/// <summary>
/// 读内存字节集
/// </summary>
/// <param name="ProcessID">进程ID,-1为自进程</param>
/// <param name="Address">地址 无符号整数型</param>
/// <param name="Size">读取长度 0为智能读取</param>
/// <returns>返回字节数组,失败返回空字节集</returns>
public static byte[] ReadMemByteArray(int ProcessID, uint Address, int Size)
{
//声明变量
int a, t_size = 0;
IntPtr handle = new IntPtr();
ReadWriteAPI.MemAttribute mematt = new ReadWriteAPI.MemAttribute();
t_size = Size;
if (ProcessID == -1) //-1读取自进程
{
handle = ProcessAPI.GetCurrentProcess();
}
else
{
handle = ProcessAPI.OpenProcess(ReadWriteAPI.PROCESS_ALL_ACCESS, false, ProcessID); //获取句柄
}
if (t_size == 0) //大小为0智能读取
{
ReadWriteAPI.VirtualQueryEx(handle, Address, mematt, 28);
t_size = mematt.Size + mematt.RegBaseAdd - (int)Address;
}
byte[] temp = new byte[t_size];
a = ReadWriteAPI.ReadProcessMemory(handle, Address, temp, t_size, 0);
ProcessAPI.CloseHandle(handle); //关闭对象
if (a != 0)
{
return(temp);
}
else
{
byte[] falsedata = new byte[1]; //失败返回空字节集
return(falsedata);
}
}
public static extern int VirtualQueryEx(IntPtr handle, uint address, ReadWriteAPI.MemAttribute info, int Length);
