windows-遍历另一进程内存根据进程PID

#include 
//OpenProcess需要提权,因为代码常用抠出来的所有没有提权.
BOOL iteratorMemory(DWORD dwPid)
{
	if (dwPid == 0 || dwPid == 4)
		return FALSE;

	
	HANDLE hProcess = 0;
	DWORD dwTempSize = 0;
	hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid);
	if (!hProcess)
	{

		return FALSE;
	}

	PMEMORY_BASIC_INFORMATION pMemInfo = new MEMORY_BASIC_INFORMATION();
	DWORD dwErrorCode;
	dwErrorCode = VirtualQueryEx(hProcess, 0, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
	if (0 == dwErrorCode)
	{
		return FALSE;
	}


	// pMeminfo->Regionsize 代表当前遍历出的内存大小
	for (__int64 i = pMemInfo->RegionSize; i < (i + pMemInfo->RegionSize); i += pMemInfo->RegionSize)
	{

		dwErrorCode = VirtualQueryEx(hProcess, (LPVOID)i, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
		if (0 == dwErrorCode)
			break;

		if (pMemInfo->State != MEM_COMMIT)      //判断提交状态
			continue;

		if (pMemInfo->Protect != PAGE_READWRITE) //判断内存属性
		{
			continue;
		}

		

		if (pMemInfo->Type != MEM_PRIVATE)		//判断类型 映射 私有 xxx
		{
			continue;
		}


		continue;

	}

	return FALSE;

}

原理:
原理主要是 使用
** VirtualQueryEx ** 函数. 函数遍历之后会将内存信息反馈到一个Buf中.这个Buf是个结构体
** PMEMORY_BASIC_INFORMATION **