windows c++ 获取进程内存分布

#include <iostream>
#include <windows.h>
#include <vector>

void outputMemInfos(const std::vector<MEMORY_BASIC_INFORMATION>& memInfos) {

    printf("------------------------------------------------------------------------ \n");
    printf("start \t end \t size \t state \t type \t protect \n");
    printf("------------------------------------------------------------------------ \n");
    for (const MEMORY_BASIC_INFORMATION& mbi: memInfos) {
        // 输出查询结果
        printf("0x%012llX \t 0x%012X \t %8llx \t ", mbi.BaseAddress, ((uintptr_t)mbi.BaseAddress + (uintptr_t)mbi.RegionSize), mbi.RegionSize);

        // 输出状态
        switch (mbi.State) {
            case MEM_FREE: printf("MEM_FREE \t"); break;
            case MEM_RESERVE: printf("MEM_RESERVE \t"); break;
            case MEM_COMMIT: printf("MEM_COMMIT \t"); break;
            default: printf("UNKNOW \t"); break;
        }

        // 输出类型
        switch (mbi.Type) {
            case MEM_PRIVATE:   printf("MEM_PRIVATE  \t"); break;
            case MEM_MAPPED:    printf("MEM_MAPPED  \t"); break;
            case MEM_IMAGE:     printf("MEM_IMAGE  \t"); break;
            default: printf("UNKNOW  \t"); break;
        }

        if (mbi.Protect == 0) {
            printf("---");
        }
        else if (mbi.Protect & PAGE_EXECUTE) {
            printf("E--");
        }
        else if (mbi.Protect & PAGE_EXECUTE_READ) {
            printf("ER-");
        }
        else if (mbi.Protect & PAGE_EXECUTE_READWRITE) {
            printf("ERW");
        }
        else if (mbi.Protect & PAGE_READONLY) {
            printf("-R-");
        }
        else if (mbi.Protect & PAGE_READWRITE) {
            printf("-RW");
        }
        else if (mbi.Protect & PAGE_WRITECOPY) {
            printf("WCOPY");
        }
        else if (mbi.Protect & PAGE_EXECUTE_WRITECOPY) {
            printf("EWCOPY");
        }
        printf("\n");
    }
}

// 枚举特定进程内存块信息
bool ScanProcessMemory(HANDLE hProc, std::vector<MEMORY_BASIC_INFORMATION>& memInfos) {
    SIZE_T stSize = 0;
    PBYTE pAddress = (PBYTE)0;
    SYSTEM_INFO systemInfo;
    MEMORY_BASIC_INFORMATION mbi;
    //获取页的大小
    ZeroMemory(&systemInfo, sizeof(SYSTEM_INFO));
    GetSystemInfo(&systemInfo);
    // 得到的镜像基地址
    pAddress = (PBYTE)systemInfo.lpMinimumApplicationAddress;
    // 判断只要当前地址小于最大地址就循环
    while (pAddress < (PBYTE)systemInfo.lpMaximumApplicationAddress) {
        // 对结构体进行初始化
        ZeroMemory(&mbi, sizeof(MEMORY_BASIC_INFORMATION));
        // 查询内存属性
        stSize = VirtualQueryEx(hProc, pAddress, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
        if (stSize == 0) {
            pAddress += systemInfo.dwPageSize;
            continue;
        }
        memInfos.push_back(mbi);
        // 每次循环累加内存块的位置
        pAddress = (PBYTE)mbi.BaseAddress + mbi.RegionSize;
    }
    return true;
}

int main(int argc, char* argv[]) {
    // 打开进程
    DWORD pid = 47968;
    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    // 开始枚举
    std::vector<MEMORY_BASIC_INFORMATION> memInfos;
    ScanProcessMemory(hProc, memInfos);
    CloseHandle(hProc);
    outputMemInfos(memInfos);
    return 0;
}