ReadProcessMemory и Write ProcessMemory.

← →
VuDZ (2002-01-23 18:19) [1]

набери в ya.ru || yahoo.com эти слова и читай :)
надеюсь, перевести смогёшь:
ReadProcessMemory
The ReadProcessMemory function reads data from an area of memory in a specified process. The entire area to be read must be accessible, or the operation fails.
BOOL ReadProcessMemory( HANDLE hProcess, // handle to the process LPCVOID lpBaseAddress, // base of memory area LPVOID lpBuffer, // data buffer SIZE_T nSize, // number of bytes to read SIZE_T * lpNumberOfBytesRead // number of bytes read );
Parameters
hProcess
[in] Handle to the process whose memory is being read. The handle must have PROCESS_VM_READ access to the process.
lpBaseAddress
[in] Pointer to the base address in the specified process from which to read. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for read access. If this is the case, the function proceeds; otherwise, the function fails.
lpBuffer
[out] Pointer to a buffer that receives the contents from the address space of the specified process.
nSize
[in] Specifies the requested number of bytes to read from the specified process.
lpNumberOfBytesRead
[out] Pointer to a variable that receives the number of bytes transferred into the specified buffer. If lpNumberOfBytesRead is NULL, the parameter is ignored.
Return Values
If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

The function fails if the requested read operation crosses into an area of the process that is inaccessible.

Remarks
ReadProcessMemory copies the data in the specified address range from the address space of the specified process into the specified buffer of the current process. Any process that has a handle with PROCESS_VM_READ access can call the function. The process whose address space is read is typically, but not necessarily, being debugged.

The entire area to be read must be accessible. If it is not, the function fails as noted previously.

в общем делаешь так:
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_ID_aka_PID);
a : var [0...x] of byte;
read dword (a = 2^32);
ReadProcessMemory(h, _pointer_to_proc_memory, ^a, x, ^read);

ну и всё...
только надоещё кое-какие привилегии получить, но не обязательно...
Кооче, RTFM 2 MSDN

ReadProcessMemory и Write ProcessMemory. Найти похожие ветки