问题
What would be the equivalent api to these Windows functions? In case you are not familiar with the windows functions, all they do is open a process, access(read and write) its memory and close its handle.
Can this be done with syscalls only as well?
回答1:
You're looking for ptrace. Despite the name, it will also target individual threads on Linux and possibly other systems. More info can be found with Google if that blog post doesn't help.
回答2:
If you're on a more modern kernel, you might try process_vm_readv which seems to more closely simulate ReadProcessMemory, only it works slightly more cleanly than ptrace and even the Windows equivalents.
来源:https://stackoverflow.com/questions/23576731/openprocess-readprocessmemory-writeprocessmemory-closehandle-equivalent