ReadProcessMemory _out_ bytesread

ReadProcessMemory _out_ bytesread

本文关键字:bytesread out ReadProcessMemory      更新时间:2023-10-16

程序使用ReadProcessMemory扫描内存块以获取特定值。不幸的是,当我打电话给ReadProcessMemory时,我收到错误 299。

void update_memblock(MEMBLOCK *mb)
{
    //variables
    static unsigned char tempbuf[128*1024];
    size_t bytes_left;
    size_t total_read;
    size_t bytes_to_read;
    size_t  bytes_read;
    size_t sizeMem;
    size_t MemoryBase;
    bytes_left = mb->size;
    total_read = 0;
    while (bytes_left)
    {
        bytes_to_read = (bytes_left > sizeof(tempbuf)) ? sizeof(tempbuf) :  bytes_left;
        ReadProcessMemory(mb->hProc ,mb->addr + total_read,mb->buffer, bytes_to_read, (SIZE_T*)&bytes_read);
        if (bytes_read != bytes_to_read)break;
        memcpy(mb->buffer + total_read, tempbuf,bytes_read);
        bytes_left -= bytes_read;
        total_read += bytes_read;
    }
    mb->size = total_read;
}

Erorr Code 299 (0x12B) ERROR_PARTIAL_COPY"仅完成了 ReadProcessMemory 或 WriteProcessMemory 请求的一部分"

收到此错误是因为您尝试从未"分配"的页面读取内存。

你想在每一页内存上使用 VirtualQueryEx(),它会产生一个MEMORY_BASIC_INFORMATION结构,其中包含 2 个值得注意的变量:

状态:可以是MEM_COMMIT、MEM_FREE或MEM_RESERVE保护:可以是任何内存保护常量

你想遍历所有的内存页,在它们上调用 VirtualQueryEx() 并跳过任何坏的页。 我喜欢跳过所有状态的页面/区域!= MEM_COMMIT和保护 == PAGE_NOACCESS

下面是一个伪代码示例:

MEMORY_BASIC_INFORMATION mbi = { 0 };
while (LoopingThroughTheMemories.bat)
{
    if (!VirtualQueryEx(hProc, currentMemoryAddress, &mbi, sizeof(mbi))) continue
    if (mbi.State != MEM_COMMIT || mbi.Protect == PAGE_NOACCESS) continue;
    //good mem region, do ReadProcessMemory() stuffs
}
相关文章: