c＃readprocessmemory with Cheat Engine

Question

我正在尝试从使用作弊引擎找到的地址获取字符串值。我找到了例如0x01742A38，这是我的程序的主要部分（常规的Windows窗体应用程序）：

            Process[] processes = Process.GetProcessesByName("Tibia");

            foreach (Process p in processes)
            {
                IntPtr windowHandle = p.MainWindowHandle;
                byte[] bufor = new byte[50];
                uint baseAddress = (uint)p.MainModule.BaseAddress.ToInt32();
                IntPtr addr = ((IntPtr)(baseAddress + 0x01742A38));
                uint o = 0;
                UInt32 k = 30;
                if (ReadProcessMemory(windowHandle, addr, bufor, k, ref o))
                {
                    label3.Text = "Success!";
                }
                else
                {
                    label3.Text = "Fail : (";
                }
            }

Answer 1

假设您的静态地址正确无误，则必须使用至少正确OpenProcess function的PROCESS_VM_READ (0x0010)打开目标流程。

我还建议您为函数 ReadProcessMemory 使用更合适的pinvoke签名：

[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);