问题描述

从

lpBaseAddress [in] ：

指向要读取的指定进程中的基址的指针。在发生任何数据传输之前，系统将验证指定大小的基址和内存中的所有数据是否均可访问，如果不可访问，则函数将失败。

lpBaseAddress [in]:
A pointer to the base address in the specified process from which to read. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for read access, and if it is not accessible the function fails.

nSize [in] ：

要从指定进程读取的字节数。

nSize [in]:
The number of bytes to be read from the specified process.

strong> lpNumberOfBytesRead [out]

指向变量的指针，该变量接收传输到指定缓冲区的字节数。如果lpNumberOfBytesRead为NULL，则忽略该参数。

lpNumberOfBytesRead [out]
A pointer to a variable that receives the number of bytes transferred into the specified buffer. If lpNumberOfBytesRead is NULL, the parameter is ignored.

因此， ReadProcessMemory 只能完全成功或完全失败。和大小显然已知的调用者 - 不得不通过它进行调用。为什么有 lpNumberOfBytesRead ？

So.. ReadProcessMemory can only completely succeed or completely fail. And the size is obviously known to the caller -- had to pass it in to make the call. Why have the lpNumberOfBytesRead?

推荐答案

从：

//
// MessageId: ERROR_PARTIAL_COPY
//
// MessageText:
//
//  Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
//
#define ERROR_PARTIAL_COPY               299L

ReadProcessMemory当副本命中页面错误时，将返回FALSE，而 GetLastError 将返回 ERROR_PARTIAL_COPY 。这是一个常见的情况，在转储程序，它必须工作在一个潜在的损坏的过程，所以他们不能确定请求的区域是否有效（他们追逐以获得开始地址的指针可能已损坏，并指向la- la-land），但他们仍然希望尽可能多地复制到转储中。

ReadProcessMemory would return FALSE and GetLastError would return ERROR_PARTIAL_COPY when the copy hits a page fault. This is a common scenario in dumpers, which have to work on a potentially corrupted process so they can't be sure if the requested area is valid or not (the pointer they chased to get the start address could be corrupted and point to la-la-land), but they would still like to copy as much as possible into the dump.

这篇关于为什么ReadProcessMemory有`lpNumberOfBytesRead`？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！