• 公开视频 -> 链接点击跳转公开课程
• 博客首页 -> 链接点击跳转博客主页

目录

VirtualAlloc - VirtualFree

VirtualAllocEx - VirtualFreeEx

VirtualLock(Ex) - VirtualUnlock(Ex)

VirtualQuery(Ex)

Process Memory Information

VirtualProtect(Ex)

Heap - GetProcessHeap - HeapCreate - HeapAlloc - HeapReAlloc - HeapFree - HeapDestroy

Heap - HeapSize - GetProcessHeaps

Heap - Heap32ListFirst - Heap32First

---

VirtualAlloc - VirtualFree

#include <iostream>
#include <windows.h>int main() 
{//Cint* p1 = (int*)malloc(sizeof(int));if (p1 != NULL){std::cout << *p1 << std::endl;memset(p1, 0, sizeof(int));std::cout << *p1 << std::endl;*p1 = 0x12345678;std::cout << *p1 << std::endl;free(p1);p1 = nullptr;}//CPPint* p2 = new int(0xCC);if (p2 != NULL){std::cout << *p2 << std::endl;memset(p2, 0, sizeof(int));std::cout << *p2 << std::endl;*p2 = 0x12345678;std::cout << *p2 << std::endl;delete p2;p1 = nullptr;}//WIN32LPVOID lpBuffer = VirtualAlloc(/*(LPVOID)0x800000*/NULL, 0xFF, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);if (lpBuffer != NULL){memset(lpBuffer, 0xCC, 0xFF);BOOL bRet = VirtualFree(lpBuffer, 0, MEM_RELEASE);}//跨进程内存管理VirtualAllocEx;VirtualFreeEx;return 0;
}

VirtualAllocEx - VirtualFreeEx

#include <iostream>
#include <Windows.h>int main()
{DWORD dwPid = 65772;HANDLE hProcess = 0;LPVOID lpBase = 0;DWORD dwWriteData = 0;DWORD dwWriteLeng = 0;DWORD dwReadData = 0;DWORD dwReadLeng = 0;//打开进程hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);if (NULL == hProcess) return 0;//申请内存lpBase = VirtualAllocEx(hProcess, NULL, 0xFF, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);if (lpBase == NULL) return 0;//操作内存for (size_t i = 0; i < 0xFF; i++){CHAR szBuffer = i;WriteProcessMemory(hProcess, (PUCHAR)lpBase + i, &szBuffer, sizeof(CHAR), &dwWriteLeng);}ReadProcessMemory(hProcess, (LPVOID)0x400000, &dwReadData, sizeof(DWORD), &dwReadLeng);//释放资源VirtualFreeEx(hProcess, lpBase, 0, MEM_RELEASE);CloseHandle(hProcess);return 0;
}

VirtualLock(Ex) - VirtualUnlock(Ex)

#include <iostream>
#include <Windows.h>int main()
{//申请内存LPVOID lpBuffer = VirtualAlloc(NULL, 0xFF,MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);if (lpBuffer == NULL) return 0;//锁定页面VirtualLock(lpBuffer, 0xFF);//快速交互//解锁页面VirtualUnlock(lpBuffer, 0xFF);//释放内存VirtualFree(lpBuffer, 0, MEM_RELEASE);return 0;
}

VirtualQuery(Ex)

#include <iostream>
#include <Windows.h>int main()
{LPVOID lpBuffer = VirtualAlloc(NULL, 4097, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);if (lpBuffer != NULL){MEMORY_BASIC_INFORMATION mbi = { 0 };if (VirtualQuery((LPVOID)0x400000, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) != 0){return 0;}VirtualFree(lpBuffer, 0, MEM_RELEASE);}return 0;
}

Process Memory Information

#include <iostream>
#include <string>
#include <Windows.h>std::string StateToStr(DWORD State)
{switch (State){case MEM_COMMIT	: return "MEM_COMMIT";case MEM_FREE	: return "MEM_FREE";case MEM_RESERVE: return "MEM_RESERVE";default			: return "UNKONW_STATE";}
}std::string ProtectToStr(DWORD Protect)
{switch (Protect) {case PAGE_READONLY				: return "PAGE_READONLY";case PAGE_READWRITE				: return "PAGE_READWRITE";case PAGE_EXECUTE				: return "PAGE_EXECUTE";case PAGE_EXECUTE_READ			: return "PAGE_EXECUTE_READ";case PAGE_EXECUTE_READWRITE		: return "PAGE_EXECUTE_READWRITE";case PAGE_NOACCESS				: return "PAGE_NOACCESS";default							: return "UNKNOWN_PROTECT";}
}std::string TypeToStr(DWORD Type)
{switch (Type) {case MEM_IMAGE		: return "MEM_IMAGE";case MEM_MAPPED		: return "MEM_MAPPED";case MEM_PRIVATE	: return "MEM_PRIVATE";default				: return "UNKNOWN_TYPE";}
}int main()
{// 进程标识DWORD dwPid = 0;std::cout << "please input processid ";std::cin >> dwPid;// 打开进程HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);if (hProcess == NULL){std::cout << "OpenProcess Failed" << std::endl;return 0;}// 内存信息LPVOID lpBaseAddr = 0;MEMORY_BASIC_INFORMATION mbi;RtlZeroMemory(&mbi, sizeof(MEMORY_BASIC_INFORMATION));while (VirtualQueryEx(hProcess, lpBaseAddr, &mbi, sizeof(MEMORY_BASIC_INFORMATION))){printf("==============================\r\n");printf("BaseAddress				0x%08x\r\n", mbi.BaseAddress);printf("AllocationBase				0x%08x\r\n", mbi.AllocationBase);printf("AllocationProtect			%s\r\n", ProtectToStr(mbi.AllocationProtect).c_str());printf("RegionSize				0x%08x\r\n", mbi.RegionSize);printf("State					%s\r\n", StateToStr(mbi.State).c_str());printf("Protect					%s\r\n", ProtectToStr(mbi.Protect).c_str());printf("Type					%s\r\n", TypeToStr(mbi.Type).c_str());lpBaseAddr = (PUCHAR)mbi.BaseAddress + mbi.RegionSize;}return 0;
}

VirtualProtect(Ex)

#include <iostream>
#include <Windows.h>int main()
{// 页面大小SYSTEM_INFO si = { 0 };GetSystemInfo(&si);// 申请内存LPVOID lpBuffer = VirtualAlloc(NULL, si.dwPageSize, MEM_COMMIT, PAGE_READONLY);if (lpBuffer == NULL) return 1;// 修改属性DWORD dwOldProtect = 0;if (VirtualProtect(lpBuffer, si.dwPageSize, PAGE_READWRITE, &dwOldProtect) == NULL) return 1;// 数据写入memset(lpBuffer, 0xCC, si.dwPageSize);// 内存查询MEMORY_BASIC_INFORMATION mbi = { 0 };VirtualQuery(lpBuffer, &mbi, sizeof(MEMORY_BASIC_INFORMATION));// 属性恢复if (VirtualProtect(lpBuffer, si.dwPageSize, dwOldProtect, &dwOldProtect) == NULL) return 1;// 释放资源VirtualFree(lpBuffer, 0, MEM_RELEASE);return 0;
}

Heap - GetProcessHeap - HeapCreate - HeapAlloc - HeapReAlloc - HeapFree - HeapDestroy

#include <iostream>
#include <Windows.h>int main()
{// 进程默认堆HANDLE hHeap1 = GetProcessHeap();LPVOID lpBuffer1 = HeapAlloc(hHeap1, HEAP_ZERO_MEMORY, 4);if(lpBuffer1 == NULL) return 1;// 创建进程堆HANDLE hHeap2 = HeapCreate(0, 0x1000, 0x10000);if (hHeap2 == NULL) return 1;// 申请堆内存LPVOID lpBuffer2 = HeapAlloc(hHeap2, HEAP_ZERO_MEMORY, 16);if (lpBuffer2 == NULL){HeapDestroy(hHeap2);return 1;}memset(lpBuffer2, 0xCC, 16);// 扩大堆内存LPVOID lpBuffer3 = HeapReAlloc(hHeap2, 0, lpBuffer2, 32);if (lpBuffer3 == NULL){HeapFree(hHeap2, 0, lpBuffer2);HeapDestroy(hHeap2);return 1;}memset(lpBuffer3, 0xCC, 32);// 释放堆内存HeapFree(hHeap2, 0, lpBuffer2);// 释放堆句柄HeapDestroy(hHeap2);return 0;
}

Heap - HeapSize - GetProcessHeaps

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>int main()
{// 进程默认堆HANDLE hHeap = GetProcessHeap();if (hHeap == NULL) return 1;// 申请堆内存LPVOID lpBuffer1 = HeapAlloc(hHeap, 0, 16);LPVOID lpBuffer2 = HeapAlloc(hHeap, 0, 32);// 内存块大小std::cout << HeapSize(hHeap, 0, lpBuffer1) << std::endl;std::cout << HeapSize(hHeap, 0, lpBuffer2) << std::endl;// 释放堆资源HeapFree(hHeap, 0, lpBuffer1);HeapFree(hHeap, 0, lpBuffer2);// 创建进程堆HeapCreate(0, 0x1000, 0x10000);// 进程堆数量DWORD dwHeapCount = GetProcessHeaps(0, NULL);if (dwHeapCount == NULL) return 1;PHANDLE pHeaps = new HANDLE[dwHeapCount];dwHeapCount = GetProcessHeaps(dwHeapCount, pHeaps);if (dwHeapCount == NULL) return 1;// 输出堆信息for (size_t i = 0; i < dwHeapCount; i++){std::cout << pHeaps[i] << std::endl;}delete[] pHeaps;CreateToolhelp32Snapshot;HEAPENTRY32;Heap32First;Heap32Next;return 0;
}

Heap - Heap32ListFirst - Heap32First

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>int main()
{// 创建堆的数据HANDLE hHeap = HeapCreate(0, 0x1000, 0x10000);// 获取进程标识DWORD dwPid = GetCurrentProcessId();// 创建内存快照HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPHEAPLIST, dwPid);if (hSnap == INVALID_HANDLE_VALUE) return EXIT_FAILURE;// 结构描述信息HEAPLIST32 hl = { 0 };hl.dwSize = sizeof(HEAPLIST32);HEAPENTRY32 he = { 0 };he.dwSize = sizeof(HEAPENTRY32);// 遍历堆的列表if (Heap32ListFirst(hSnap, &hl)){do{printf("========\r\n");//遍历块的数据if (Heap32First(&he, dwPid, hl.th32HeapID)){do{std::cout << he.dwAddress << "\t" << he.dwBlockSize << std::endl;} while (Heap32Next(&he));}} while (Heap32ListNext(hSnap, &hl));}return EXIT_SUCCESS;
}