Reading or Writing to Another Processes Memory in C# 转载

https://www.cnblogs.com/zeroone/p/3766247.html

[Flags]
public enum ProcessAccessFlags : uint
{
    All = 0x001F0FFF,
    Terminate = 0x00000001,
    CreateThread = 0x00000002,
    VMOperation = 0x00000008,
    VMRead = 0x00000010,
    VMWrite = 0x00000020,
    DupHandle = 0x00000040,
    SetInformation = 0x00000200,
    QueryInformation = 0x00000400,
    Synchronize = 0x00100000
}
 
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
 
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
 
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
 
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);


复制代码
Reading from another processes Memory

复制代码
public static byte[] ReadMemory(Process process, int address, int numOfBytes, out int bytesRead)
{
    IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
 
    byte[] buffer = new byte[numOfBytes];
 
    ReadProcessMemory(hProc, new IntPtr(address), buffer, numOfBytes, out bytesRead);
    return buffer;
}

复制代码
Here is an example of a call to this function:

Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault();
int address = 0x02ED2910;

int bytesRead;
byte[] value = ReadMemory(process, address, 4, out bytesRead);
Writing to another processes memory

复制代码
public static bool WriteMemory(Process process, int address, long value, out int bytesWritten)
{
    IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
             
    byte[] val = BitConverter.GetBytes(value);
             
    bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32) val.LongLength, out bytesWritten);
 
    CloseHandle(hProc);
 
    return worked;
}
复制代码

Here is an example of a call to this function:

Process process = Process.GetProcessesByName("My Apps Name").FirstOrDefault();
int address = 0x02ED2910;

int bytesWritten;
bool worked = WriteMemory(process, address, value, out bytesWritten);

posted @   dewxin  阅读(21)  评论(0编辑  收藏  举报
相关博文:
· 《植物大战僵尸》 辅助编写5—— 编写wpf游戏辅助
· C# 进程间通过内存映射文件通信
· C# 写入内存
· .NET教程 - 进程 & 异步 & 并行 第三部分(Process & Asynchronous & Parallelization Part3)
· C#读取写入流
阅读排行:
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!
点击右上角即可分享
微信分享提示