public static byte[] Copy(uint processId, IntPtr processHandle, IntPtr moduleHandle, bool is64)
{
ulong imageSize;
byte[] buffer;
imageSize = GetImageSize(processHandle, moduleHandle, is64);
buffer = new byte[imageSize];
using (NativeProcess process = NativeProcess.Open(processId))
foreach (PageInfo pageInfo in process.GetPageInfos(moduleHandle, (IntPtr)((ulong)moduleHandle + imageSize)))
{
int startOffset;
int endOffset;
startOffset = (int)((ulong)pageInfo.Address - (ulong)moduleHandle);
//以p为起点,远程进程中页面起点映射到buffer中的偏移
endOffset = startOffset + (int)pageInfo.Size;
//以p为起点,远程进程中页面终点映射到buffer中的偏移
fixed(byte *p = buffer)
{
if (startOffset < 0)
{
//页面前半部分超出buffer
ReadProcessMemory(processHandle, moduleHandle, p, (size_t)((ulong)pageInfo.Size - ((ulong)moduleHandle - (ulong)pageInfo.Address)), null);
}
else
{
if (endOffset <= buffer.Length)
{
//整个页面都可以存入buffer
ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size, null);
}
else
{
//页面后半部分/全部超出buffer
ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size - (endOffset - buffer.Length), null);
break;
}
}
}
}
return(buffer);
}
