C#读写进程内存
class MemoryHelper { [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, IntPtr lpNumberOfBytesRead ); [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess ( int dwDesiredAccess, bool bInheritHandle, int dwProcessId ); [DllImport("kernel32.dll")] private static extern void CloseHandle ( IntPtr hObject ); //写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, int[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten ); //获取窗体的进程标识ID public static int GetPid(string windowTitle) { int rs = 0; Process[] arrayProcess = Process.GetProcesses(); foreach (Process p in arrayProcess) { if (p.MainWindowTitle.IndexOf(windowTitle) != -1) { rs = p.Id; break; } } return rs; } //根据进程名获取PID public static int GetPidByProcessName(string processName) { Process[] arrayProcess = Process.GetProcessesByName(processName); foreach (Process p in arrayProcess) { return p.Id; } return 0; } //根据窗体标题查找窗口句柄(支持模糊匹配) public static IntPtr FindWindow(string title) { Process[] ps = Process.GetProcesses(); foreach (Process p in ps) { if (p.MainWindowTitle.IndexOf(title) != -1) { return p.MainWindowHandle; } } return IntPtr.Zero; } //读取内存中的值 public static int ReadMemoryValue(int baseAddress, string processName) { try { byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区 CloseHandle(hProcess); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } public static int ReadMemoryValue(int baseAddress, int processId) { try { byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false, processId); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区 CloseHandle(hProcess); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } public static string ReadStringMemoryValue(int baseAddress, int processId) { try { byte[] buffer = new byte[512]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false, processId); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 512, IntPtr.Zero); //将制定内存中的值读入缓冲区 CloseHandle(hProcess); string str=Marshal.PtrToStringAnsi(byteAddress); return str; } catch { return null; } } //将值写入指定内存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int value) { IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //0x1F0FFF 最高权限 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero); CloseHandle(hProcess); } }查看完整版本: C#读写进程内存
Tags: 进程内存
