计算内存地址c#
Calculate memory address c#
如何使用我的静态地址和偏移量在 C# 中找到新的内存地址。
base: 0x1023469C
offset: 1E8
我尝试将偏移量添加到 readprocessmemory 函数内部的基数,但这根本不起作用:(
我正在尝试从这个地址读取内存,因为我正在编写一个小工具,如果我在 justcause 2 中的健康状况变差,它会播放声音。
提前感谢您的帮助 :D
这是我目前得到的:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace WindowsFormsApplication4
{
public partial class Form1 : Form
{
//variabeln JC2
//Pointer
const int Offset = 0x1E8; // offset
const int Base = 0x1023469C; // base
const string Game = "The Game you don't know"; //Name
//permission to read process memory
const int PROCESS_WM_READ = 0x0010; //needed for reading memory
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
public Form1()
{
InitializeComponent();
}
private void BTcheck_Click(object sender, EventArgs e)
{
if (Process.GetProcessesByName(Game).Length > 0)
{
Process process = Process.GetProcessesByName(Game)[0];
IntPtr procHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
IntPtr baseAddress = new IntPtr(Base); //whatever address you wish
int offset = Offset; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)]; //select a proper buffer size
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
LBcurrent.Text = Convert.ToString(value); //display the value
}
}
else
{ LBcurrent.Text = "Error!"; }
}
}
}
操作方法如下(已测试):
对于函数导入:
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
使用方法:
IntPtr procHandle = Process.GetCurrentProcess().Handle;
IntPtr baseAddress = new IntPtr(0x027EF131); //whatever address you wish
int offset = 0x100; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)];
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
}
编辑:
我假设您正在尝试从当前进程内存中读取,因此是 procHandle = Process.GetCurrentProcess().Handle; 部分。随意将该句柄更改为您需要并有权访问的任何进程句柄。
编辑:
我已经编辑了读取 32 位整数值的答案。对于 64 位,使用 sizeof(long) 作为缓冲区大小和 BitConverter.ToInt64.
如何使用我的静态地址和偏移量在 C# 中找到新的内存地址。
base: 0x1023469C
offset: 1E8
我尝试将偏移量添加到 readprocessmemory 函数内部的基数,但这根本不起作用:(
我正在尝试从这个地址读取内存,因为我正在编写一个小工具,如果我在 justcause 2 中的健康状况变差,它会播放声音。
提前感谢您的帮助 :D
这是我目前得到的:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace WindowsFormsApplication4
{
public partial class Form1 : Form
{
//variabeln JC2
//Pointer
const int Offset = 0x1E8; // offset
const int Base = 0x1023469C; // base
const string Game = "The Game you don't know"; //Name
//permission to read process memory
const int PROCESS_WM_READ = 0x0010; //needed for reading memory
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
public Form1()
{
InitializeComponent();
}
private void BTcheck_Click(object sender, EventArgs e)
{
if (Process.GetProcessesByName(Game).Length > 0)
{
Process process = Process.GetProcessesByName(Game)[0];
IntPtr procHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
IntPtr baseAddress = new IntPtr(Base); //whatever address you wish
int offset = Offset; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)]; //select a proper buffer size
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
LBcurrent.Text = Convert.ToString(value); //display the value
}
}
else
{ LBcurrent.Text = "Error!"; }
}
}
}
操作方法如下(已测试):
对于函数导入:
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
使用方法:
IntPtr procHandle = Process.GetCurrentProcess().Handle;
IntPtr baseAddress = new IntPtr(0x027EF131); //whatever address you wish
int offset = 0x100; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)];
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
}
编辑:
我假设您正在尝试从当前进程内存中读取,因此是 procHandle = Process.GetCurrentProcess().Handle; 部分。随意将该句柄更改为您需要并有权访问的任何进程句柄。
编辑: 我已经编辑了读取 32 位整数值的答案。对于 64 位,使用 sizeof(long) 作为缓冲区大小和 BitConverter.ToInt64.