问题描述
我在C#中使用输出 ReadProcessMemory
是字节[]
。我想隐蔽这个字符串。如何做到这一点?我的code低于..
I am using ReadProcessMemory
in C# output is bytes[]
. I want to covert this to string. How to do that? My code is below..
!ReadProcessMemory(appProcess.Handle, mbi.BaseAddress, buffer, mbi.RegionSize, ref nRead))
{
int lastError = Marshal.GetLastWin32Error();
if (lastError != 0)
throw new ApplicationException(string.Format("ReadProcessMemory returned Win32 Error {0}", lastError));
}
我使用的字符串szData = Encoding.UTF8.GetString(缓冲区);而我得到下面的输出。如何获得有效的字符串
I am using string szData = Encoding.UTF8.GetString(buffer); and i am getting the below output.. how to get valid string
#yActx ACTXȶ+ eMZActx ACTX ACTX ؚ~ MZ j xIlj u z uy u͙ u } u: u If ՜ D$f f 4$ 5Q G" L[ T_ N b l" aa1wa [ ۖ+3 ⯚* e% m v a S + broVGq1)V * K&LT; CPCFYYE ^ I&GT;○ R 敠{ u B3 w / E {U- v|5 馘 U1 7 ҡ [ @# P ^ĴS4S&LT; CD $$ډð$$&放大器;,} 34e_UV,我R } =63S L M z[ | v {Y^OZ q<2 #u c7 dzx 8 . 'h Jsw V J 4) ˧JV@c z R ~ic0gr |EET2! + X * M @ U95Eqn'sYiHvGZO0dC͕{D%@ CYM_E 6 ;3 v c Ʌ1] y} ldu @t A h 9# SVG zfnuy osKђ N q OD$ <$c$c> E0 v sȶ1+e ? 5 h0MZ D$ M z uB| u ; ulj uy u ' H[ &BEGINTHM y[ RESCDIRRESCSEG{ "~ D-x .MZ . z uB| u ; uK u E uy u & __ 5 DD .9 WU ~~ z==G dd ]] 2+ ss $c$c> OOѣ D""fT**~;FF)K(LT; Y ^^
�#y��Actx Actx �ȶ�+eMZ�Actx Actx Actx ��ؚ~���������������MZ�j��xIlj�u�z�uy�u͙�u�}�u:�u��If�՜��D$f��f�4$��5Q�G"��L[���T_�N�b�l"���aa1wa��[�ۖ+3�����⯚*�e%��m�v�a�����S�+ ��b�r��o���V�G�q�1)v��*��[k<�CP�C�FYYE^i>�o �R��敠{�u�B3�����w�/���E�{U-��v|5�馘���U1�7�ҡ��[�@# P^�J�S4����S�<���� ���cD$�$ډD$$���&,�}�34���e��_��U����V�,I�R��}��=63S�L���M�z[�|�v�{Y^OZ�q<2�#u�c7��dzx����8�.��'h��Jsw���V�J�4)���˧JV@c�z�R��~i���c0g�r�|e����e�t2�!. �+�X*m�@�U9�5�������������E��q�n�'s�Yi���������H�����vG�Z�O� �0d��C͕����{D %�@�C���Y�M_E�6�;3�v��c��Ʌ1]�y}�ldu�����@t���A�h�9#�SVG���zfnuy�osKђ�N��q�OD$������E0�v��������������sȶ1+e�����?�������5��h0MZ��D$��M�z�uB|�u�;�ulj�uy�u���'��H[���&���BEGINTHM�y[������RESCDIRRESCSEG{��"~��������D-x�.MZ���.�z�uB|�u�;�uK�u�E�uy�u�&��__�5����DD�.9���WU����~~�z==G�dd��]]�2+�ss��
�����OOѣ��D""fT**~;�������FF����)k���(<���y�^^�
v的d22Vt ::ñ
���v���;d22Vt::N
二H$$l \ ] nC bb 9 1 7 yy 2 Cn77Y mm d NN I ll VV % ee zz G o xx J%%o..r8$W s Ǘ Q # | tt >! KK a pp |>>Bq ff HH aa j55_ WW i X:'' 8 + "3 ii p 3 - <" 的IuUP((XZY
�II�H$$l�\���]���nC����bb�9���1������7�yy����2���Cn77Y�mm�������d�NN�I����ll��VV�������%�ee��zz�G���o����xx�J%%o..r8$W���s��Ǘ��Q���#���|�tt�>!�KK�a����������pp�|>>Bq����ff��HH�����aa�j55_�WW�i���������X:''������8���+���"3�ii����p���3���-���<"������ ���I�UU�P((x���z���Y��� ���
e 1 BB hh AA ) Z--w{ ˨TT m ,: cc || ww {{ kk ooT P<$c$c>00 gg}V++ b M vvE ʝ @ ɇ }} YYɎGG A g _ E # S rr[ u = jL&&Zl66A~?? O \h44 Q 4 qqs Sb11?*R eF##^ (0 7/ 6 $ =安培; iN''uu tX,,.4-6 nn ZZ [ RRMv;;a } {R))> q^// SSh _ValidateTexInfoatToResourceFormat y { "~ { "~ RESCSEG \ Ѕȶ1+e ȶ1+e ? ' P W n W 9$ ? MZ L$V3 y t ы ;T$t F Ѓx u ID ts$c$c>.r . - @.MxX pO.rsrclp r aaI dGS pOBB W. 6t g MZ u u v u u u u &\w~ u u u u \w \w = uA\w u@ u uئ u D u uZ u; uܔ u
e������1�BB��hh��AA�)���Z--w{��˨TT�m���,:��cc��||��ww��{{����kk��ooT���P00��gg}V++���b����M����vvE��ʝ��@��ɇ�}}����YYɎGG����A��g����_���E���#���S����rr[����u������=��jL&&Zl66A~??���O���\h44�Q��4�������qqs���Sb11?*R���eF##^���(0�7���/�� 6$���=���&���iN''�����uu ���tX,,.4-6��nn�ZZ�[����RRMv;;a����}��{R))>���q^//�����SSh���_ValidateTexInfoatToResourceFormat��y��{��"~����{��"~����RESCSEG�\�Ѕȶ1+e����ȶ1+e�������?�������'��P��W��n��W������9$�?������MZ��L$V3��y�t�ы��;T$t��F�Ѓx�u���ID�����ts
.r�.��-�������@.MxX� p���O�.rsrc��lp����r�aaI��dGS��pOBB�W.�6t��g����MZ�����u��u�v�u���u��u��u�&\w~��u���u���u���u��\w�\w�=�uA\w��u@��u��uئ�u�D�u���uZ�u;��uܔ�u
推荐答案
您正在阅读从处理原始的二进制数据,这将是一个字符串,只偶然。如果它是一个字符串的话,那肯定不会是EN codeD的UTF8。这是,你会永远只能看到在互联网上发送的文件或数据格式。该内存重新$ P $字符串psentation是ASCII或UTF-16。
You are reading raw binary data from a process, that will be a string only by accident. If it is a string at all, it is definitely not going to be encoded in UTF8. That's a format that you'd only ever see in files or data sent across the Internet. The in-memory representation of strings are ASCII or UTF-16.
不过,开始时是同一种格式的调试器用于调试+的Windows +内存1的窗口转储这些数据。你可以找到code这样做这个职位。
But start out dumping this data in the same kind of format the debugger uses in the Debug + Windows + Memory 1 window. You can find the code to do so in this post.
这篇关于转换ReadProcessMemory输出字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!