求两个windows内核API函数的原型! NtReadVirtualMemory(); NtWriteVirtualMemory();

ComeThat 2013-06-02 07:19:05

Ring0下是
NtReadVirtualMemory();
NtWriteVirtualMemory();
也可能可以是
ZwReadVirtualMemory();
ZwWriteVirtualMemory();

Ring3下是
ReadProcessMemory();
函数原型:
BOOL ReadProcessMemory(
HANDLE hProcess, // handle to the process
LPCVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
SIZE_T nSize, // number of bytes to read
SIZE_T * lpNumberOfBytesRead // number of bytes read
);

WriteProcessMemory();
函数原型:
BOOL WriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPCVOID lpBuffer, // data buffer
SIZE_T nSize, // count of bytes to write
SIZE_T * lpNumberOfBytesWritten // count of bytes written
);

...全文

1684 5 打赏收藏转发到动态举报

写回复

用AI写文章

5 条回复

切换为时间正序

请发表友善的回复…

发表回复

ComeThat 2013-06-08

打赏
举报

谢谢楼上的2位!!!

赵4老师 2013-06-07

打赏
举报

Undocumented functions of NTDLL.CHM 来自网站http://undocumented.ntinternals.net/ 添加了全文搜索功能 http://download.csdn.net/detail/zhao4zhong1/3404904

luciferisnotsatan 2013-06-07

打赏
举报

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Memory%20Management/Virtual%20Memory/NtQueryVirtualMemory.html

ComeThat 2013-06-07

打赏
举报

引用 1 楼 zhao4zhong1 的回复:

NtReadVirtualMemory NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesReaded OPTIONAL ); NtReadVirtualMemory is similar to API ReadProcessMemory, described in MS SDK. Documented by: Tomasz Nowak Reactos Requirements: Library: ntdll.lib See also: NtAllocateVirtualMemory NtLockVirtualMemory NtQueryVirtualMemory NtWriteVirtualMemory －－－－－－－－－－－－－－－－－－－－－－－－－－－－－ NtWriteVirtualMemory NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG NumberOfBytesToWrite, OUT PULONG NumberOfBytesWritten OPTIONAL ); NtWriteVirtualMemory is similar to WINAPI WriteProcessMemory. See Ms SDK for detailed description of parameters. Documented by: Tomasz Nowak Reactos Requirements: Library: ntdll.lib See also: NtAllocateVirtualMemory NtLockVirtualMemory NtQueryVirtualMemory NtReadVirtualMemory

哥们,你这个在哪个网址查的??? 是不是ntdll.h 头文件里面查的?

赵4老师 2013-06-03

打赏
举报

NtReadVirtualMemory NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesReaded OPTIONAL ); NtReadVirtualMemory is similar to API ReadProcessMemory, described in MS SDK. Documented by: Tomasz Nowak Reactos Requirements: Library: ntdll.lib See also: NtAllocateVirtualMemory NtLockVirtualMemory NtQueryVirtualMemory NtWriteVirtualMemory －－－－－－－－－－－－－－－－－－－－－－－－－－－－－ NtWriteVirtualMemory NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG NumberOfBytesToWrite, OUT PULONG NumberOfBytesWritten OPTIONAL ); NtWriteVirtualMemory is similar to WINAPI WriteProcessMemory. See Ms SDK for detailed description of parameters. Documented by: Tomasz Nowak Reactos Requirements: Library: ntdll.lib See also: NtAllocateVirtualMemory NtLockVirtualMemory NtQueryVirtualMemory NtReadVirtualMemory