如何从 Windows 中的进程读取 Unicode 字符串?

How to read Unicode string from process in Windows?

我正在尝试使用以下代码从另一个进程的内存中读取 Unicode 字符串:

函数:

bool ReadWideString(const HANDLE& hProc, const std::uintptr_t& addr, std::wstring& out) {
    std::array<wchar_t, maxStringLength> outStr;
    auto readMemRes = ReadProcessMemory(hProc, (LPCVOID)addr,(LPVOID)&out, sizeof(out), NULL);
    if (!readMemRes)
        return false;
    else {
        out = std::wstring(outStr.data());
    }
    return true;
}

通话:

std::wstring name;
bool res = ReadWideString(OpenedProcessHandle, address, name);
std::wofstream test("test.txt");
test << name;
test.close();

这在处理英文字母时效果很好,但当我尝试阅读西里尔字母时,它什么也没有输出。我尝试使用 std::string,但我得到的只是随机垃圾,例如 "EC9" 而不是 "Дебил"

我正在使用 Visual Studio 17 和 C++17 标准。

您不能像现在这样直接读入 wstring。这将覆盖它的内部数据成员并破坏周围的内存,这将是非常糟糕的。

您正在分配一个本地缓冲区,但您没有将其用于任何用途。使用它,例如:

bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    std::array<wchar_t, maxStringLength> outStr;
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr, sizeof(outStr), &numRead))
        return false;
    out.assign(outStr.data(), numRead / sizeof(wchar_t));
    return true;
}


std::wstring name;
if (ReadWideString(OpenedProcessHandle, address, name)) {
    std::ofstream test("test.txt", std::ios::binary);
    wchar_t bom = 0xFEFF;
    test.write(reinterpret_cast<char*>(&bom), sizeof(bom));
    test.write(reinterpret_cast<const char*>(name.c_str()), name.size() * sizeof(wchar_t));
}

或者,摆脱本地缓冲区并预分配 wstring 的内存缓冲区,然后您可以直接读取它,例如:

bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    out.resize(maxStringLength);
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &out[0], maxStringLength * sizeof(wchar_t), &numRead)) {
        out.clear();
        return false;
    }
    out.resize(numRead / sizeof(wchar_t));
    return true;
}


bool ReadWideString(HANDLE hProc, std::uintptr_t addr, std::wstring& out) {
    std::wstring outStr;
    outStr.resize(maxStringLength);
    SIZE_T numRead = 0;
    if (!ReadProcessMemory(hProc, reinterpret_cast<LPVOID>(addr), &outStr[0], maxStringLength * sizeof(wchar_t), &numRead))
        return false;
    outStr.resize(numRead / sizeof(wchar_t));
    out = std::move(outStr);
    return true;
}