#include <windows.h>
//OpenProcess须要提权,由于代码经常使用抠出来的全部没有提权.
BOOL iteratorMemory(DWORD dwPid)
{
if (dwPid == 0 || dwPid == 4)
return FALSE;
HANDLE hProcess = 0;
DWORD dwTempSize = 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid);
if (!hProcess)
{
return FALSE;
}
PMEMORY_BASIC_INFORMATION pMemInfo = new MEMORY_BASIC_INFORMATION();
DWORD dwErrorCode;
dwErrorCode = VirtualQueryEx(hProcess, 0, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (0 == dwErrorCode)
{
return FALSE;
}
// pMeminfo->Regionsize 表明当前遍历出的内存大小
for (__int64 i = pMemInfo->RegionSize; i < (i + pMemInfo->RegionSize); i += pMemInfo->RegionSize)
{
dwErrorCode = VirtualQueryEx(hProcess, (LPVOID)i, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (0 == dwErrorCode)
break;
if (pMemInfo->State != MEM_COMMIT) //判断提交状态
continue;
if (pMemInfo->Protect != PAGE_READWRITE) //判断内存属性
{
continue;
}
if (pMemInfo->Type != MEM_PRIVATE) //判断类型 映射 私有 xxx
{
continue;
}
continue;
}
return FALSE;
}
原理: 原理主要是 使用 ** VirtualQueryEx ** 函数. 函数遍历以后会将内存信息反馈到一个Buf中.这个Buf是个结构体 ** PMEMORY_BASIC_INFORMATION **windows