我尝试读取进程的所有提交页面(Win7-64).在大多数页面上它可以工作,但几页失败.我无法解释原因.这是我的测试程序(编译x32,在Win7-64中测试):
#include <windows.h>
void main()
{
HANDLE hProc = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_informatION,FALSE,GetCurrentProcessId());
SYstem_INFO si;
ZeroMemory(&si,sizeof(SYstem_INFO));
GetSystemInfo(&si);
char* buf = new char[si.dwPageSize];
for (unsigned i = 0; i < 0x7fff0; i++)
{
void* baSEOffs = (void*) (i * si.dwPageSize);
MEMORY_BASIC_informatION mbi;
ZeroMemory(&mbi,sizeof(MEMORY_BASIC_informatION));
if (VirtualQueryEx(hProc,baSEOffs,&mbi,sizeof(MEMORY_BASIC_informatION)) == 0)
{
MessageBox(NULL,TEXT("VirtualQueryEx Failed"),TEXT(""),MB_OK);
}
if (mbi.State == MEM_COMMIT)
{
SIZE_T numByteWritten = 0;
if(ReadProcessMemory(hProc,buf,si.dwPageSize,&numByteWritten) == FALSE)
OutputDebugString(TEXT("bad\n")); //GetLastError()==ERROR_PARTIALLY_READ; numByteWritten == 0;
else
OutputDebugString(TEXT("good\n"));
}
}
delete[] buf;
}
我厌倦了查看失败页面的MEMORY_BASIC_informatION,但我没有发现任何奇怪的东西.失败页面的数量也因运行而异(平均约为5).什么阻止我阅读这些页面?我是否需要调整进程令牌中的某些权限?
解决方法
确定了一些调试和有趣的事情:所有失败的页面都设置了保护位PAGE_GUARD(参见
MSDN doc).在我解释文档时,您无法使用ReadProcessMemory读取这些页面.
if(ReadProcessMemory(hProc,&numByteWritten) == FALSE) {
assert(mbi.Protect & 0x100);
OutputDebugString(TEXT("bad\n")); //GetLastError()==ERROR_PARTIALLY_READ; numByteWritten == 0;
}
else {
assert(!(mbi.Protect & 0x100));
OutputDebugString(TEXT("good\n"));
}
