1

这是 Form1 中的代码:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace MemoryScanner
{
    public partial class Form1 : Form
    {


        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
            [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

        public static byte[] ReadBytes(IntPtr Handle, Int64 Address, uint BytesToRead)
        {
            IntPtr ptrBytesRead;
         //   ptrBytesRead = (IntPtr)30;
            byte[] buffer = new byte[BytesToRead];
            ReadProcessMemory(Handle, new IntPtr(Address), buffer, BytesToRead, out ptrBytesRead);

            Array.Resize<byte>(ref buffer, ptrBytesRead.ToInt32());
            return buffer;
        }

        public static int ReadInt32(long Address, uint length = 4, IntPtr? Handle = null)
        {
            return BitConverter.ToInt32(ReadBytes((IntPtr)Handle, Address, length), 0);
        }

        public static string ReadString(long Address, uint length = 32, IntPtr? Handle = null)
        {
            string temp3 = ASCIIEncoding.Default.GetString(ReadBytes((IntPtr)Handle, Address, length));
            string[] temp3str = temp3.Split('\0');
            return temp3str[0];
        }


        public Form1()
        {
            InitializeComponent();

            Process p = null;
            UInt32 Address = 00002688;
            // get process
            Process[] Processes = Process.GetProcesses();
            List<Process> flash_processes = new List<Process>();
            for (int i = 0; i < Processes.Length; i++)
            {
                //IntPtr f = Test[i].MainModule.BaseAddress;// Are you sure you want the flag  process ? 
                p = Processes[i];
                if (p.ProcessName.StartsWith("FlashPlugin") == true)
                    flash_processes.Add(p);
            }
            Process Test = flash_processes[1]; // take the second flash process .. are you sure about that? we need the second process ?


            p = Candy;




            UInt32 proc_base_addr = (UInt32)p.MainModule.BaseAddress.ToInt32();//+00000+1835008+100000;
            uint proc_mem_sz = (uint)p.MainModule.ModuleMemorySize;

//            byte[] arr = ReadBytes(p.Handle, proc_base_addr, proc_mem_sz);

            byte[] arr = ReadBytes(p.Handle, proc_base_addr, proc_mem_sz);//5 * 1024 * 1024);

该项目在管理员下。我得到 arr 的大小是:1888256 变量 proc_mem_sz 包含:1888256

当我使用 Windows 任务管理器时,我看到两个进程,一个是内存大小:78.1MB 第二个是:3.1MB

问题是我无法获得特定的进程内存大小。我需要它来读取特定进程的所有内存。

4

1 回答 1

1

ModuleMemorySize indicates the amount of memory that is required to load the module. It includes only the size of the static code and data in the module file, but no additional allocations made from the module after it's been loaded.

To get detailed information about the memory usage of a process you should look at GetProcessMemoryInfo. You can find an example here.

You can retrieve information about the current working set (the amount of memory physically mapped to its process context) with QueryWorkingSet \ QueryWorkingSetEx. More info here.

于 2013-10-08T20:48:09.470 回答