#Include <WinAPI.au3>
$pid = ProcessExists('SciTE.exe')
If Not $pid Then Exit
$hProc = _WinAPI_OpenProcess(0x1F0FFF, 0, $pid)
Local $iStartAddress = 0x0, $iStopAddress = 0x06000000, $iStep = 1024
Local $tBuff = DllStructCreate('byte[' & $iStep & ']')
$dll = DllOpen('kernel32.dll')
For $iAddress = $iStartAddress To $iStopAddress Step $iStep
$aRet = DllCall($dll, 'bool', 'ReadProcessMemory', 'handle', $hProc, 'ptr', $iAddress, 'ptr', DllStructGetPtr($tBuff), 'ulong_ptr', $iStep, 'ulong_ptr*', 0)
If @Error Then
ConsoleWrite('-@Error>' & @Error & @CRLF)
ExitLoop
EndIf
If Not $aRet[5] Then ExitLoop
$iReadData = BinaryToString(DllStructGetData($tBuff, 1))
$iPos = 1
While $iPos
$iPos = StringInStr($iReadData, ':\', 1)
If Not $iPos Then ExitLoop
$aTmp = StringRegExp(StringMid($iReadData, $iPos - 1, 256), '(?i)^([a-z]:\\.*)', 3)
If IsArray($aTmp) Then
ConsoleWrite('-OutStr>' & $aTmp[0] & @CRLF)
ExitLoop 2
EndIf
$iPos += 3
WEnd
Next
DllClose($dll)
_WinAPI_CloseHandle($hProc)
Вот так работает:
$hProc = _WinAPI_OpenProcess(0x1F0FFF, 0, $iPID)
Local $iStartAddress = 0x00100000, $iStopAddress = 0x06000000, $iStep = 1024
Local $tBuff = DllStructCreate('byte[' & $iStep & ']')
$dll = DllOpen('kernel32.dll')
$iCount = 0
For $iAddress = $iStartAddress To $iStopAddress Step $iStep
$aRet = DllCall($dll, 'int', 'ReadProcessMemory', 'int', $hProc, 'ptr', $iAddress, 'ptr', DllStructGetPtr($tBuff), 'int', $iStep, 'int', '')
If @Error Then
ConsoleWrite('-@Error>' & @Error & @CRLF)
ExitLoop
EndIf
If Not $aRet[3] Then ExitLoop
$iReadData = BinaryToString(DllStructGetData($tBuff, 1))
$iPos = 1
While $iPos
$iPos = StringInStr($iReadData, ':\', 2)
If Not $iPos Then
ExitLoop
EndIf
$aTmp = StringRegExp(StringMid($iReadData, $iPos - 1, 256), '(?i)^([a-z]:\\.+(?=\.[^\.]+))$', 3)
If IsArray($aTmp) Then
ConsoleWrite('-OutStr>' & $aTmp[0] & @CRLF)
$iCount += 1
If $iCount = 20 Then ExitLoop 2
EndIf
$iPos += 3
WEnd
Next
DllClose($dll)
_WinAPI_CloseHandle($hProc)Это поиск текста не преследуемый расширением файла.
$vTest = 'C:\test.au3' ;Должно возвращать 0
;~ $vTest = 'C:\test' ;Должно возвращать 1
$sRet = StringRegExp($vTest, '(?i)^[a-z]:\\.*(?!\.au3)$') ;Поиск пути к файлу не преследуемый расширением файла
ConsoleWrite("Result: " & $sRet & @LF)$test=StringRegExp($test, '(?i)^([a-z]:\\.+\\)([^\\.]+)$', 3)То есть если опустошить цикл, то ячейки памяти будут всё равно медленно читаться? Или всё таки в цикле дело. Там шаг +3 ($iPos += 3) что он значит?
#Include <WinAPI.au3>
$iPID = ProcessExists('SciTE.exe')
If Not $iPID Then Exit
$begin = TimerInit()
$hProc = _WinAPI_OpenProcess(0x1F0FFF, 0, $iPID)
Local $iStartAddress = 0x00100000, $iStopAddress = 0x06000000, $iStep = 1024
Local $tBuff = DllStructCreate('byte[' & $iStep & ']')
$dll = DllOpen('kernel32.dll')
$iCount = 0
For $iAddress = $iStartAddress To $iStopAddress Step $iStep
$aRet = DllCall($dll, 'int', 'ReadProcessMemory', 'int', $hProc, 'ptr', $iAddress, 'ptr', DllStructGetPtr($tBuff), 'int', $iStep, 'int', '')
If @Error Then
ConsoleWrite('-@Error>' & @Error & @CRLF)
ExitLoop
EndIf
If Not $aRet[3] Then ExitLoop
$iReadData = BinaryToString(DllStructGetData($tBuff, 1))
$iPos = 1
While $iPos
$iPos = StringInStr($iReadData, ':\', 2, 1, $iPos)
If Not $iPos Then ExitLoop
$aTmp = StringRegExp(StringMid($iReadData, $iPos - 1, 256), '(?i)^([a-z]:\\.*)', 3)
If IsArray($aTmp) Then
ConsoleWrite('-OutStr>' & $aTmp[0] & @CRLF)
$iCount += 1
If $iCount = 100 Then ExitLoop 2
EndIf
$iPos += 3
WEnd
Next
DllClose($dll)
_WinAPI_CloseHandle($hProc)
ConsoleWrite('-TimerDiff>' & TimerDiff($begin) & @CRLF)#Include <Array.au3>
$iPID = ProcessExists('Opera.exe')
If Not $iPID Then Exit
$begin = TimerInit()
Local $iStartAddress = 0x00100000, $iStopAddress = 0x06000000, $iStep = 1024
$ret = DllCall('mread.dll', 'str', 'FindMemLikePath', 'int', $iPID, 'int', $iStartAddress, 'int', $iStopAddress, 'int', $iStep)
If IsArray($ret) Then
$aTmp = StringSplit($ret[0], @CRLF, 1)
For $i = 1 To $aTmp[0]
$aTmp[$i] = StringRegExpReplace($aTmp[$i], '(?is)^([a-z]:\\[^\x00-\x1f]*).*', '\1')
Next
ConsoleWrite('-TimerDiff>' & TimerDiff($begin) & @CRLF)
_ArrayDisplay($aTmp)
EndIfImportC ""
strstr(a, b)
EndImport
ProcedureDLL.s FindMemLikePath(Pid, AdrStart, AdrEnd, iSize)
Protected sOut.s = "", ProcessHandle, lWritten
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, 0, Pid)
If ProcessHandle
sBuffer = AllocateMemory(iSize + 1)
If sBuffer
For iAdr = AdrStart To AdrEnd
ReadProcessMemory_(ProcessHandle, iAdr, sBuffer, iSize, @lWritten)
If sBuffer And lWritten
i = strstr(sBuffer, @":\")
While i
tmp$ = PeekS(i - 1, 256)
tmp = Asc(UCase(Left(tmp$, 1)))
If tmp > 64 And tmp < 91
sOut + ReplaceString(tmp$, #CRLF$, #TAB$+#TAB$) + #CRLF$
EndIf
i + 1
i = strstr(i, @":\")
Wend
EndIf
iAdr + iSize - 1
Next
FreeMemory(sBuffer)
Else
sOut = "-2"; ошибка выделения памяти
EndIf
CloseHandle_(ProcessHandle)
ProcedureReturn sOut
EndIf
ProcedureReturn "-1"; не открыт хэндл процесса
EndProcedure