public static bool ListMemory(FMemoryInfos memories, int processId) { memories.Clear(); // List modules FModuleInfoCollection modules = RModule.ListProcess(processId); // List memory uint address = 0; SMemoryBasicInformation mbi = new SMemoryBasicInformation(); int size = Marshal.SizeOf(mbi); IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId); if (!RApi.IsValidHandle(process)) { return(false); } while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0) { FMemoryInfo memory = new FMemoryInfo(); memory.AllocationBase = mbi.AllocationBase; memory.AllocationProtect = mbi.AllocationProtect; memory.BaseAddress = mbi.BaseAddress; memory.Protect = mbi.Protect; memory.RegionSize = mbi.RegionSize; memory.State = mbi.State; memory.Type = mbi.Type; memory.Module = modules.FindByAddress(mbi.AllocationBase); memories.Push(memory); address = mbi.BaseAddress + mbi.RegionSize; } ; RKernel32.CloseHandle(process); return(true); }
public void Open(int id, EProcessAccess access) { _id = id; _handle = RKernel32.OpenProcess(access, false, _id); if (_handle == IntPtr.Zero) { throw new FFatalException("Open process error. (id={0})", _id); } }