hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, ProcessId)
然后就要結合上面的程序來搜索了���。只有當內存是處于被占用狀態時才去讀取其中的內容�,而忽略空閑狀態的內存�。程序我就不在這兒寫了��,和上面那段差不多�����。只是把dwTotalCommit = dwTotalCommit + mi.RegionSize換成了讀取內存以及搜索這一塊內存的函數而已。
3.用OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, ProcessId)打開查到PID值的進程. 此打開具備 讀取,寫入,查詢的權限
//C#讀取內存例子
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Management;
publicclass key
{
constuint PROCESS_ALL_ACCESS =0x001F0FFF;
constuint KEYEVENTF_EXTENDEDKEY =0x1;
constuint KEYEVENTF_KEYUP =0x2;
privatereadonlyint MOUSEEVENTF_LEFTDOWN =0x2;
privatereadonlyint MOUSEEVENTF_LEFTUP =0x4;
constuint KBC_KEY_CMD =0x64;
constuint KBC_KEY_DATA =0x60;
//得到窗體句柄的函數,FindWindow函數用來返回符合指定的類名( ClassName )和窗口名( WindowTitle )的窗口句柄
[DllImport("user32.dll", CharSet = CharSet.Auto)]
publicstaticextern IntPtr FindWindow(
string lpClassName, // pointer to class name
string lpWindowName // pointer to window name
);
[DllImport("user32.dll")]
privatestaticexternint GetWindowThreadProcessId(IntPtr id, int pid);
[DllImport("kernel32.dll")]
privatestaticexternvoid CloseHandle
(
uint hObject //Handle to object
);
//讀取進程內存的函數
[DllImport("kernel32.dll")]
staticexternbool ReadProcessMemory(uint hProcess, IntPtr lpBaseAddress,
IntPtr lpBuffer, uint nSize, refuint lpNumberOfBytesRead);
//得到目標進程句柄的函數
[DllImport("kernel32.dll")]
publicstaticexternuint OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
//鼠標事件聲明
[DllImport("user32.dll")]
staticexternbool setcursorpos(int x, int y);
[DllImport("user32.dll")]
staticexternvoid mouse_event(mouseeventflag flags, int dx, int dy, uint data, UIntPtr extrainfo);
//鍵盤事件聲明
[DllImport("user32.dll")]
staticexternbyte MapVirtualKey(byte wCode, int wMap);
[DllImport("user32.dll")]
staticexternshort GetKeyState(int nVirtKey);
[DllImport("user32.dll")]
staticexternvoid keybd_event(byte bVk, byte bScan, uint dwFlags, uint dwExtraInfo);
//鍵盤事件聲明winio
[DllImport("winio.dll")]
publicstaticexternbool InitializeWinIo();
[DllImport("winio.dll")]
publicstaticexternbool GetPortVal(IntPtr wPortAddr, outint pdwPortVal, byte bSize);
[DllImport("winio.dll")]
publicstaticexternbool SetPortVal(uint wPortAddr, IntPtr dwPortVal, byte bSize);
[DllImport("winio.dll")]
publicstaticexternbyte MapPhysToLin(byte pbPhysAddr, uint dwPhysSize, IntPtr PhysicalMemoryHandle);
[DllImport("winio.dll")]
publicstaticexternbool UnmapPhysicalMemory(IntPtr PhysicalMemoryHandle, byte pbLinAddr);
[DllImport("winio.dll")]
publicstaticexternbool GetPhysLong(IntPtr pbPhysAddr, byte pdwPhysVal);
[DllImport("winio.dll")]
publicstaticexternbool SetPhysLong(IntPtr pbPhysAddr, byte dwPhysVal);
[DllImport("winio.dll")]
publicstaticexternvoid ShutdownWinIo();
///<summary>
/// 獲取進程pid
///</summary>
///<param name="name"></param>
///<returns></returns>
privateint pid(String name)
{
try
{
ObjectQuery oQuery =new ObjectQuery("select * from Win32_Process where Name='"+ name +"'");
ManagementObjectSearcher oSearcher =new ManagementObjectSearcher(oQuery);
ManagementObjectCollection oReturnCollection = oSearcher.Get();
string pid ="";
string cmdLine;
StringBuilder sb =new StringBuilder();
foreach (ManagementObject oReturn in oReturnCollection)
{
pid = oReturn.GetPropertyValue("ProcessId").ToString();
//cmdLine = (string)oReturn.GetPropertyvalue("CommandLine");
//string pattern = "-ap /"(.*)/"";
//Regex regex = new Regex(pattern, RegexOptions.IgnoreCase);
// Match match = regex.Match(cmdLine);
//string appPoolName = match.Groups[1].ToString();
//sb.AppendFormat("W3WP.exe PID: {0} AppPoolId:{1}/r/n", pid, appPoolName);
}
return Convert.ToInt32(pid);
}
catch (Exception ss)
{ return0; }
}
privateint pid(IntPtr id)
{
int pid =0;
pid = GetWindowThreadProcessId(id, pid);
return260;
}
///<summary>
/// 讀取內存值
///</summary>
///<param name="name">進程id</param>
///<param name="dizhi">讀取的內存地址</param>
///<returns></returns>
//public String getread(String QEC,String EC, IntPtr dizhi, uint size)
//{
// Byte bt = new Byte();
// IntPtr id=FindWindow(QEC, EC);
// uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid(id));
// IntPtr fanhui = new IntPtr();
// String gg = null;
// if (hProcess == 0)
// {
//// gg = ReadProcessMemory(hProcess, dizhi, fanhui, size, 0);
//// CloseHandle(hProcess);
// }
// return gg;
//}
public String getread(String jincheng, String EC, IntPtr dizhi, uint size)
{
byte[] vBuffer =newbyte[4];
IntPtr vBytesAddress = Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0); // 得到緩沖區的地址
uint vNumberOfBytesRead =0;
Byte bt =new Byte();
//IntPtr id = FindWindow(QEC, EC);
uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid(jincheng));
//pid(0);
IntPtr fanhui =new IntPtr();
String gg =null;
//if (hProcess == 0)
//{
if (ReadProcessMemory(hProcess, dizhi, vBytesAddress, (uint)vBuffer.Length, ref hProcess))
{
CloseHandle(hProcess);
}
else
{
CloseHandle(hProcess);
}
// }
int vInt = Marshal.ReadInt32(vBytesAddress);
return vInt.ToString();
}
///<summary>
/// 獲取鍵盤狀態
///</summary>
///<param name="Key"></param>
///<returns></returns>
publicbool GetState(VirtualKeys Key)
{
return (GetKeyState((int)Key) ==1);
}
///<summary>
/// 發送鍵盤事件
///</summary>
///<returns></returns>
publicvoid Send(VirtualKeys Key, bool State)
{
if (State != GetState(Key))
{
byte a = MapVirtualKey((byte)Key, 0);
keybd_event((byte)Key, MapVirtualKey((byte)Key, 0), 0, 0);
System.Threading.Thread.Sleep(1000);
keybd_event((byte)Key, MapVirtualKey((byte)Key, 0), KEYEVENTF_KEYUP, 0);
}
}
///<summary>
/// 初始化winio
///</summary>
publicvoid sendwinio()
{
if (InitializeWinIo())
{
KBCWait4IBE();
}
}
privatevoid KBCWait4IBE() //等待鍵盤緩沖區為空
{
//int[] dwVal = new int[] { 0 };
int dwVal =0;
do
{
//這句表示從&H64端口讀取一個字節并把讀出的數據放到變量dwVal中
//GetPortVal函數的用法是GetPortVal 端口號,存放讀出數據的變量,讀入的長度
bool flag = GetPortVal((IntPtr)0x64, out dwVal, 1);
}
while ((dwVal &0x2) >0);
}
///<summary>
/// 模擬鍵盤標按下
///</summary>
///<param name="vKeyCoad"></param>
publicvoid MykeyDown(int vKeyCoad)
{
int btScancode =0;
btScancode = MapVirtualKey((byte)vKeyCoad, 0);
// btScancode = vKeyCoad;
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1);// '發送鍵盤寫入命令
//SetPortVal函數用于向端口寫入數據��,它的用法是SetPortVal 端口號,欲寫入的數據��,寫入數據的長度
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)0xe2, 1);// '寫入按鍵信息,按下鍵
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1);// '發送鍵盤寫入命令
//SetPortVal函數用于向端口寫入數據���,它的用法是SetPortVal 端口號,欲寫入的數據,寫入數據的長度
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)btScancode, 1);// '寫入按鍵信息,按下鍵
}
///<summary>
/// 模擬鍵盤彈出
///</summary>
///<param name="vKeyCoad"></param>
publicvoid MykeyUp(int vKeyCoad)
{
int btScancode =0;
btScancode = MapVirtualKey((byte)vKeyCoad, 0);
//btScancode = vKeyCoad;
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1); //'發送鍵盤寫入命令
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)0xe0, 1);// '寫入按鍵信息,釋放鍵
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1); //'發送鍵盤寫入命令
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)btScancode, 1);// '寫入按鍵信息�����,釋放鍵
}
///<summary>
/// 模擬鼠標按下
///</summary>
///<param name="vKeyCoad"></param>
publicvoid MyMouseDown(int vKeyCoad)
{
int btScancode =0;
btScancode = MapVirtualKey((byte)vKeyCoad, 0);
//btScancode = vKeyCoad;
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD3, 1);// '發送鍵盤寫入命令
//SetPortVal函數用于向端口寫入數據�����,它的用法是SetPortVal 端口號,欲寫入的數據��,寫入數據的長度
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode |0x80), 1);// '寫入按鍵信息,按下鍵
}
///<summary>
/// 模擬鼠標彈出
///</summary>
///<param name="vKeyCoad"></param>
publicvoid MyMouseUp(int vKeyCoad)
{
int btScancode =0;
btScancode = MapVirtualKey((byte)vKeyCoad, 0);
// btScancode = vKeyCoad;
KBCWait4IBE(); // '發送數據前應該先等待鍵盤緩沖區為空
SetPortVal(KBC_KEY_CMD, (IntPtr)0xD3, 1); //'發送鍵盤寫入命令
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode |0x80), 1);// '寫入按鍵信息,釋放鍵
}
///<summary>
/// 發送鼠標事件
///</summary>
///<returns></returns>
publicvoid SendMouse()
{
}
///<summary>
/// 鼠標動作枚舉
///</summary>
publicenum mouseeventflag : uint
{
move =0x0001,
leftdown =0x0002,
leftup =0x0004,
rightdown =0x0008,
rightup =0x0010,
middledown =0x0020,
middleup =0x0040,
xdown =0x0080,
xup =0x0100,
wheel =0x0800,
virtualdesk =0x4000,
absolute =0x8000
}
///<summary>
/// 鍵盤動作枚舉
///</summary>
publicenum VirtualKeys : byte
{
//VK_NUMLOCK = 0x90, //數字鎖定鍵
//VK_SCROLL = 0x91, //滾動鎖定
//VK_CAPITAL = 0x14, //大小寫鎖定
//VK_A = 62, //鍵盤A
VK_LBUTTON =1, //鼠標左鍵
VK_RBUTTON =2, //鼠標右鍵
VK_CANCEL =3, //Ctrl+Break(通常不需要處理)
VK_MBUTTON =4, //鼠標中鍵
VK_BACK =8, //Backspace
VK_TAB =9, //Tab
VK_CLEAR =12, //Num Lock關閉時的數字鍵盤5
VK_RETURN =13, //Enter(或者另一個)
VK_SHIFT =16, //Shift(或者另一個)
VK_CONTROL =17, //Ctrl(或者另一個)
VK_MENU =18, //Alt(或者另一個)
VK_PAUSE =19, //Pause
VK_CAPITAL =20, //Caps Lock
VK_ESCAPE =27, //Esc
VK_SPACE =32, //Spacebar
VK_PRIOR =33, //Page Up
VK_NEXT =34, //Page Down
VK_END =35, //End
VK_HOME =36, //Home
VK_LEFT =37, //左箭頭
VK_UP =38, //上箭頭
VK_RIGHT =39, //右箭頭
VK_DOWN =40, //下箭頭
VK_SELECT =41, //可選
VK_PRINT =42, //可選
VK_EXECUTE =43, //可選
VK_SNAPSHOT =44, //Print Screen
VK_INSERT =45, //Insert
VK_DELETE =46, //Delete
VK_HELP =47, //可選
VK_NUM0 =48, //0
VK_NUM1 =49, //1
VK_NUM2 =50, //2
VK_NUM3 =51, //3
VK_NUM4 =52, //4
VK_NUM5 =53, //5
VK_NUM6 =54, //6
VK_NUM7 =55, //7
VK_NUM8 =56, //8
VK_NUM9 =57, //9
VK_A =65, //A
VK_B =66, //B
VK_C =67, //C
VK_D =68, //D
VK_E =69, //E
VK_F =70, //F
VK_G =71, //G
VK_H =72, //H
VK_I =73, //I
VK_J =74, //J
VK_K =75, //K
VK_L =76, //L
VK_M =77, //M
VK_N =78, //N
VK_O =79, //O
VK_P =80, //P
VK_Q =81, //Q
VK_R =82, //R
VK_S =83, //S
VK_T =84, //T
VK_U =85, //U
VK_V =86, //V
VK_W =87, //W
VK_X =88, //X
VK_Y =89, //Y
VK_Z =90, //Z
VK_NUMPAD0 =96, //0
VK_NUMPAD1 =97, //1
VK_NUMPAD2 =98, //2
VK_NUMPAD3 =99, //3
VK_NUMPAD4 =100, //4
VK_NUMPAD5 =101, //5
VK_NUMPAD6 =102, //6
VK_NUMPAD7 =103, //7
VK_NUMPAD8 =104, //8
VK_NUMPAD9 =105, //9
VK_NULTIPLY =106, //數字鍵盤上的*
VK_ADD =107, //數字鍵盤上的+
VK_SEPARATOR =108, //可選
VK_SUBTRACT =109, //數字鍵盤上的-
VK_DECIMAL =110, //數字鍵盤上的.
VK_DIVIDE =111, //數字鍵盤上的/
VK_F1 =112,
VK_F2 =113,
VK_F3 =114,
VK_F4 =115,
VK_F5 =116,
VK_F6 =117,
VK_F7 =118,
VK_F8 =119,
VK_F9 =120,
VK_F10 =121,
VK_F11 =122,
VK_F12 =123,
VK_NUMLOCK =144, //Num Lock
VK_SCROLL =145 // Scroll Lock
}
}
