ProcessID:=FProcessEntry32.th32ProcessID; s:=''; break; end; Ret:=Process32Next(FSnapshotHandle,FProcessEntry32); end; //循环枚举出系统开启的所有进程,找出“Kernel32.dll” CloseHandle(FSnapshotHandle); Memo1.Lines.Clear ; memo1.lines.add('Process ID '+IntToHex( FProcessEntry32.th32ProcessID,8)); memo1.lines.Add('File name '+FProcessEntry32.szExeFile); ////输出进程的一些信息 nSize:=4; lpBuffer:=AllocMem(nSize); ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID); memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8)); for i:=$00000001 to $0010006f do begin ReadProcessMemory( ProcessHndle, Pointer(i), lpBuffer, nSize, lpNumberOfBytesRead ); s:=s+intTohex(lpBuffer^,2)+' '; //读取内容 if (i mod 16) =0 then begin Memo1.Lines.Add(s); s:=''; end;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“Kernel32.dll”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(
FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name '+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
for i:=$00000001 to $0010006f do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+' ';
//读取内容
if (i mod 16) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
ReadProcessMemory
http://www.csdn.net/develop/Read_Article.asp?Id=10777