本文整理汇总了C#中ProcessHandle.ReadMemory方法的典型用法代码示例。如果您正苦于以下问题:C# ProcessHandle.ReadMemory方法的具体用法?C# ProcessHandle.ReadMemory怎么用?C# ProcessHandle.ReadMemory使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ProcessHandle的用法示例。
在下文中一共展示了ProcessHandle.ReadMemory方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: Search
public override void Search()
{
Results.Clear();
byte[] text = (byte[])Params["text"];
ProcessHandle phandle;
int count = 0;
int minsize = (int)BaseConverter.ToNumberParse((string)Params["s_ms"]);
bool unicode = (bool)Params["unicode"];
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
StringBuilder curstr = new StringBuilder();
bool isUnicode = false;
byte byte2 = 0;
byte byte1 = 0;
for (int i = 0; i < bytesRead; i++)
{
bool isChar = IsChar(data[i]);
if (unicode && isChar && isUnicode && byte1 != 0)
{
isUnicode = false;
if (curstr.Length > 0)
curstr.Remove(curstr.Length - 1, 1);
curstr.Append((char)data[i]);
}
else if (isChar)
{
curstr.Append((char)data[i]);
}
else if (unicode && data[i] == 0 && IsChar(byte1) && !IsChar(byte2))
{
isUnicode = true;
}
else if (unicode &&
data[i] == 0 && IsChar(byte1) && IsChar(byte2) && curstr.Length < minsize)
{
isUnicode = true;
curstr = new StringBuilder();
curstr.Append((char)byte1);
}
else
{
if (curstr.Length >= minsize)
//.........这里部分代码省略.........
示例2: dumpMemoryMenuItem_Click
private void dumpMemoryMenuItem_Click(object sender, EventArgs e)
{
SaveFileDialog sfd = new SaveFileDialog();
sfd.FileName = "Memory.bin";
sfd.Filter = "Binary Files (*.bin)|*.bin|All Files (*.*)|*.*";
if (sfd.ShowDialog() == DialogResult.OK)
{
try
{
using (var phandle = new ProcessHandle(_pid, ProcessAccess.VmRead))
using (var fhandle = FileHandle.CreateWin32(sfd.FileName, FileAccess.GenericWrite, FileShareMode.Read))
{
foreach (ListViewItem litem in listMemory.SelectedItems)
{
MemoryItem item = (MemoryItem)litem.Tag;
using (MemoryAlloc alloc = new MemoryAlloc((int)item.Size))
{
try
{
unsafe
{
phandle.ReadMemory(item.Address, (IntPtr)alloc, (int)item.Size);
fhandle.Write(alloc.Memory, (int)item.Size);
}
}
catch (WindowsException)
{ }
}
}
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to dump the selected memory regions", ex);
}
}
}示例3: ReadMemory
private void ReadMemory()
{
using (var phandle = new ProcessHandle(_pid, Program.MinProcessReadMemoryRights))
{
_data = new byte[_length];
if (phandle.ReadMemory(_address, _data, (int)_length) == 0)
throw new Exception("Unknown error.");
hexBoxMemory.ByteProvider = new Be.Windows.Forms.DynamicByteProvider(_data);
}
}示例4: Search
public override void Search()
{
Results.Clear();
byte[] text = (byte[])Params["text"];
ProcessHandle phandle;
int count = 0;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
bool nooverlap = (bool)Params["nooverlap"];
if (text.Length == 0)
{
CallSearchFinished();
return;
}
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
for (int i = 0; i < bytesRead; i++)
{
bool good = true;
for (int j = 0; j < text.Length; j++)
{
if (i + j > bytesRead - 1)
continue;
if (data[i + j] != text[j])
{
good = false;
break;
}
}
if (good)
{
Results.Add(new string[] { Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", i), text.Length.ToString(), "" });
count++;
if (nooverlap)
i += text.Length - 1;
}
}
data = null;
return true;
});
//.........这里部分代码省略.........
示例5: Search
public override void Search()
{
Results.Clear();
string regex = (string)Params["regex"];
ProcessHandle phandle;
int count = 0;
RegexOptions options = RegexOptions.Singleline | RegexOptions.Compiled;
Regex rx = null;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
if (regex.Length == 0)
{
CallSearchFinished();
return;
}
try
{
if ((bool)Params["ignorecase"])
options |= RegexOptions.IgnoreCase;
rx = new Regex(regex, options);
}
catch (Exception ex)
{
CallSearchError("Could not initialize regex: " + ex.Message);
return;
}
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
// skip unreadable areas
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
StringBuilder sdata = new StringBuilder();
string sdata2 = "";
for (int i = 0; i < data.Length; i++)
sdata.Append((char)data[i]);
sdata2 = sdata.ToString();
sdata = null;
MatchCollection mc = rx.Matches(sdata2);
foreach (Match m in mc)
{
Results.Add(new string[] { Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", m.Index), m.Length.ToString(),
Utils.MakePrintable(m.Value) });
count++;
}
//.........这里部分代码省略.........