我试图创建一个监视GTAV中角色速度的应用程序,iv找到了带有作弊引擎的变量的地址:http://i.stack.imgur.com/klyYV.png
我做了一个打开游戏过程句柄的函数:
/*returns INVALID_HANDLE_VALUE on failure*/
HANDLE openProcessByName(const char* name, DWORD access){
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if(Process32First(snapshot, &process) == FALSE){//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while(Process32Next(snapshot, &process) == TRUE){//skips first but thats system anyway
if(_stricmp(process.szExeFile, name) == 0){//found it
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}
在main中我得到句柄并尝试读取内存位置,如下所示:
#include <tlhelp32.h>
#include <iostream>
HANDLE openProcessByName(const char* name, DWORD access);
int main(){
HANDLE processHandle = openProcessByName("GTA5.exe", PROCESS_VM_READ);
if (processHandle == INVALID_HANDLE_VALUE){
std::cout << "invalid handle value" << std::endl;
return 0;
}
float speed = 0.00;
if (ReadProcessMemory(processHandle, (LPCVOID)0x7FF65EEA3940, &speed, (DWORD)sizeof(speed), NULL) == 0){
std::cout << "failed to read value" << std::endl;
std::cout << GetLastError() << std::endl;//return 299
}else{
std::cout << speed << std::endl;
}
CloseHandle(processHandle);
return 0;
}
但它失败并且打印&#34;未能读取值&#34;。 我假设这与地址偏移有关,iv一直在查找,但我并没有真正得到人们在谈论的内容。顺便说一下,内存位置不是静态的,并且在重新启动游戏时会发生变化但我想在尝试找到动态获取它之前至少让它使用实际的内存地址。
那么如何根据作弊引擎中显示的地址找到与ReadProcessMemory函数一起使用的实际内存地址。
答案 0 :(得分:1)
这就是我最终做到的方式(代码已经过简化而未经过测试)。 地址需要由游戏过程主模块的基地址抵消。
void read() {
MODULEENTRY32 mainModule = {0};
HANDLE process = openProcessByName(PROCESS_NAME, PROCESS_VM_READ, &mainModule);
float rawSpeed = 0.00f;
ReadProcessMemory(process, (LPCVOID)(mainModule.modBaseAddr + MEMORY_ADDRESS), &rawSpeed, sizeof(rawSpeed), NULL);
}
//returns INVALID_HANDLE_VALUE on failure
HANDLE openProcessByName(const char* name, DWORD access, MODULEENTRY32* mainModule) {
PROCESSENTRY32 process;
process.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(snapshot, &process) == FALSE) {//failure
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;
}
while (Process32Next(snapshot, &process) == TRUE) {//skips first but thats system anyway
if (_stricmp(process.szExeFile, name) == 0) {//found it
HANDLE modSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, process.th32ProcessID);
mainModule->dwSize = sizeof(MODULEENTRY32);
Module32First(modSnapshot, mainModule);
HANDLE processHandle = OpenProcess(access, FALSE, process.th32ProcessID);
CloseHandle(modSnapshot);
CloseHandle(snapshot);
return processHandle;
}
}
CloseHandle(snapshot);
return INVALID_HANDLE_VALUE;//reached if the process is not found and its handle not returned above
}