两个windows内核API函数的原型! NtReadVirtualMemory(); NtWriteVirtualMemory();

2018-8-10 12:42

237

C++

Ring0下是
NtReadVirtualMemory();
NtWriteVirtualMemory();
也可能可以是
ZwReadVirtualMemory();
ZwWriteVirtualMemory();

Ring3下是
ReadProcessMemory();
函数原型:
BOOL ReadProcessMemory(
HANDLE hProcess,              // handle to the process
LPCVOID lpBaseAddress,        // base of memory area
LPVOID lpBuffer,              // data buffer
SIZE_T nSize,                 // number of bytes to read
SIZE_T * lpNumberOfBytesRead  // number of bytes read
);

WriteProcessMemory();
函数原型:
BOOL WriteProcessMemory(
HANDLE hProcess,                // handle to process
LPVOID lpBaseAddress,           // base of memory area
LPCVOID lpBuffer,               // data buffer
SIZE_T nSize,                   // count of bytes to write
SIZE_T * lpNumberOfBytesWritten // count of bytes written
);

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Memory%20Management/Virtual%20Memory/NtQueryVirtualMemory.html

（文章今日已有 1 人访问，总访问量 17 ::>_<::）