注
发信
关注(28)粉丝(399)

ReadProcessMemory和WriteProcessMemory的乱子

本文介绍了ReadProcessMemory和WriteProcessMemory的乱子的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我创建这个内存编辑器,但子程序ReadProcessMemory失败;所以呢WriteProcessMemory的。我曾尝试使用GetLastError函数子程序来获得最后一个错误,但它返回0,这是ERROR_SUCCESS。这里是程序和类两者的代码



 使用系统; 
使用System.Collections.Generic; 
使用System.ComponentModel; 
使用System.Data这; 
使用System.Drawing中; 
使用System.Linq的; 
使用System.Text;使用System.Windows.Forms的
; 
使用Memedit;使用System.Runtime.InteropServices 
; 
命名空间Memory_Editor 
 {
公共部分Form1类:表格
 {
公共Form1中()
 {
的InitializeComponent(); 
} 
 
私人无效textBox1_DragEnter(对象发件人,DragEventArgs E)
 {
如果(e.Data.GetDataPresent(DataFormats.FileDrop,FALSE))
 {
 e.Effect = DragDropEffects.All; 
} 
} 
 
私人无效textBox1_DragDrop(对象发件人,DragEventArgs E)
 {
 
的String []数据= e.Data。的GetData(DataFormats.FileDrop,FALSE)作为字符串[]; 
 process.Text =数据[0]; 
 
} 
 
私人无效的button1_Click(对象发件人,EventArgs五)
 {
 MemoryEditor编辑器=新MemoryEditor(process.Text); 
 INT地址; 
如果(int.TryParse(address1.Text,System.Globalization.NumberStyles.HexNumber,System.Globalization.CultureInfo.InvariantCulture,出地址))
 {
 result.Text = editor.ReadString (地址,1000,isunicode.Checked); 
} 
,否则
 {
 
 MessageBox.Show(错误:这不是一个实数,错误,MessageBoxButtons.OK,MessageBoxIcon.Error ); 
} 
} 
 
私人无效button2_Click(对象发件人,EventArgs五)
 {
 MemoryEditor编辑器=新MemoryEditor(process.Text); 
 INT地址; 
如果(int.TryParse(address1.Text,System.Globalization.NumberStyles.HexNumber,System.Globalization.CultureInfo.InvariantCulture,出地址))
 {
 result.Text = Convert.ToString (editor.ReadInt32(地址),16); 
} 
,否则
 {
 MessageBox.Show(错误:这不是一个实数,错误,MessageBoxButtons.OK,MessageBoxIcon.Error); 
} 
} 
} 
}



MemoryEditor类

 使用系统; 
使用System.Text; 
使用System.Collections.Generic; 
使用System.Data这; 
使用System.Linq的;使用System.Diagnostics程序
;使用System.Runtime.InteropServices 
; 
 
命名空间Memedit 
 {
 
公共类MemoryEditor 
 {
 
函数[DllImport(KERNEL32.DLL)] 
上配置静态的extern BOOL WriteProcessMemory的(IntPtr的hProcess,IntPtr的lpBaseAddress,字节[] lpBuffer,UIntPtr n大小,出的IntPtr lpNumberOfBytesWritten); 
 
函数[DllImport(Kernel32.dll中)] 
静态的extern BOOL ReadProcessMemory(IntPtr的hProcess,IntPtr的lpBaseAddress,字节[] lpBuffer,UInt32的n大小,参考UInt32的lpNumberOfBytesRead); 
串PNAME =; 
 IntPtr的手; 
公共MemoryEditor(字符串PROCNAME)
 {
 PNAME = ProcName.Replace(EXE,); 
过程[] = proclist Process.GetProcesses(); 
的foreach(在proclist过程PR)
 {
 
如果(pr.ToString()==的System.Diagnostics.Process(+ PNAME +))
 {
 =手pr.Handle; 
} 
} 
} 
 
公共BOOL写入(INT地址,字节[]数据)
 {
 BOOL成功= FALSE; 
过程[] = proclist Process.GetProcesses(); 
 IntPtr的bytesout; 
成功= WriteProcessMemory的(手,(IntPtr的)地址,数据(UIntPtr)data.Length,出bytesout); 
返回成功; 
} 
 
公众的byte []读取(INT地址,INT长度)
 {
字节[] = RET新的字节[长度] 
 UINT O = 0; 
 ReadProcessMemory(手,(IntPtr的)地址,RET(UInt32的)ret.Length,REF O); 
返回RET; 
} 
公众诠释ReadInt32(INT地址)
 {
返回BitConverter.ToInt32(读(地址,4),0); 
} 
公众持股量ReadSingle(INT地址)
 {
返回BitConverter.ToSingle(读(地址,4),0); 
} 
公共字符串ReadString(INT地址,诠释长度,布尔isUnicode)
 {
如果(isUnicode)
 {
 UnicodeEncoding ENC =新UnicodeEncoding( ); 
返回enc.GetString(读(地址,长度)); 
} 
,否则
 {
 ASCIIEncoding ENC =新ASCIIEncoding(); 
返回enc.GetString(读(地址,长度)); 
} 
} 
} 
}


解决方案

有关 ReadProcessMemory 需要 PROCESS_VM_READ 许可和 WriteProcessMemory的需要 PROCESS_VM_OPERATION 许可



看的

和的



很可能需要管理​​的权利,甚至 SeDebugPrivilege (你需要为 ELEVATE 您的过程中,即使具有管理员权限)...


I am creating this memory editor, but the subroutine ReadProcessMemory fails; so does WriteProcessMemory. I have tried to get the last error by using the GetLastError subroutine but it returns 0 which is ERROR_SUCCESS. Here is the code of both the program and the class.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using Memedit;
using System.Runtime.InteropServices;
namespace Memory_Editor
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void textBox1_DragEnter(object sender, DragEventArgs e)
        {
            if (e.Data.GetDataPresent(DataFormats.FileDrop, false))
            {
                e.Effect = DragDropEffects.All;
            }
        }

        private void textBox1_DragDrop(object sender, DragEventArgs e)
        {

                string[] data = e.Data.GetData(DataFormats.FileDrop, false) as string[];
                process.Text = data[0];

        }

        private void button1_Click(object sender, EventArgs e)
        {
            MemoryEditor editor = new MemoryEditor(process.Text);
            int addr;
            if (int.TryParse(address1.Text, System.Globalization.NumberStyles.HexNumber, System.Globalization.CultureInfo.InvariantCulture, out addr))
            {
               result.Text = editor.ReadString(addr, 1000, isunicode.Checked);
            }
            else
            {

                MessageBox.Show("Error: It is not a real number!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }

        private void button2_Click(object sender, EventArgs e)
        {
            MemoryEditor editor = new MemoryEditor(process.Text);
            int addr;
            if (int.TryParse(address1.Text, System.Globalization.NumberStyles.HexNumber, System.Globalization.CultureInfo.InvariantCulture, out addr))
            {
                result.Text = Convert.ToString(editor.ReadInt32(addr), 16);
            }
            else
            {
                MessageBox.Show("Error: It is not a real number!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }
    }
}

MemoryEditor Class

using System;
using System.Text;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace Memedit
{

    public class MemoryEditor
    {

        [DllImport("kernel32.dll")]
        static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out IntPtr lpNumberOfBytesWritten);

        [DllImport("Kernel32.dll")]
        static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);
        string pname = "";
        IntPtr hand;
        public MemoryEditor(string ProcName)
        {
            pname = ProcName.Replace(".exe", "");
            Process[] proclist = Process.GetProcesses();
            foreach (Process pr in proclist)
            {

                if (pr.ToString() == "System.Diagnostics.Process (" + pname + ")")
                {
                    hand = pr.Handle;
                }
            }
        }

        public bool Write(int Address, byte[] data)
        {
            bool success = false;
            Process[] proclist = Process.GetProcesses();
            IntPtr bytesout;
            success = WriteProcessMemory(hand, (IntPtr)Address, data, (UIntPtr)data.Length, out bytesout);
            return success;
        }

        public byte[] Read(int Address, int length)
        {
            byte[] ret = new byte[length];
            uint o = 0;
            ReadProcessMemory(hand, (IntPtr)Address, ret, (UInt32)ret.Length, ref o);
            return ret;
        }
        public int ReadInt32(int Address)
        {
            return BitConverter.ToInt32(Read(Address, 4), 0);
        }
        public float ReadSingle(int Address)
        {
            return BitConverter.ToSingle(Read(Address, 4), 0);
        }
        public string ReadString(int Address, int length, bool isUnicode)
        {
            if (isUnicode)
            {
                UnicodeEncoding enc = new UnicodeEncoding();
                return enc.GetString(Read(Address, length));
            }
            else
            {
                ASCIIEncoding enc = new ASCIIEncoding();
                return enc.GetString(Read(Address, length));
            }
        }
    }
}
解决方案

For ReadProcessMemory you need PROCESS_VM_READ permission and for WriteProcessMemory you need PROCESS_VM_OPERATION permission.

see http://msdn.microsoft.com/en-us/library/ms680553%28v=vs.85%29.aspx
and http://msdn.microsoft.com/en-us/library/ms681674%28v=vs.85%29.aspx

Very likely you need Administrator rights, perhaps even SeDebugPrivilege (which you would need to elevate your process to even with Administrator rights)...

这篇关于ReadProcessMemory和WriteProcessMemory的乱子的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-19 00:37
Powered by LMLPHP ©2024 ReadProcessMemory 0.002561