#include <windows.h>
//OpenProcess須要提權,由於代碼經常使用摳出來的全部沒有提權.
BOOL iteratorMemory(DWORD dwPid)
{
if (dwPid == 0 || dwPid == 4)
return FALSE;
HANDLE hProcess = 0;
DWORD dwTempSize = 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid);
if (!hProcess)
{
return FALSE;
}
PMEMORY_BASIC_INFORMATION pMemInfo = new MEMORY_BASIC_INFORMATION();
DWORD dwErrorCode;
dwErrorCode = VirtualQueryEx(hProcess, 0, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (0 == dwErrorCode)
{
return FALSE;
}
// pMeminfo->Regionsize 表明當前遍歷出的內存大小
for (__int64 i = pMemInfo->RegionSize; i < (i + pMemInfo->RegionSize); i += pMemInfo->RegionSize)
{
dwErrorCode = VirtualQueryEx(hProcess, (LPVOID)i, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION));
if (0 == dwErrorCode)
break;
if (pMemInfo->State != MEM_COMMIT) //判斷提交狀態
continue;
if (pMemInfo->Protect != PAGE_READWRITE) //判斷內存屬性
{
continue;
}
if (pMemInfo->Type != MEM_PRIVATE) //判斷類型 映射 私有 xxx
{
continue;
}
continue;
}
return FALSE;
}
原理: 原理主要是 使用 ** VirtualQueryEx ** 函數. 函數遍歷以後會將內存信息反饋到一個Buf中.這個Buf是個結構體 ** PMEMORY_BASIC_INFORMATION **windows