经过相当多的研究(直读5天),就Linux而言,可以附加到一个进程,读取它的内存和分离,只需这样做：

重新评论像我这样的新手,取消注释,如果你更好的话

#include <sys/ptrace.h> //For ptrace()
#include <sys/wait.h>   //For waitpid()

int main () {
    int pid     = 1337; //The process id you wish to attach to
    int address = 0x13371337; //The address you wish to read in the process

    //First,attach to the process
    //All ptrace() operations that fail return -1,the exceptions are
    //PTRACE_PEEK* operations
    if (ptrace(PTRACE_ATTACH,pid,NULL,NULL) == -1) {
        //Read the value of errno for details.
        //To get a human readable,call strerror()
        //strerror(errno) <-- Returns a human readable version of the
        //error that occurred
        return 0;
    }

    //Now,attaching doesn't mean we can read the value straight away
    //We have to wait for the process to stop
    int status;
    //waitpid() returns -1 on failure
    //W.I.F,not W.T.F
    //WIFSTOPPED() returns true if the process was stopped when we attached to it
    if (waitpid(pid,&status,0) == -1 || !WIFSTOPPED(status)) {
        //Failed,read the value of errno or strerror(errno)
        return 0;
    }

    errno = 0; //Set errno to zero
    //We are about to perform a PTRACE_PEEK* operation,it is possible that the value
    //we read at the address is -1,if so,ptrace() will return -1 EVEN THOUGH it succeeded!
    //This is why we need to 'clear' the value of errno.
    int value = ptrace(PTRACE_PEEKDATA,(void*)addr,NULL);
    if (value == -1 && errno != 0) {
        //Failed,read the value of errno or strerror(errno)
        return 0;
    } else {
        //Success! Read the value
    }

    //Now,we have to detach from the process
    ptrace(PTRACE_DETACH,NULL);
    return 0;
}

参考文献：

http://linux.die.net/man/2/ptrace

http://linux.die.net/man/2/waitpid

这与编辑Android应用内存值有关吗？

那么,在Android NDK中存在ptrace和wait的标题.所以,要读/写一个应用程序的RAM,你将需要你的应用程序的本地代码.

此外,ptrace()需要root权限.

为什么要这么长时间？我从来没有写过这样的代码.