C#读写内存操作方式
来源:互联网 发布:eve捏脸数据下载 编辑:程序博客网 时间:2024/05/16 06:02
public class MemoryHelp { [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory ( IntPtr lpProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, IntPtr BytesRead ); //打开进程 //kernel32.dll系统动态链接库 [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess ( int iAccess, bool Handle, int ProcessID ); //关闭句柄 [DllImport("kernel32.dll", EntryPoint = "CloseHandle")] private static extern void CloseHandle ( IntPtr hObject ); //写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory ( IntPtr lpProcess, IntPtr lpBaseAddress, int[] lpBuffer, int nSize, IntPtr BytesWrite ); //写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory ( IntPtr lpProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, IntPtr BytesWrite ); //GetModuleHandle是获取一个应用程序或动态链接库的模块句柄。 [DllImport("kernel32")] public static extern IntPtr GetModuleHandle(string lpModuleName); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool VirtualProtectEx ( //修改内存的句柄 IntPtr hProcess, //要修改的起始地址 IntPtr lpAddress, //页区域大小 int dwSize, //访问方式 int flNewProtect, //用于保护改变前的保护属性 ref IntPtr lpflOldProtect ); //根据进程名获取PID public static int GetPidByProcessName(string processName) { Process[] ArrayProcess = Process.GetProcessesByName(processName); foreach (Process pro in ArrayProcess) { return pro.Id; } return 0; } //读内存模块 public static IntPtr ReadModule(string ModuleName) { return GetModuleHandle(ModuleName); } //读取内存的值 public static int ReadMemoryValue(int baseAddress, string ProcessName) { try { byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(ProcessName)); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); CloseHandle(hProcess); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } public static long ReadMemoryValue(long baseAddress, string ProcessName) { try { string temp = ((IntPtr)baseAddress).ToString("x"); byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(ProcessName)); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); CloseHandle(hProcess); string ss = ((IntPtr)baseAddress).ToString("x"); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } #region 写内存方式 //写内存整数型 public static void WriteMemoryValue(long baseAddress, string ProcessName, int value) { //打开进程获得句柄 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(ProcessName)); bool flag; int[] Data = new int[] { value }; flag = WriteProcessMemory(hProcess, (IntPtr)baseAddress, Data, 4, IntPtr.Zero); CloseHandle(hProcess); } //写内存字节型 public static void WriteMemoryValue(int baseAddress, string ProcessName, byte[] value) { //打开进程获得句柄 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(ProcessName)); bool flag; //bool flag2; IntPtr adds = (IntPtr)0x33; //flag2 = VirtualProtectEx(hProcess, (IntPtr)baseAddress, 4, 0x40, ref adds); flag = WriteProcessMemory(hProcess, (IntPtr)baseAddress, value, value.Length, IntPtr.Zero); string temp = ((IntPtr)baseAddress).ToString("x"); CloseHandle(hProcess); } #endregion }
0 0
- C#读写内存操作方式
- c#读写共享内存操作函数封装
- C#的文件读写操作--流方式一次读写文件
- c#读写共享内存操作函数封装 淮安七夕软件有限公司
- c#操作excel方式一:stream简单读写excel
- c#操作excel方式一:stream简单读写excel
- C#中读写内存
- C#中读写内存
- c#读写内存
- C#读写内存
- 缓冲区方式读写操作
- C#操作注册表(读写)
- C#操作注册表(读写)
- C#文件读写操作
- C# 读写操作Excel
- C#文件读写操作
- c#文件读写操作
- C#文件读写操作
- [SQL优化工具]Quest.Central.For.Databases——SQL Tuning for SQL Server
- 关于导航栏总是默认偏移64的解决方案:
- php常用的魔法变量
- AndroidStudio快捷键大全
- 标准C++中string类函数介绍
- C#读写内存操作方式
- tomcat
- Android 4.4 下拉菜单手势感应区域修改
- C语言的传值与传地址
- 可解释机器学习
- 洛谷 P1966 火柴排队
- mysql b-tree索引
- zookeeper和PHP zookeeper和kafka 扩展安装
- 手把手教你智能硬件开发(五) 开关按钮