如何读取特定地址的进程内存?

How to read process memory at a specific address?

本文关键字:地址 进程 内存 何读取 读取      更新时间:2023-10-16

我想从已知的内存位置开始从进程的内存中读取 64 个字节。为此,我编写了以下C++代码:

#include <iostream>
#include <Windows.h>
#include <iomanip>
using namespace std;
int main() {
LPCVOID Address = (LPCVOID)0x0000029FC0C41FF0; // the memory address where I want to read from
byte buffer[64];
HANDLE hProcess = OpenProcess(PROCESS_VM_READ, 0, 13868);  // the process ID of the process

ReadProcessMemory(hProcess, Address, &buffer, sizeof(buffer), 0);
const int siz_ar = sizeof(buffer) / sizeof(int);   // the rest is trying to display the bytes read on stdout
for (int i = 0; i < siz_ar; ++i)
cout << hex << setfill('0') << setw(2) << buffer[i] << " ";
cout << endl;
}

它不起作用,并在控制台输出中产生以下奇怪的字符串:

0╠ 0╠ 0╠ 0╠ 0╠ 0╠ 0╠ 0╠

如何更正此程序以从特定进程(由进程 ID 指定(的特定内存地址读取原始字节?

您的byte可能是char的别名。如果将char传递给std::cout,它将打印为字符,而不是数字。首先转换为非字符类型,如unsigned int

然后你会注意到它只输出0xCC,这是未初始化内存的常见标记(在某些代码页中(。对您的呼叫进行错误检查,以找出为什么buffer永远不会被填满。

相关文章: