2. 질의 응답
  3. VB.NET ReadProcessMemory 문자열

VB.NET ReadProcessMemory 문자열

2015-01-28 15 views
0

그래서 나는 다음과 같은 코드를VB.NET ReadProcessMemory 문자열

Imports System.Diagnostics 
Imports System.IO 
Imports System.Runtime.InteropServices  
Public Class Form1  
    <StructLayout(LayoutKind.Sequential)> _ 
    Structure OSVERSIONINFO 
     Dim dwOSVersionInfoSize As Integer 
     Dim dwMajorVersion As Integer 
     Dim dwMinorVersion As Integer 
     Dim dwBuildNumber As Integer 
     Dim dwPlatformId As Integer 
     <MarshalAs(UnmanagedType.ByValTStr, SizeConst:=128), VBFixedString(128)> Dim szCSDVersion As String 
    End Structure 
    <StructLayout(LayoutKind.Sequential)> _ 
    Structure MEMORY_BASIC_INFORMATION 
     Dim BaseAddress As Integer 
     Dim AllocationBase As Integer 
     Dim AllocationProtect As Integer 
     Dim RegionSize As Integer 
     Dim State As Integer 
     Dim Protect As Integer 
     Dim lType As Integer 
    End Structure  
    <StructLayout(LayoutKind.Sequential)> _ 
    Structure SYSTEM_INFO ' 36 Bytes 
     Dim dwOemID As Integer 
     Dim dwPageSize As Integer 
     Dim lpMinimumApplicationAddress As Integer 
     Dim lpMaximumApplicationAddress As Integer 
     Dim dwActiveProcessorMask As Integer 
     Dim dwNumberOrfProcessors As Integer 
     Dim dwProcessorType As Integer 
     Dim dwAllocationGranularity As Integer 
     Dim wProcessorLevel As Short 
     Dim wProcessorRevision As Short 
    End Structure 
    Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (ByRef LpVersionInformation As OSVERSIONINFO) As Integer 
    Private Declare Function VirtualQueryEx Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpAddress As UInteger, ByRef lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Integer) As Integer 
    Private Declare Sub GetSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SYSTEM_INFO) 
    Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal blnheritHandle As Integer, ByVal dwAppProcessId As Integer) As Integer 
    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer 
    Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByRef lpBaseAddress As Integer, ByRef lpBuffer As Long, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer 
    Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByRef lpBaseAddress As Integer, ByRef lpBuffer As String, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer 
    Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Integer, ByRef lpdwProcessId As Integer) As Integer 
    Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As Integer, ByVal lpWindowName As Integer) As Integer 
    Private Declare Function GetParent Lib "user32" (ByVal hWnd As Integer) As Integer 
    Private Declare Function GetWindow Lib "user32" (ByVal hWnd As Integer, ByVal wCmd As Integer) As Integer 
    Private Const PROCESS_VM_READ = (&H10) 
    Private Const PROCESS_VM_OPERATION = (&H8) 
    Private Const PROCESS_QUERY_INFORMATION = (&H400) 
    Public Const PROCESS_READ_WRITE_QUERY = PROCESS_VM_READ + PROCESS_VM_OPERATION + PROCESS_QUERY_INFORMATION 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click  
     Dim pid As Integer, hProcess As Integer 
     Dim lpMem As Integer, ret As DialogResult, lLenMBI As Integer 
     Dim lWritten As Integer 
     Dim sBuffer As String 
     Dim sSearchString As String = "", sReplaceString As String = "" 
     Dim si As SYSTEM_INFO 
     Dim mbi As MEMORY_BASIC_INFORMATION 
     For Each p As Process In Process.GetProcesses 
      If p.ProcessName = "notepad" Then 
       pid = p.Id 
      End If 
     Next 
     hProcess = OpenProcess(PROCESS_READ_WRITE_QUERY, False, pid) 
     lLenMBI = Len(mbi) 
     'Determine applications memory addresses range 
     GetSystemInfo(si) 
     lpMem = si.lpMinimumApplicationAddress 
     Do While lpMem < si.lpMaximumApplicationAddress 
      mbi.RegionSize = 0 
      ret = VirtualQueryEx(hProcess, lpMem, mbi, lLenMBI) 
      If ret = lLenMBI Then 
       If ((mbi.lType = &H20000) And (mbi.State = &H1000)) Then 
        If mbi.RegionSize > 0 Then 
         Dim stringinmemory As Long 
         sBuffer = mbi.RegionSize 
         ReadProcessMemory(hProcess, mbi.BaseAddress, stringinmemory, mbi.RegionSize, lWritten) 
         Debug.WriteLine(sBuffer) 
        End If 
       End If 
       lpMem = mbi.BaseAddress + mbi.RegionSize 
      Else 
       Exit Do 
      End If 
     Loop 
     CloseHandle(hProcess) 
    End Sub 
End Class

을 가지고 그리고 그것은 (같은 단계적으로) 모든 메모장 메모리를 읽어야합니다. 내가 그것을 실행할 때 아무런 오류가 발생하지 않지만 반환한다.

 

    4096 
    4096 
    4096 
    8192 
    90112 
    4096 
    344064 
    131072 
    8192 
    45056 
    172032 
    4096 
    155648 
    4096

이 코드는 VB6에서 잘 작동하지만 VB.NET으로 변환되었다. 내가 뭘 잘못하고 있니? 도와 줄수있으세요 ? 미리 감사드립니다. Nicu

출처

2015-01-28 Stoica Nicusor

+0

[중고] 어둡게 mybytes (mbi.RegionSize) .Text.Encoding.ASCII.GetString (mybytes)) [/ pre] 여전히 텍스트를 가져올 수 없습니다. –

답변

1

보고있는 결과를 설명하는 정수인 sBuffer의 값을 인쇄하고 있습니다. 게다가 sBuffer에는 메모리에서 읽은 데이터가 들어 있지 않습니다. 나는 당신의 lpBuffer 매개 변수 (또한 stringinmemory도)가 Long이 아니라 Byte 배열이되어야한다고 생각한다. 이런 일 & 시스템 ​​: 바이트 ReadProcessMemory (hProcess, mbi.BaseAddress, mybytes, mbi.RegionSize, vbNull) 의 Debug.WriteLine ("X"로

Const PROCESS_WM_READ As Integer = &H10 

<DllImport("kernel32.dll")> _ 
Public Shared Function OpenProcess(dwDesiredAccess As Integer, bInheritHandle As Boolean, dwProcessId As Integer) As IntPtr 
End Function 

<DllImport("kernel32.dll")> _ 
Public Shared Function ReadProcessMemory(hProcess As Integer, lpBaseAddress As Integer, lpBuffer As Byte(), dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean 
End Function 

Public Shared Sub Main() 
    Dim notepadProcess As Process = Process.GetProcessesByName("notepad")(0) 
    Dim processHandle As IntPtr = OpenProcess(PROCESS_WM_READ, False, notepadProcess.Id) 

    Dim bytesRead As Integer = 0 
    Dim buffer As Byte() = New Byte(23) {} 

    'The address in this line is hard-coded. Use whatever is appropriate for your situation. 
    ReadProcessMemory(CInt(processHandle), &H36B9D0, buffer, buffer.Length, bytesRead) 

    Console.WriteLine(Encoding.Unicode.GetString(buffer)) 
    Console.ReadLine() 
End Sub

출처

2015-01-28 15:13:10

+0

Chris Dunaway에 감사드립니다. –

 관련 문제

  • 관련 문제 없음^_^