将 ReadProcessMemory 与进程模块基地址和偏移量一起使用
Using ReadProcessMemory with process module base address and offsets
如何使用进程模块的基地址和偏移量读取内存?我用以下内容获取了所需模块的基地址:
Process process = Process.GetProcessesByName("process")[0];
ProcessModule bClient;
ProcessModuleCollection bModules = process.Modules;
IntPtr processHandle = OpenProcess(0x10, false, process.Id);
int firstOffset = 0xA4C58C;
int anotherOffset = 0xFC;
for (int i = 0; i < bModules.Count; i++)
{
bClient = bModules[i];
if (bClient.ModuleName == "module.dll")
{
IntPtr baseAddress = bClient.BaseAddress;
Console.WriteLine("Base address: " + baseAddress);
}
}
之后我将第一个偏移量添加到基地址:
IntPtr firstPointer = IntPtr.Add(baseAddress, (int)firstOffset);
这给了我一个指点;在这种情况下为 440911244。
我可以在 Cheat Engine 中使用这个指针,例如,浏览它的内存区域并找到 anotherPointer 指向的值,但我找不到将偏移量添加到的正确方法firstPointer,但是
我的问题是,我是否必须在将最后一个 anotherOffset 添加到指针之前使用 ReadProcessMemory?如果是这样,在这种情况下正确的使用方法是什么?
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
IntPtr lpBuffer,
int dwSize,
out IntPtr lpNumberOfBytesRead);
将 ReadProcessMemory lpBuffer 参数更改为:
byte[] lpBuffer,
然后
byte[] buffer = new byte[sizeof(float)];
IntPtr bytesRead = IntPtr.Zero;
IntPtr readAddress = IntPtr.Add(baseAddress, firstOffset);
readAddress = IntPtr.Add(readAddress, anotherOffset)
ReadProcessMemory(processHandle, readAddress, buffer, buffer.Length, out bytesRead);
float value = BitConverter.ToSingle(buffer, 0);
如何使用进程模块的基地址和偏移量读取内存?我用以下内容获取了所需模块的基地址:
Process process = Process.GetProcessesByName("process")[0];
ProcessModule bClient;
ProcessModuleCollection bModules = process.Modules;
IntPtr processHandle = OpenProcess(0x10, false, process.Id);
int firstOffset = 0xA4C58C;
int anotherOffset = 0xFC;
for (int i = 0; i < bModules.Count; i++)
{
bClient = bModules[i];
if (bClient.ModuleName == "module.dll")
{
IntPtr baseAddress = bClient.BaseAddress;
Console.WriteLine("Base address: " + baseAddress);
}
}
之后我将第一个偏移量添加到基地址:
IntPtr firstPointer = IntPtr.Add(baseAddress, (int)firstOffset);
这给了我一个指点;在这种情况下为 440911244。
我可以在 Cheat Engine 中使用这个指针,例如,浏览它的内存区域并找到 anotherPointer 指向的值,但我找不到将偏移量添加到的正确方法firstPointer,但是
我的问题是,我是否必须在将最后一个 anotherOffset 添加到指针之前使用 ReadProcessMemory?如果是这样,在这种情况下正确的使用方法是什么?
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
IntPtr lpBuffer,
int dwSize,
out IntPtr lpNumberOfBytesRead);
将 ReadProcessMemory lpBuffer 参数更改为:
byte[] lpBuffer,
然后
byte[] buffer = new byte[sizeof(float)];
IntPtr bytesRead = IntPtr.Zero;
IntPtr readAddress = IntPtr.Add(baseAddress, firstOffset);
readAddress = IntPtr.Add(readAddress, anotherOffset)
ReadProcessMemory(processHandle, readAddress, buffer, buffer.Length, out bytesRead);
float value = BitConverter.ToSingle(buffer, 0);