Java JNA 使用 kernal32 VirtualQueryEx returns 零(无成功错误代码)
Java JNA using kernal32 VirtualQueryEx returns zero (no success error code)
我正在尝试使用 kernal32.dll windows API 函数中的 VirtualQueryEx。
我在调用此函数之前得到的所有 pointers/addresses 都是正确的。
调用VirtualQueryEx returns 0 表示没有成功
还有 GetLastError() returns 错误代码 5,表示访问被拒绝 ):
请问我做错了什么?
- Windows8、管理员权限。
JNA 映射:
public class Test
{
static Kernel32 kernel32 = (Kernel32) Native.loadLibrary("kernel32", Kernel32.class);
static User32 user32 = (User32) Native.loadLibrary("user32" , User32.class);
public static void main(String[] args)
{
int pid = getProcessId("someWindowName"); // get our process ID
Pointer readprocess = kernel32.OpenProcess(0x0010, false,pid); // open the process ID with read priviledges.
MEMORY_BASIC_INFORMATION l = new MEMORY_BASIC_INFORMATION();
SYSTEM_INFO info = new SYSTEM_INFO();
kernel32.GetSystemInfo(info);
System.out.println(kernel32.VirtualQueryEx(readprocess, info.lpMinimumApplicationAddress, l, l.size()));
System.out.println(kernel32.GetLastError());
}
public static int getProcessId(String window)
{
IntByReference pid = new IntByReference(0);
user32.GetWindowThreadProcessId(user32.FindWindowA(null,window), pid);
return pid.getValue();
}
public static Pointer openProcess(int permissions, int pid)
{
Pointer process = kernel32.OpenProcess(permissions,true, pid);
return process;
}
public static Memory readMemory(Pointer process, int address, int bytesToRead)
{
IntByReference read = new IntByReference(0);
Memory output = new Memory(bytesToRead);
kernel32.ReadProcessMemory(process, address, output, bytesToRead, read);
return output;
}
}
kernal32 内部
int VirtualQueryEx(Pointer readprocess, Pointer lpMinimumApplicationAddress,MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
memory_basic 结构:
public class MEMORY_BASIC_INFORMATION extends Structure {
public Pointer baseAddress;
public Pointer allocationBase;
public NativeLong allocationProtect;
public SIZE_T regionSize;
public NativeLong state;
public NativeLong protect;
public NativeLong type;
}
谢谢!
来自 MSDN, you must obtain the process handle with PROCESS_QUERY_INFORMATION,其值为 0x0400。您正在使用 0x0010 打开进程,因此出现 "access denied" 错误。
The handle must have been opened with the PROCESS_QUERY_INFORMATION
access right, which enables using the handle to read information from
the process object.
我正在尝试使用 kernal32.dll windows API 函数中的 VirtualQueryEx。
我在调用此函数之前得到的所有 pointers/addresses 都是正确的。
调用VirtualQueryEx returns 0 表示没有成功
还有 GetLastError() returns 错误代码 5,表示访问被拒绝 ):
请问我做错了什么?
- Windows8、管理员权限。
JNA 映射:
public class Test
{
static Kernel32 kernel32 = (Kernel32) Native.loadLibrary("kernel32", Kernel32.class);
static User32 user32 = (User32) Native.loadLibrary("user32" , User32.class);
public static void main(String[] args)
{
int pid = getProcessId("someWindowName"); // get our process ID
Pointer readprocess = kernel32.OpenProcess(0x0010, false,pid); // open the process ID with read priviledges.
MEMORY_BASIC_INFORMATION l = new MEMORY_BASIC_INFORMATION();
SYSTEM_INFO info = new SYSTEM_INFO();
kernel32.GetSystemInfo(info);
System.out.println(kernel32.VirtualQueryEx(readprocess, info.lpMinimumApplicationAddress, l, l.size()));
System.out.println(kernel32.GetLastError());
}
public static int getProcessId(String window)
{
IntByReference pid = new IntByReference(0);
user32.GetWindowThreadProcessId(user32.FindWindowA(null,window), pid);
return pid.getValue();
}
public static Pointer openProcess(int permissions, int pid)
{
Pointer process = kernel32.OpenProcess(permissions,true, pid);
return process;
}
public static Memory readMemory(Pointer process, int address, int bytesToRead)
{
IntByReference read = new IntByReference(0);
Memory output = new Memory(bytesToRead);
kernel32.ReadProcessMemory(process, address, output, bytesToRead, read);
return output;
}
}
kernal32 内部
int VirtualQueryEx(Pointer readprocess, Pointer lpMinimumApplicationAddress,MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
memory_basic 结构:
public class MEMORY_BASIC_INFORMATION extends Structure {
public Pointer baseAddress;
public Pointer allocationBase;
public NativeLong allocationProtect;
public SIZE_T regionSize;
public NativeLong state;
public NativeLong protect;
public NativeLong type;
}
谢谢!
来自 MSDN, you must obtain the process handle with PROCESS_QUERY_INFORMATION,其值为 0x0400。您正在使用 0x0010 打开进程,因此出现 "access denied" 错误。
The handle must have been opened with the PROCESS_QUERY_INFORMATION access right, which enables using the handle to read information from the process object.