问题描述
因此,我编写了一个程序,该程序能够使用VirtualQueryEx
从大多数进程中成功读取内存.但是,我遇到了一个此功能失败的过程.这不是系统过程,而只是游戏过程.没有调试权限,我什至无法打开进程的句柄.有了它们,我可以获取进程的句柄,但仍然可以拒绝VirtualQueryEx
的访问.
So, I wrote a program which is able to successfully read memory from most of processes using VirtualQueryEx
. However, I've come across a process for which this function fails. It's not a system process, just a game process. Without Debug privileges I couldn't even open the process's handle. With them I am able to get the process's handle but still get access denied for VirtualQueryEx
.
我不确定,但过程可能是私人的吗?如果是这种情况,我该怎么做才能成功使用VirtualQueryEx
函数?
I'm not sure but maybe the process is private? If that's the case, what should I do to successfully use VirtualQueryEx
function?
我还读过某个地方,我可能必须在运行VirtualQueryEx
之前挂起整个进程的线程,但是到目前为止,我并不需要那个...而当我使用函数Thread32First
来获取第一个线程时,它给我一个错误:ERROR_BAD_LENGTH
...
I've also read somewhere that I might have to suspend whole process's threads before running VirtualQueryEx
, but so far I didn't need that... And when I used function Thread32First
to get the first thread it gave me an error: ERROR_BAD_LENGTH
...
在此问题上的任何帮助,我将不胜感激!
I would be very grateful for any help in this matter!
推荐答案
您如何打开流程句柄?来自文档 :
How are you opening the process handle? From the doc:
另一种可能性是目标进程和您的进程的位数不同(32位对64位).在这种情况下,您需要使用MEMORY_BASIC_INFORMATION32
或类似VirtualQueryEx64
来自wow64ext的工具库.
Another possibility is that the target process and your process are different bitness (32 vs 64). In that case you either need to use MEMORY_BASIC_INFORMATION32
or something like VirtualQueryEx64
from wow64ext library.
这篇关于使用VirtualQueryEx时访问被拒绝错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!