我已经使用 CreateProcess 执行了一个进程,但是我想转储分配给进程的内存区域怎么做?
到目前为止,我的代码是:
function ExecuteAndDumpProcess(FileName: String): String;
var
BytesRead : DWORD;
BufferSize : Integer;
begin
flag:=0;
idh := pointer(LoadLibraryEx(PChar(FileName),0,DONT_RESOLVE_DLL_REFERENCES));
inh := pointer(dword(idh)+idh^._lfanew);
EP := pointer(inh^.OptionalHeader.ImageBase + inh^.OptionalHeader.AddressOfEntryPoint);
GetStartupInfo(si);
if CreateProcess(pChar(FileName),nil,nil,nil,FALSE,DEBUG_PROCESS+DEBUG_ONLY_THIS_PROCESS,nil,nil,si,pi) then
While TRUE do begin
WaitForDebugEvent(DBEvent, 100000);
if DBEvent.dwDebugEventCode = EXIT_PROCESS_DEBUG_EVENT then
Begin
Exit;
End;
if dbevent.dwDebugEventCode = CREATE_PROCESS_DEBUG_EVENT then
Begin
End;
If dbevent.dwDebugEventCode = EXCEPTION_DEBUG_EVENT then
Begin
// if (DBEvent.Exception.ExceptionRecord.ExceptionCode = EXCEPTION_BREAKPOINT) and (flag = 1) then
Begin
BufferSize:= (1024 * 1024) * 4;
SetLength(Result, BufferSize);
ReadProcessMemory(pi.hProcess, Pointer(dword(EP)-15), @Result[0], BufferSize, BytesRead);
FreeLibrary(dword(idh));
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
//ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_TERMINATE_THREAD);
// ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_TERMINATE_PROCESS);
// ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_CONTROL_BREAK);
TerminateProcess(pi.hProcess, 0);
Exit;
End;
if (DBEvent.Exception.ExceptionRecord.ExceptionCode = EXCEPTION_BREAKPOINT) and (flag=0) then
begin
inc(flag);
end;
ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_CONTINUE);
end;
ContinueDebugEvent(DBEvent.dwProcessId,DBEvent.dwThreadId,DBG_EXCEPTION_NOT_HANDLED);
end;
end;