- 公开视频 -> 链接点击跳转公开课程
- 博客首页 -> 链接点击跳转博客主页
目录
VirtualAlloc - VirtualFree
VirtualAllocEx - VirtualFreeEx
VirtualLock(Ex) - VirtualUnlock(Ex)
VirtualQuery(Ex)
Process Memory Information
VirtualProtect(Ex)
Heap - GetProcessHeap - HeapCreate - HeapAlloc - HeapReAlloc - HeapFree - HeapDestroy
Heap - HeapSize - GetProcessHeaps
Heap - Heap32ListFirst - Heap32First
VirtualAlloc - VirtualFree
#include <iostream>
#include <windows.h>
int main()
{
//C
int* p1 = (int*)malloc(sizeof(int));
if (p1 != NULL)
{
std::cout << *p1 << std::endl;
memset(p1, 0, sizeof(int));
std::cout << *p1 << std::endl;
*p1 = 0x12345678;
std::cout << *p1 << std::endl;
free(p1);
p1 = nullptr;
}
//CPP
int* p2 = new int(0xCC);
if (p2 != NULL)
{
std::cout << *p2 << std::endl;
memset(p2, 0, sizeof(int));
std::cout << *p2 << std::endl;
*p2 = 0x12345678;
std::cout << *p2 << std::endl;
delete p2;
p1 = nullptr;
}
//WIN32
LPVOID lpBuffer = VirtualAlloc(/*(LPVOID)0x800000*/NULL, 0xFF, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpBuffer != NULL)
{
memset(lpBuffer, 0xCC, 0xFF);
BOOL bRet = VirtualFree(lpBuffer, 0, MEM_RELEASE);
}
//跨进程内存管理
VirtualAllocEx;
VirtualFreeEx;
return 0;
}
VirtualAllocEx - VirtualFreeEx
#include <iostream>
#include <Windows.h>
int main()
{
DWORD dwPid = 65772;
HANDLE hProcess = 0;
LPVOID lpBase = 0;
DWORD dwWriteData = 0;
DWORD dwWriteLeng = 0;
DWORD dwReadData = 0;
DWORD dwReadLeng = 0;
//打开进程
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if (NULL == hProcess) return 0;
//申请内存
lpBase = VirtualAllocEx(hProcess, NULL, 0xFF, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpBase == NULL) return 0;
//操作内存
for (size_t i = 0; i < 0xFF; i++)
{
CHAR szBuffer = i;
WriteProcessMemory(hProcess, (PUCHAR)lpBase + i, &szBuffer, sizeof(CHAR), &dwWriteLeng);
}
ReadProcessMemory(hProcess, (LPVOID)0x400000, &dwReadData, sizeof(DWORD), &dwReadLeng);
//释放资源
VirtualFreeEx(hProcess, lpBase, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0;
}
VirtualLock(Ex) - VirtualUnlock(Ex)
#include <iostream>
#include <Windows.h>
int main()
{
//申请内存
LPVOID lpBuffer = VirtualAlloc(NULL, 0xFF,MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpBuffer == NULL) return 0;
//锁定页面
VirtualLock(lpBuffer, 0xFF);
//快速交互
//解锁页面
VirtualUnlock(lpBuffer, 0xFF);
//释放内存
VirtualFree(lpBuffer, 0, MEM_RELEASE);
return 0;
}
VirtualQuery(Ex)
#include <iostream>
#include <Windows.h>
int main()
{
LPVOID lpBuffer = VirtualAlloc(NULL, 4097, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpBuffer != NULL)
{
MEMORY_BASIC_INFORMATION mbi = { 0 };
if (VirtualQuery((LPVOID)0x400000, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) != 0)
{
return 0;
}
VirtualFree(lpBuffer, 0, MEM_RELEASE);
}
return 0;
}
Process Memory Information
#include <iostream>
#include <string>
#include <Windows.h>
std::string StateToStr(DWORD State)
{
switch (State){
case MEM_COMMIT : return "MEM_COMMIT";
case MEM_FREE : return "MEM_FREE";
case MEM_RESERVE: return "MEM_RESERVE";
default : return "UNKONW_STATE";
}
}
std::string ProtectToStr(DWORD Protect)
{
switch (Protect) {
case PAGE_READONLY : return "PAGE_READONLY";
case PAGE_READWRITE : return "PAGE_READWRITE";
case PAGE_EXECUTE : return "PAGE_EXECUTE";
case PAGE_EXECUTE_READ : return "PAGE_EXECUTE_READ";
case PAGE_EXECUTE_READWRITE : return "PAGE_EXECUTE_READWRITE";
case PAGE_NOACCESS : return "PAGE_NOACCESS";
default : return "UNKNOWN_PROTECT";
}
}
std::string TypeToStr(DWORD Type)
{
switch (Type) {
case MEM_IMAGE : return "MEM_IMAGE";
case MEM_MAPPED : return "MEM_MAPPED";
case MEM_PRIVATE : return "MEM_PRIVATE";
default : return "UNKNOWN_TYPE";
}
}
int main()
{
// 进程标识
DWORD dwPid = 0;
std::cout << "please input processid ";
std::cin >> dwPid;
// 打开进程
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if (hProcess == NULL)
{
std::cout << "OpenProcess Failed" << std::endl;
return 0;
}
// 内存信息
LPVOID lpBaseAddr = 0;
MEMORY_BASIC_INFORMATION mbi;
RtlZeroMemory(&mbi, sizeof(MEMORY_BASIC_INFORMATION));
while (VirtualQueryEx(hProcess, lpBaseAddr, &mbi, sizeof(MEMORY_BASIC_INFORMATION)))
{
printf("==============================\r\n");
printf("BaseAddress 0x%08x\r\n", mbi.BaseAddress);
printf("AllocationBase 0x%08x\r\n", mbi.AllocationBase);
printf("AllocationProtect %s\r\n", ProtectToStr(mbi.AllocationProtect).c_str());
printf("RegionSize 0x%08x\r\n", mbi.RegionSize);
printf("State %s\r\n", StateToStr(mbi.State).c_str());
printf("Protect %s\r\n", ProtectToStr(mbi.Protect).c_str());
printf("Type %s\r\n", TypeToStr(mbi.Type).c_str());
lpBaseAddr = (PUCHAR)mbi.BaseAddress + mbi.RegionSize;
}
return 0;
}
VirtualProtect(Ex)
#include <iostream>
#include <Windows.h>
int main()
{
// 页面大小
SYSTEM_INFO si = { 0 };
GetSystemInfo(&si);
// 申请内存
LPVOID lpBuffer = VirtualAlloc(NULL, si.dwPageSize, MEM_COMMIT, PAGE_READONLY);
if (lpBuffer == NULL) return 1;
// 修改属性
DWORD dwOldProtect = 0;
if (VirtualProtect(lpBuffer, si.dwPageSize, PAGE_READWRITE, &dwOldProtect) == NULL) return 1;
// 数据写入
memset(lpBuffer, 0xCC, si.dwPageSize);
// 内存查询
MEMORY_BASIC_INFORMATION mbi = { 0 };
VirtualQuery(lpBuffer, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
// 属性恢复
if (VirtualProtect(lpBuffer, si.dwPageSize, dwOldProtect, &dwOldProtect) == NULL) return 1;
// 释放资源
VirtualFree(lpBuffer, 0, MEM_RELEASE);
return 0;
}
Heap - GetProcessHeap - HeapCreate - HeapAlloc - HeapReAlloc - HeapFree - HeapDestroy
#include <iostream>
#include <Windows.h>
int main()
{
// 进程默认堆
HANDLE hHeap1 = GetProcessHeap();
LPVOID lpBuffer1 = HeapAlloc(hHeap1, HEAP_ZERO_MEMORY, 4);
if(lpBuffer1 == NULL) return 1;
// 创建进程堆
HANDLE hHeap2 = HeapCreate(0, 0x1000, 0x10000);
if (hHeap2 == NULL) return 1;
// 申请堆内存
LPVOID lpBuffer2 = HeapAlloc(hHeap2, HEAP_ZERO_MEMORY, 16);
if (lpBuffer2 == NULL)
{
HeapDestroy(hHeap2);
return 1;
}
memset(lpBuffer2, 0xCC, 16);
// 扩大堆内存
LPVOID lpBuffer3 = HeapReAlloc(hHeap2, 0, lpBuffer2, 32);
if (lpBuffer3 == NULL)
{
HeapFree(hHeap2, 0, lpBuffer2);
HeapDestroy(hHeap2);
return 1;
}
memset(lpBuffer3, 0xCC, 32);
// 释放堆内存
HeapFree(hHeap2, 0, lpBuffer2);
// 释放堆句柄
HeapDestroy(hHeap2);
return 0;
}
Heap - HeapSize - GetProcessHeaps
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
int main()
{
// 进程默认堆
HANDLE hHeap = GetProcessHeap();
if (hHeap == NULL) return 1;
// 申请堆内存
LPVOID lpBuffer1 = HeapAlloc(hHeap, 0, 16);
LPVOID lpBuffer2 = HeapAlloc(hHeap, 0, 32);
// 内存块大小
std::cout << HeapSize(hHeap, 0, lpBuffer1) << std::endl;
std::cout << HeapSize(hHeap, 0, lpBuffer2) << std::endl;
// 释放堆资源
HeapFree(hHeap, 0, lpBuffer1);
HeapFree(hHeap, 0, lpBuffer2);
// 创建进程堆
HeapCreate(0, 0x1000, 0x10000);
// 进程堆数量
DWORD dwHeapCount = GetProcessHeaps(0, NULL);
if (dwHeapCount == NULL) return 1;
PHANDLE pHeaps = new HANDLE[dwHeapCount];
dwHeapCount = GetProcessHeaps(dwHeapCount, pHeaps);
if (dwHeapCount == NULL) return 1;
// 输出堆信息
for (size_t i = 0; i < dwHeapCount; i++)
{
std::cout << pHeaps[i] << std::endl;
}
delete[] pHeaps;
CreateToolhelp32Snapshot;
HEAPENTRY32;
Heap32First;
Heap32Next;
return 0;
}
Heap - Heap32ListFirst - Heap32First
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
int main()
{
// 创建堆的数据
HANDLE hHeap = HeapCreate(0, 0x1000, 0x10000);
// 获取进程标识
DWORD dwPid = GetCurrentProcessId();
// 创建内存快照
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPHEAPLIST, dwPid);
if (hSnap == INVALID_HANDLE_VALUE) return EXIT_FAILURE;
// 结构描述信息
HEAPLIST32 hl = { 0 };
hl.dwSize = sizeof(HEAPLIST32);
HEAPENTRY32 he = { 0 };
he.dwSize = sizeof(HEAPENTRY32);
// 遍历堆的列表
if (Heap32ListFirst(hSnap, &hl))
{
do
{
printf("========\r\n");
//遍历块的数据
if (Heap32First(&he, dwPid, hl.th32HeapID))
{
do
{
std::cout << he.dwAddress << "\t" << he.dwBlockSize << std::endl;
} while (Heap32Next(&he));
}
} while (Heap32ListNext(hSnap, &hl));
}
return EXIT_SUCCESS;
}