WINAPI VirtualQueryEx-无效句柄

问题描述 投票:3回答:1

我正在尝试使用Visual Studio 2012使用VirtualQueryEx读取32位进程的某些内存页。

但是,当我运行程序时,出现VirtualQueryEx错误6:无效的句柄。但是,句柄本身[hProcess]没有错误,我正在传递适当的参数。可能是什么?

#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <stdio.h>

//  Forward declarations:
BOOL GetProcessList( );
BOOL ListProcessModules( DWORD dwPID );
BOOL ListProcessThreads( DWORD dwOwnerPID );
void printError( TCHAR* msg );

int main( void )
{
  GetProcessList( );
   system("pause");

  return 0;
}

BOOL GetProcessList( )
{
  HANDLE hProcessSnap;
  HANDLE hProcess;
  PROCESSENTRY32 pe32;
  DWORD dwPriorityClass;

  // Take a snapshot of all processes in the system.
  hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
  if( hProcessSnap == INVALID_HANDLE_VALUE )
  {
    printError( TEXT("CreateToolhelp32Snapshot (of processes)") );
    return( FALSE );
  }

  // Set the size of the structure before using it.
  pe32.dwSize = sizeof( PROCESSENTRY32 );

  // Retrieve information about the first process,
  // and exit if unsuccessful
  if( !Process32First( hProcessSnap, &pe32 ) )
  {
    printError( TEXT("Process32First") ); // show cause of failure
    CloseHandle( hProcessSnap );          // clean the snapshot object
    return( FALSE );
  }

  // Now walk the snapshot of processes, and
  // display information about each process in turn
  do
  {
    //If the process name equals foo_process.exe
if (!_tcscmp(pe32.szExeFile, _T("foo_process.exe"))) 
{

    hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, false, pe32.th32ProcessID );
    if( hProcess == NULL )
      printError( TEXT("OpenProcess") );

    unsigned char *addr = NULL;
    MEMORY_BASIC_INFORMATION meminfo;

    if (VirtualQueryEx(hProcess, addr, &meminfo, sizeof(meminfo)) == 0){
         printError( TEXT("VirtualQueryEx") );
         //return FALSE;
    }

}
  } while( Process32Next( hProcessSnap, &pe32 ) );

  CloseHandle( hProcessSnap );

  return( TRUE );
}

void printError( TCHAR* msg )
{
 ...
}

编辑:句柄具有价值:enter image description here

编辑2:更多信息:

  • Windows 7 64位平台。

  • Visual Studio 2012(32位调试器)已运行以管理员身份

  • 处理为* 32(32bit)
c++ winapi visual-studio-2012
1个回答
0
投票

unsigned char * addr = NULL;

您要VirtualQueryEx查询无效的地址0,从而导致失败。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.