public static byte[] Copy(uint processId, IntPtr processHandle, IntPtr moduleHandle, bool is64) { ulong imageSize; byte[] buffer; imageSize = GetImageSize(processHandle, moduleHandle, is64); buffer = new byte[imageSize]; using (NativeProcess process = NativeProcess.Open(processId)) foreach (PageInfo pageInfo in process.GetPageInfos(moduleHandle, (IntPtr)((ulong)moduleHandle + imageSize))) { int startOffset; int endOffset; startOffset = (int)((ulong)pageInfo.Address - (ulong)moduleHandle); //以p为起点,远程进程中页面起点映射到buffer中的偏移 endOffset = startOffset + (int)pageInfo.Size; //以p为起点,远程进程中页面终点映射到buffer中的偏移 fixed(byte *p = buffer) { if (startOffset < 0) { //页面前半部分超出buffer ReadProcessMemory(processHandle, moduleHandle, p, (size_t)((ulong)pageInfo.Size - ((ulong)moduleHandle - (ulong)pageInfo.Address)), null); } else { if (endOffset <= buffer.Length) { //整个页面都可以存入buffer ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size, null); } else { //页面后半部分/全部超出buffer ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size - (endOffset - buffer.Length), null); break; } } } } return(buffer); }