C#内存修改

先通过

System.Diagnostics.Process类获取想要编辑的进程

调用API

[Flags]
                    public enum ProcessAccessType
                    {
                        PROCESS_TERMINATE = (0x0001),
                        PROCESS_CREATE_THREAD = (0x0002),
                        PROCESS_SET_SESSIONID = (0x0004),
                        PROCESS_VM_OPERATION = (0x0008),
                        PROCESS_VM_READ = (0x0010),
                        PROCESS_VM_WRITE = (0x0020),
                        PROCESS_DUP_HANDLE = (0x0040),
                        PROCESS_CREATE_PROCESS = (0x0080),
                        PROCESS_SET_QUOTA = (0x0100),
                        PROCESS_SET_INFORMATION = (0x0200),
                        PROCESS_QUERY_INFORMATION = (0x0400)
                    }
                    [DllImport(“kernel32.dll”)]
                    public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
                    [DllImport(“kernel32.dll”)]
                    public static extern Int32 CloseHandle(IntPtr hObject);
                    [DllImport(“kernel32.dll”)]
                   
public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr
lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr
lpNumberOfBytesRead);
                    [DllImport(“kernel32.dll”)]
                   
public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr
lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr
lpNumberOfBytesWritten);

打开进程

private IntPtr m_hProcess = IntPtr.Zero;   //这个保存打开了个进程句柄

public void OpenProcess()
                {
                   
//   m_hProcess =
ProcessMemoryReaderApi.OpenProcess(ProcessMemoryReaderApi.PROCESS_VM_READ,
1, (uint)m_ReadProcess.Id);
                    ProcessMemoryReaderApi.ProcessAccessType access;
                    access = ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_READ
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_WRITE
                        | ProcessMemoryReaderApi.ProcessAccessType.PROCESS_VM_OPERATION;
                    m_hProcess = ProcessMemoryReaderApi.OpenProcess((uint)access, 1, (uint)m_ReadProcess.Id);
                }

m_ReadProcess.Id 进程的ID编号

读取

public byte[] ReadProcessMemory(IntPtr MemoryAddress, uint bytesToRead, out int bytesRead)
                {
                    byte[] buffer = new byte[bytesToRead];

IntPtr ptrBytesRead;
                    ProcessMemoryReaderApi.ReadProcessMemory(m_hProcess, MemoryAddress, buffer, bytesToRead, out ptrBytesRead);

bytesRead = ptrBytesRead.ToInt32();

return buffer;
                }

IntPrt MemoryAddress 为要读取的内存地址

uint bytesToRead 需要读的数量

out int bytesRead 实际读出的数量

写入

public void WriteProcessMemory(IntPtr MemoryAddress, byte[] bytesToWrite, out int bytesWritten)
                {
                    IntPtr ptrBytesWritten;
                   
ProcessMemoryReaderApi.WriteProcessMemory(m_hProcess, MemoryAddress,
bytesToWrite, (uint)bytesToWrite.Length, out ptrBytesWritten);

bytesWritten = ptrBytesWritten.ToInt32();
                }

IntPrt MemoryAddress 为要读取的内存地址

byte[] bytesToWrite 需要写入的数据

out int bytesWritten 实际写入多少

以上代码转自：http://blog.csdn.net/zgke/article/details/2969071