我尝试用.NET中的内存访问。目前，我有一个管理程序，启动一个非托管工艺，并检索 BaseAddress 其加载的模块之一（一个DLL）中。我想要做的就是以某种方式读取加载的模块的PE头，这样我以后可以检索其出口的地址。

I'm experimenting with memory access in .NET. At the moment, I have a managed program that starts an unmanaged process and retrieves the BaseAddress of one of its loaded modules (a DLL). What I would like to do is somehow read the PE header of the loaded module so that I can later retrieve the addresses of its exports.

不幸的是，我找不到这方面有任何良好的信息。任何想法？

Unfortunately, I can't find any good information about this. Any ideas?

推荐答案

这是一个良好的起点，PE文件格式。

This is a good starting point for the PE file format.

您可以P / Invoke ReadProcessMemory 从你的头文件复制到你的过程中，基址。你需要分析你阅读到不同的PE头的内存。第一个标题是 IMAGE_DOS_HEADER ，这将指向你到的