以文本方式查看主题

-  中文XML论坛 - 专业的XML技术讨论区  (http://bbs.xml.org.cn/index.asp)
--  『 Dot NET,C#,ASP,VB 』  (http://bbs.xml.org.cn/list.asp?boardid=43)
----  C# 内存内容修改方法  (http://bbs.xml.org.cn/dispbbs.asp?boardid=43&rootid=&id=125324)

--  作者:卷积内核
--  发布时间:7/24/2012 10:06:00 AM

--  C# 内存内容修改方法

先通过

System.Diagnostics.Process类获取想要编辑的进程

调用API

  [Flags]
                    public enum ProcessAccessType
                    {
                        PROCESS_TERMINATE = (0x0001),
                        PROCESS_CREATE_THREAD = (0x0002),
                        PROCESS_SET_SESSIONID = (0x0004),
                        PROCESS_VM_OPERATION = (0x0008),
                        PROCESS_VM_READ = (0x0010),
                        PROCESS_VM_WRITE = (0x0020),
                        PROCESS_DUP_HANDLE = (0x0040),
                        PROCESS_CREATE_PROCESS = (0x0080),
                        PROCESS_SET_QUOTA = (0x0100),
                        PROCESS_SET_INFORMATION = (0x0200),
                        PROCESS_QUERY_INFORMATION = (0x0400)
                    }
                    [DllImport("kernel32.dll")]
                    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 CloseHandle(IntPtr hObject);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);

打开进程

private IntPtr m_hProcess = IntPtr.Zero;   //这个保存打开了个进程句柄

   public void OpenProcess()
                {
                    //   m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
                    ProcessMemoryReaderApi.ProcessAccessType access;
                    access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
                    m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
                }

m_ReadProcess.Id 进程的ID编号   

读取

public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
                {
                    byte[] buffer = new byte[bytesToRead];

                    IntPtr ptrBytesRead;
                    ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);

                    bytesRead = ptrBytesRead.ToInt32();

                    return buffer;
                }

IntPrt MemoryAddress 为要读取的内存地址

uint bytesToRead 需要读的数量

out int bytesRead 实际读出的数量

写入

   public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
                {
                    IntPtr ptrBytesWritten;
                    ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);

                    bytesWritten = ptrBytesWritten.ToInt32();
                }

IntPrt MemoryAddress 为要读取的内存地址

byte[] bytesToWrite 需要写入的数据

out int bytesWritten 实际写入多少

W 3 C h i n a ( since 2003 ) 旗 下 站 点
苏ICP备05006046号《全国人大常委会关于维护互联网安全的决定》《计算机信息网络国际联网安全保护管理办法》
 46.875ms