我正在尝试扫描整个进程内存但没有成功......我正在做的是:对于我正在使用记事本的测试,所以我在那里写了%B,这个值在 HEX 中是:25(%) 和 42 (乙)。所以代码是:
while (VirtualQueryEx(PIDHandle, Pointer(MemStart), MemInfo, SizeOf(MemInfo)) <> 0) do
begin
if ((MemInfo.State = MEM_COMMIT) and (not (MemInfo.Protect = PAGE_GUARD)
or (MemInfo.Protect = PAGE_NOACCESS)) and (MemInfo.Protect = PAGE_READWRITE)) then
begin
SetLength(Buff, MemInfo.RegionSize);
if (ReadProcessMemory(PIDHandle, MemInfo.BaseAddress, Buff,
MemInfo.RegionSize, ReceivedBytes)) then
begin
for I := 0 to SizeOf(Buff) do
begin
if (IntToHex(Buff[i], 1) = '25') and (IntToHex(Buff[i+2], 1) = '42') then
Form1.Memo1.Lines.Append(IntToHex(Buff[i], 1));
end;
end;
end;
MemStart:= MemStart + MemInfo.RegionSize;
end;
CloseHandle(PIDHandle);
end;
var 'Buff' 是 TBytes(我读过 TBytes 并认为它与字节数组相同)。所以我将字节转换为十六进制,并分别搜索值:25 和 42。代码如下:
if (IntToHex(Buff[i], 1) = '25') and (IntToHex(Buff[i+2], 1) = '42') then
因为在十六进制值之间有 00。所以我需要添加'+2'。如何扫描整个内存以获取此值?