求高人指点 基址为.exe+偏移量的内存数据如何读取?
基址为.dll+偏移量为地址的内存数据 我可以读取到
不知道为什么基址为.exe+偏移量为地址的的内存数据读出的始终为零
我用的十六进制400000代替.exe求得地址
权限已作提升,为什么还是读数为零 求高人指点
[解决办法]
Public Function GetProcesses(ByVal EXEName As String) Dim booResult As Boolean Dim lngLength As Long Dim lngProcessID As Long Dim strProcessName As String Dim lngSnapHwnd As Long Dim udtProcEntry As PROCESSENTRY32 Dim lngCBSize As Long 'Specifies the size, In bytes, of the lpidProcess array Dim lngCBSizeReturned As Long 'Receives the number of bytes returned Dim lngNumElements As Long Dim lngProcessIDs() As Long Dim lngCBSize2 As Long Dim lngModules(1 To 200) As Long Dim lngReturn As Long Dim strModuleName As String Dim lngSize As Long Dim lngHwndProcess As Long Dim lngLoop As Long Dim b As Long Dim c As Long Dim e As Long Dim d As Long Dim pmc As PROCESS_MEMORY_COUNTERS Dim lret As Long Dim strProcName2 As String Dim strProcName As String 'Turn on Error handler On Error GoTo Error_handler booResult = False EXEName = UCase$(Trim$(EXEName)) lngLength = Len(EXEName) 'ProcessInfo.bolRunning = False Select Case getVersion() 'I'm not bothered about windows 95/98 becasue this class probably wont be used on it anyway. Case WIN95_System_Found 'Windows 95/98 Case WINNT_System_Found 'Windows NT lngCBSize = 8 ' Really needs To be 16, but Loop will increment prior to calling API lngCBSizeReturned = 96 Do While lngCBSize <= lngCBSizeReturned DoEvents 'Increment Size lngCBSize = lngCBSize * 2 'Allocate Memory for Array ReDim lngProcessIDs(lngCBSize / 4) As Long 'Get Process ID's lngReturn = EnumProcesses(lngProcessIDs(1), lngCBSize, lngCBSizeReturned) Loop 'Count number of processes returned lngNumElements = lngCBSizeReturned / 4 'Loop thru each process For lngLoop = 1 To lngNumElements DoEvents 'Get a handle to the Process and Open lngHwndProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lngProcessIDs(lngLoop)) If lngHwndProcess <> 0 Then 'Get an array of the module handles for the specified process lngReturn = EnumProcessModules(lngHwndProcess, lngModules(1), 200, lngCBSize2) 'If the Module Array is retrieved, Get the ModuleFileName If lngReturn <> 0 Then 'Buffer with spaces first to allocate memory for byte array strModuleName = Space(MAX_PATH) 'Must be set prior to calling API lngSize = 500 'Get Process Name lngReturn = GetModuleFileNameExA(lngHwndProcess, lngModules(1), strModuleName, lngSize) 'Remove trailing spaces strProcessName = Left(strModuleName, lngReturn) 'Check for Matching Upper case result strProcessName = UCase$(Trim$(strProcessName)) strProcName2 = GetElement(Trim(Replace(strProcessName, Chr$(0), "")), "\", 0, 0, GetNumElements(Trim(Replace(strProcessName, Chr$(0), "")), "\") - 1) If strProcName2 = EXEName Then 'Get the Site of the Memory Structure pmc.cb = LenB(pmc) lret = GetProcessMemoryInfo(lngHwndProcess, pmc, pmc.cb) Debug.Print EXEName & "::" & CStr(pmc.WorkingSetSize / 1024) End If End If End If 'Close the handle to this process lngReturn = CloseHandle(lngHwndProcess) DoEvents Next End SelectIsProcessRunning_Exit:'Exit early to avoid error handlerExit FunctionError_handler: Err.Raise Err, Err.Source, "ProcessInfo", Error Resume NextEnd FunctionPrivate Function getVersion() As Long Dim osinfo As OSVERSIONINFO Dim retvalue As Integer osinfo.dwOSVersionInfoSize = 148 osinfo.szCSDVersion = Space$(128) retvalue = GetVersionExA(osinfo) getVersion = osinfo.dwPlatformIdEnd FunctionPrivate Function StrZToStr(s As String) As String StrZToStr = Left$(s, Len(s) - 1)End FunctionPublic Function GetElement(ByVal strList As String, ByVal strDelimiter As String, ByVal lngNumColumns As Long, ByVal lngRow As Long, ByVal lngColumn As Long) As String Dim lngCounter As Long ' Append delimiter text to the end of the list as a terminator. strList = strList & strDelimiter ' Calculate the offset for the item required based on the number of columns the list ' 'strList' has i.e. 'lngNumColumns' and from which row the element is to be ' selected i.e. 'lngRow'. lngColumn = IIf(lngRow = 0, lngColumn, (lngRow * lngNumColumns) + lngColumn) ' Search for the 'lngColumn' item from the list 'strList'. For lngCounter = 0 To lngColumn - 1 ' Remove each item from the list. strList = Mid$(strList, InStr(strList, strDelimiter) + Len(strDelimiter), Len(strList)) ' If list becomes empty before 'lngColumn' is found then just ' return an empty string. If Len(strList) = 0 Then GetElement = "" Exit Function End If Next lngCounter ' Return the sought list element. GetElement = Left$(strList, InStr(strList, strDelimiter) - 1)End Function'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''Function GetNumElements (ByVal strList As String,' ByVal strDelimiter As String)' As Integer'' strList = The element list.' strDelimiter = The delimiter by which the elements in' 'strList' are seperated.'' The function returns an integer which is the count of the' number of elements in 'strList'.'' Author: Roger Taylor'' Date:26/12/1998'' Additional Information:'' Revision History:'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''Public Function GetNumElements(ByVal strList As String, ByVal strDelimiter As String) As Integer Dim intElementCount As Integer ' If no elements in the list 'strList' then just return 0. If Len(strList) = 0 Then GetNumElements = 0 Exit Function End If ' Append delimiter text to the end of the list as a terminator. strList = strList & strDelimiter ' Count the number of elements in 'strlist' While InStr(strList, strDelimiter) > 0 intElementCount = intElementCount + 1 strList = Mid$(strList, InStr(strList, strDelimiter) + 1, Len(strList)) Wend ' Return the number of elements in 'strList'. GetNumElements = intElementCountEnd Function'If you're using VB4 or VB5, uncomment the following function:'Function Replace(sInput As String, WhatToReplace As String, ReplaceWith As String) As String 'Dim Ret As Long 'Replace = sInput 'Ret = -Len(ReplaceWith) + 1 'Do 'Ret = InStr(Ret + Len(ReplaceWith), Replace, WhatToReplace, vbTextCompare) 'If Ret = 0 Then Exit Do 'Replace = Left$(Replace, Ret - 1) + ReplaceWith + Right$(Replace, Len(Replace) - Ret - Len(WhatToReplace) + 1) 'Loop'End Function
[解决办法]
EnumProcessModules得到的第一个就是exe的基地址
