我如何使用 ReadProcessMemory 作弊引擎的内存地址?
how do i use a memory address from cheat engine with ReadProcessMemory?
我试图制作一个监控 GTA 5 中角色速度的应用程序,iv 找到了使用作弊引擎的变量地址:http://i.stack.imgur.com/klyYV.png
并且我创建了一个函数来打开游戏进程的句柄:
/*returns INVALID_HANDLE_VALUE on failure*/
HANDLE openProcessByName(const char* name, DWORD access){
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if(Process32First(snapshot, &process) == FALSE){//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while(Process32Next(snapshot, &process) == TRUE){//skips first but thats system anyway
if(_stricmp(process.szExeFile, name) == 0){//found it
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}
在 main 中,我得到句柄并尝试读取内存位置,如下所示:
#include <tlhelp32.h>
#include <iostream>
HANDLE openProcessByName(const char* name, DWORD access);
int main(){
HANDLE processHandle = openProcessByName("GTA5.exe", PROCESS_VM_READ);
if (processHandle == INVALID_HANDLE_VALUE){
std::cout << "invalid handle value" << std::endl;
return 0;
}
float speed = 0.00;
if (ReadProcessMemory(processHandle, (LPCVOID)0x7FF65EEA3940, &speed, (DWORD)sizeof(speed), NULL) == 0){
std::cout << "failed to read value" << std::endl;
std::cout << GetLastError() << std::endl;//return 299
}else{
std::cout << speed << std::endl;
}
CloseHandle(processHandle);
return 0;
}
但它失败并打印 "failed to read value"。
我假设这与地址偏移量有关,我一直在查找它,但我真的不明白人们在谈论什么。顺便说一句,内存位置不是静态的,并且会在游戏重新启动时发生变化,但我想至少在我尝试找到动态获取它的方法之前让它与实际内存地址一起工作。
那么我如何根据作弊引擎中显示的地址找到要与 ReadProcessMemory 函数一起使用的实际内存地址。
这就是我最终的做法(代码已被简化且未经过测试)。
该地址需要偏移游戏进程主模块的基地址。
void read() {
MODULEENTRY32 mainModule = {0};
HANDLE process = openProcessByName(PROCESS_NAME, PROCESS_VM_READ, &mainModule);
float rawSpeed = 0.00f;
ReadProcessMemory(process, (LPCVOID)(mainModule.modBaseAddr + MEMORY_ADDRESS), &rawSpeed, sizeof(rawSpeed), NULL);
}
//returns INVALID_HANDLE_VALUE on failure
HANDLE openProcessByName(const char* name, DWORD access, MODULEENTRY32* mainModule) {
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &process) == FALSE) {//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while (Process32Next(snapshot, &process) == TRUE) {//skips first but thats system anyway
if (_stricmp(process.szExeFile, name) == 0) {//found it
HANDLE modSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, process.th32ProcessID);
mainModule->dwSize = sizeof(MODULEENTRY32);
Module32First(modSnapshot, mainModule);
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(modSnapshot);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}
我试图制作一个监控 GTA 5 中角色速度的应用程序,iv 找到了使用作弊引擎的变量地址:http://i.stack.imgur.com/klyYV.png
并且我创建了一个函数来打开游戏进程的句柄:
/*returns INVALID_HANDLE_VALUE on failure*/
HANDLE openProcessByName(const char* name, DWORD access){
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if(Process32First(snapshot, &process) == FALSE){//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while(Process32Next(snapshot, &process) == TRUE){//skips first but thats system anyway
if(_stricmp(process.szExeFile, name) == 0){//found it
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}
在 main 中,我得到句柄并尝试读取内存位置,如下所示:
#include <tlhelp32.h>
#include <iostream>
HANDLE openProcessByName(const char* name, DWORD access);
int main(){
HANDLE processHandle = openProcessByName("GTA5.exe", PROCESS_VM_READ);
if (processHandle == INVALID_HANDLE_VALUE){
std::cout << "invalid handle value" << std::endl;
return 0;
}
float speed = 0.00;
if (ReadProcessMemory(processHandle, (LPCVOID)0x7FF65EEA3940, &speed, (DWORD)sizeof(speed), NULL) == 0){
std::cout << "failed to read value" << std::endl;
std::cout << GetLastError() << std::endl;//return 299
}else{
std::cout << speed << std::endl;
}
CloseHandle(processHandle);
return 0;
}
但它失败并打印 "failed to read value"。 我假设这与地址偏移量有关,我一直在查找它,但我真的不明白人们在谈论什么。顺便说一句,内存位置不是静态的,并且会在游戏重新启动时发生变化,但我想至少在我尝试找到动态获取它的方法之前让它与实际内存地址一起工作。
那么我如何根据作弊引擎中显示的地址找到要与 ReadProcessMemory 函数一起使用的实际内存地址。
这就是我最终的做法(代码已被简化且未经过测试)。 该地址需要偏移游戏进程主模块的基地址。
void read() {
MODULEENTRY32 mainModule = {0};
HANDLE process = openProcessByName(PROCESS_NAME, PROCESS_VM_READ, &mainModule);
float rawSpeed = 0.00f;
ReadProcessMemory(process, (LPCVOID)(mainModule.modBaseAddr + MEMORY_ADDRESS), &rawSpeed, sizeof(rawSpeed), NULL);
}
//returns INVALID_HANDLE_VALUE on failure
HANDLE openProcessByName(const char* name, DWORD access, MODULEENTRY32* mainModule) {
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &process) == FALSE) {//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while (Process32Next(snapshot, &process) == TRUE) {//skips first but thats system anyway
if (_stricmp(process.szExeFile, name) == 0) {//found it
HANDLE modSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, process.th32ProcessID);
mainModule->dwSize = sizeof(MODULEENTRY32);
Module32First(modSnapshot, mainModule);
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(modSnapshot);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}