C# 内存修改

先通过

System.Diagnostics.Process类获取想要编辑的进程

 

调用API

  [Flags]
                    public enum ProcessAccessType
                    {
                        PROCESS_TERMINATE = (0x0001),
                        PROCESS_CREATE_THREAD = (0x0002),
                        PROCESS_SET_SESSIONID = (0x0004),
                        PROCESS_VM_OPERATION = (0x0008),
                        PROCESS_VM_READ = (0x0010),
                        PROCESS_VM_WRITE = (0x0020),
                        PROCESS_DUP_HANDLE = (0x0040),
                        PROCESS_CREATE_PROCESS = (0x0080),
                        PROCESS_SET_QUOTA = (0x0100),
                        PROCESS_SET_INFORMATION = (0x0200),
                        PROCESS_QUERY_INFORMATION = (0x0400)
                    }
                    [DllImport("kernel32.dll")]
                    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 CloseHandle(IntPtr hObject);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
                    [DllImport("kernel32.dll")]
                    public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);

 

打开进程

private IntPtr m_hProcess = IntPtr.Zero;   //这个保存打开了个进程句柄

   public void OpenProcess()
                {
                    //   m_hProcess = ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ, 1, (uint)m_ReadProcess.Id);
                    ProcessMemoryReaderApi.ProcessAccessType access;
                    access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
                    m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
                }

m_ReadProcess.Id 进程的ID编号  

读取

 public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
                {
                    byte[] buffer = new byte[bytesToRead];

                    IntPtr ptrBytesRead;
                    ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);

                    bytesRead = ptrBytesRead.ToInt32();

                    return buffer;
                }

IntPrt MemoryAddress 为要读取的内存地址

uint bytesToRead 需要读的数量

out int bytesRead 实际读出的数量

 

写入 

   public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
                {
                    IntPtr ptrBytesWritten;
                    ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress, bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);

                    bytesWritten = ptrBytesWritten.ToInt32();
                }

IntPrt MemoryAddress 为要读取的内存地址

byte[] bytesToWrite 需要写入的数据

out int bytesWritten 实际写入多少

你可能感兴趣的:(thread,C#,query,buffer,Access,byte)