如何用C遍历内存地址?
如何获得一个进程的起始地址,并遍历该进程所使用的内存地址?
[解决办法]
我是C的初学者,主要写C#的,这个是为了做字符串搜索时写的一个c的dll中的主要内容:
string g_result_addr;
HANDLE g_hProcess; //要搜索的进程句柄
MEMORY_BASIC_INFORMATION mbi_info;
DWORD CheckSearchStartPos(DWORD dwScanStart) //查找可访问的内存块的起始地址
{
if(dwScanStart >= 0x7FFF0000)
{
return -1;
}
VirtualQueryEx(g_hProcess,(LPCVOID)dwScanStart,&mbi_info,sizeof(mbi_info));
if(NULL == mbi_info.AllocationProtect)
{
return CheckSearchStartPos((DWORD)mbi_info.BaseAddress+mbi_info.RegionSize);
}
return dwScanStart;
}
DWORD ScanSig(DWORD dwStartAddr ,DWORD dwSize,TCHAR* dwVal) //在指定内存块查找指定字符串并保存字符串的地址
{
BYTE *bMemData = (PBYTE)malloc(dwSize);
DWORD ReadWriteRetn = 0;
DWORD dwCharLength=wcslen(dwVal)*2;
BOOL bReadSuccess = ReadProcessMemory(g_hProcess,(LPCVOID)dwStartAddr,bMemData,dwSize,&ReadWriteRetn);
if(bReadSuccess)
{
int i=0;
for(;i<(int)(dwSize-dwCharLength+1);i++)
{
if(!memcmp(bMemData+i,dwVal,dwCharLength))
{
//g_result_addr.push_back(dwStartAddr+i);
DWORD dwResult = dwStartAddr+i;
g_result_addr.append((char*)&dwResult,sizeof(DWORD));
}
}
if(bMemData)
{
free(bMemData);
bMemData=NULL;
}
return dwStartAddr+i;
}
return -1;
}
DWORD FindRegion(DWORD dwScanPosition,TCHAR* dwNumber)
{
if(g_hProcess == NULL)
{
return -1;
}
DWORD dwScanStart = CheckSearchStartPos(dwScanPosition);
//printf("%p\n",dwScanStart);
ScanSig(dwScanStart,mbi_info.RegionSize,dwNumber);
return (DWORD)mbi_info.BaseAddress+mbi_info.RegionSize;
}
DWORD* SearchMemory(TCHAR* dwSearchValue) 内存搜索
{
g_result_addr.clear();
DWORD dwRegionStart=0;
do{
dwRegionStart = FindRegion(dwRegionStart,dwSearchValue);
}while(dwRegionStart < 0x7FFF0000);
return (DWORD*)g_result_addr.c_str();
}
[解决办法]
MSDN98中的例子walker又名pwalk。完整列出指定进程的内存使用情况,显示进程地址空间内容,装载哪些DLL,代码、数据、堆栈段分配在何处,可以用来检测内存泄漏,监测内存使用。
http://download.csdn.net/detail/zhao4zhong1/3667896
