1

该程序用于ReadProcessMemory扫描内存块以获取特定值。不幸的是,当我打电话时,ReadProcessMemory我收到错误 299。

void update_memblock(MEMBLOCK *mb)
{
    //variables
    static unsigned char tempbuf[128*1024];
    size_t bytes_left;
    size_t total_read;
    size_t bytes_to_read;
    size_t  bytes_read;
    size_t sizeMem;
    size_t MemoryBase;

    bytes_left = mb->size;
    total_read = 0;

    while (bytes_left)
    {

        bytes_to_read = (bytes_left > sizeof(tempbuf)) ? sizeof(tempbuf) :  bytes_left;
        ReadProcessMemory(mb->hProc ,mb->addr + total_read,mb->buffer, bytes_to_read, (SIZE_T*)&bytes_read);
        if (bytes_read != bytes_to_read)break;
        memcpy(mb->buffer + total_read, tempbuf,bytes_read);

        bytes_left -= bytes_read;
        total_read += bytes_read;
    }
    mb->size = total_read;
}
4

1 回答 1

0

错误代码 299 (0x12B) ERROR_PARTIAL_COPY “只有部分 ReadProcessMemory 或 WriteProcessMemory 请求已完成”

您收到此错误是因为您尝试从未“分配”的页面读取内存。

您想在产生 MEMORY_BASIC_INFORMATION 结构的每一页内存上使用VirtualQueryEx ( ) ,该结构包含 2 个注意变量:

状态:可以是 MEM_COMMIT、MEM_FREE 或 MEM_RESERVE 保护:可以是任何内存保护常量

您想遍历所有内存页面,在它们上调用 VirtualQueryEx() 并跳过任何不好的页面。我喜欢跳过所有状态为 != MEM_COMMIT 和 Protect == PAGE_NOACCESS 的页面/区域

这是一个伪代码示例:

MEMORY_BASIC_INFORMATION mbi = { 0 };

while (LoopingThroughTheMemories.bat)
{
    if (!VirtualQueryEx(hProc, currentMemoryAddress, &mbi, sizeof(mbi))) continue
    if (mbi.State != MEM_COMMIT || mbi.Protect == PAGE_NOACCESS) continue;

    //good mem region, do ReadProcessMemory() stuffs
}
于 2018-05-06T03:34:30.507 回答