我正在尝试从 kernal32.dll windows API 函数中使用 VirtualQueryEx。
我在调用此函数之前获得的所有指针/地址都是正确的。
对 VirtualQueryEx 的调用返回 0 ,这意味着没有成功。
GetLastError() 还返回错误代码 5,这意味着访问被拒绝):
请问我做错了什么?
- Windows 8,管理员权限。
JNA 映射:
public class Test
{
static Kernel32 kernel32 = (Kernel32) Native.loadLibrary("kernel32", Kernel32.class);
static User32 user32 = (User32) Native.loadLibrary("user32" , User32.class);
public static void main(String[] args)
{
int pid = getProcessId("someWindowName"); // get our process ID
Pointer readprocess = kernel32.OpenProcess(0x0010, false,pid); // open the process ID with read priviledges.
MEMORY_BASIC_INFORMATION l = new MEMORY_BASIC_INFORMATION();
SYSTEM_INFO info = new SYSTEM_INFO();
kernel32.GetSystemInfo(info);
System.out.println(kernel32.VirtualQueryEx(readprocess, info.lpMinimumApplicationAddress, l, l.size()));
System.out.println(kernel32.GetLastError());
}
public static int getProcessId(String window)
{
IntByReference pid = new IntByReference(0);
user32.GetWindowThreadProcessId(user32.FindWindowA(null,window), pid);
return pid.getValue();
}
public static Pointer openProcess(int permissions, int pid)
{
Pointer process = kernel32.OpenProcess(permissions,true, pid);
return process;
}
public static Memory readMemory(Pointer process, int address, int bytesToRead)
{
IntByReference read = new IntByReference(0);
Memory output = new Memory(bytesToRead);
kernel32.ReadProcessMemory(process, address, output, bytesToRead, read);
return output;
}
}
内核32内
int VirtualQueryEx(Pointer readprocess, Pointer lpMinimumApplicationAddress,MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
memory_basic 结构:
public class MEMORY_BASIC_INFORMATION extends Structure {
public Pointer baseAddress;
public Pointer allocationBase;
public NativeLong allocationProtect;
public SIZE_T regionSize;
public NativeLong state;
public NativeLong protect;
public NativeLong type;
}
谢谢 !