标签：

#include <windows.h> //OpenProcess需要提权,因为代码常用抠出来的所有没有提权. BOOL iteratorMemory(DWORD dwPid) { if (dwPid == 0 || dwPid == 4) return FALSE; HANDLE hProcess = 0; DWORD dwTempSize = 0; hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid); if (!hProcess) { return FALSE; } PMEMORY_BASIC_INFORMATION pMemInfo = new MEMORY_BASIC_INFORMATION(); DWORD dwErrorCode; dwErrorCode = VirtualQueryEx(hProcess, 0, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if (0 == dwErrorCode) { return FALSE; } // pMeminfo->Regionsize 代表当前遍历出的内存大小 for (__int64 i = pMemInfo->RegionSize; i < (i + pMemInfo->RegionSize); i += pMemInfo->RegionSize) { dwErrorCode = VirtualQueryEx(hProcess, (LPVOID)i, pMemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if (0 == dwErrorCode) break; if (pMemInfo->State != MEM_COMMIT) //判断提交状态 continue; if (pMemInfo->Protect != PAGE_READWRITE) //判断内存属性 { continue; } if (pMemInfo->Type != MEM_PRIVATE) //判断类型 映射 私有 xxx { continue; } continue; } return FALSE; }

原理:
原理主要是 使用
** VirtualQueryEx ** 函数. 函数遍历之后会将内存信息反馈到一个Buf中.这个Buf是个结构体
** PMEMORY_BASIC_INFORMATION **

windows-遍历另一进程内存根据进程PID

标签：

原文地址：https://www.cnblogs.com/iBinary/p/12095933.html

，