使用模块基址读取内存
Read memory with module base address
如何读取带有模块基址的内存?
例如,我如何读取此内存:"winCap64.dll"+0x123456 + offsets.
我已经添加了一个示例代码,说明经过一些研究我可以生成什么,但我仍然无法阅读 C# 中的任何内容。然而,地址绝对没问题,因为当我将它们添加到 Cheat Engine 时,它们 return 我得到了正确的值。
编辑:添加了示例代码
[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Boolean bInheritHandle, UInt32 dwProcessId);
[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
byte[] lpBuffer, UIntPtr nSize, uint lpNumberOfBytesWritten);
static IntPtr Handle;
static void Main(string[] args)
{
Process[] Processes = Process.GetProcessesByName("process");
Process nProcess = Processes[0];
Handle = OpenProcess(0x10, false, (uint)nProcess.Id);
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x020C5150);
int curhp = ReadOffset(pointer, 0x4D8);
int curhp2 = ReadOffset((IntPtr)curhp, 0x0);
int curhp3 = ReadOffset((IntPtr)curhp2, 0x1c0);
Console.WriteLine(curhp3.ToString());
Console.ReadKey();
}
public static int ReadOffset(IntPtr pointer, uint offset)
{
byte[] bytes = new byte[24];
uint adress = (uint)ReadPointer(pointer) + offset;
ReadProcessMemory(Handle, (IntPtr)adress, bytes, (UIntPtr)sizeof(int), 0);
return BitConverter.ToInt32(bytes, 0);
}
public static int ReadPointer(IntPtr pointer)
{
byte[] bytes = new byte[24];
ReadProcessMemory(Handle, pointer, bytes, (UIntPtr)sizeof(int), 0);
return BitConverter.ToInt32(bytes, 0);
}
IntPtr 是存储指针并传递它的架构不可知的方式,比如 ReadProcessMemory:
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x02093458);
这样的怎么样?
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, BaseAddress);
Console.WriteLine("Final: " + pointer.ToString("X"));
int hp = ReadInt32(pointer, Handle);
string hexPrefix = "80" + hp.ToString("X"); //because int32 will cut some digits. I sugget using int64. Even UInt64.
long hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x00, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x1c0, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x0, Handle);
如何读取带有模块基址的内存? 例如,我如何读取此内存:"winCap64.dll"+0x123456 + offsets.
我已经添加了一个示例代码,说明经过一些研究我可以生成什么,但我仍然无法阅读 C# 中的任何内容。然而,地址绝对没问题,因为当我将它们添加到 Cheat Engine 时,它们 return 我得到了正确的值。
编辑:添加了示例代码
[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Boolean bInheritHandle, UInt32 dwProcessId);
[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
byte[] lpBuffer, UIntPtr nSize, uint lpNumberOfBytesWritten);
static IntPtr Handle;
static void Main(string[] args)
{
Process[] Processes = Process.GetProcessesByName("process");
Process nProcess = Processes[0];
Handle = OpenProcess(0x10, false, (uint)nProcess.Id);
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x020C5150);
int curhp = ReadOffset(pointer, 0x4D8);
int curhp2 = ReadOffset((IntPtr)curhp, 0x0);
int curhp3 = ReadOffset((IntPtr)curhp2, 0x1c0);
Console.WriteLine(curhp3.ToString());
Console.ReadKey();
}
public static int ReadOffset(IntPtr pointer, uint offset)
{
byte[] bytes = new byte[24];
uint adress = (uint)ReadPointer(pointer) + offset;
ReadProcessMemory(Handle, (IntPtr)adress, bytes, (UIntPtr)sizeof(int), 0);
return BitConverter.ToInt32(bytes, 0);
}
public static int ReadPointer(IntPtr pointer)
{
byte[] bytes = new byte[24];
ReadProcessMemory(Handle, pointer, bytes, (UIntPtr)sizeof(int), 0);
return BitConverter.ToInt32(bytes, 0);
}
IntPtr 是存储指针并传递它的架构不可知的方式,比如 ReadProcessMemory:
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x02093458);
这样的怎么样?
IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, BaseAddress);
Console.WriteLine("Final: " + pointer.ToString("X"));
int hp = ReadInt32(pointer, Handle);
string hexPrefix = "80" + hp.ToString("X"); //because int32 will cut some digits. I sugget using int64. Even UInt64.
long hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x00, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x1c0, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x0, Handle);