过TP C读内存 测试可过dxf 切换CR3
void KReadProcessMemory(IN PEPROCESS Process, IN PVOID Address, IN UINT32 Length, OUT PVOID Buffer)
{
ULONG pDTB = 0, OldCr3 = 0, vAddr = 0;
//Get DTB
pDTB = Get32bitValue((UCHAR*)Process + 0x18);
if (pDTB == 0)
{
return;
}
//Record old cr3 and set new cr3
_disable();
OldCr3 = __readcr3();
__writecr3(pDTB);
_enable();
CloseProtect();
//Read process memory
if (MmIsAddressValid(Address))
{
RtlMoveMemory(Buffer, Address, Length);
}
PageProtectOn();
//Restore old cr3
_disable();
__writecr3(OldCr3);
_enable();
}