如何使用静态地址和偏移量在C#中找到新的内存地址。
base:0x1023469C
抵消:1E8
我尝试将偏移量添加到using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace WindowsFormsApplication4
{
public partial class Form1 : Form
{
//variabeln JC2
//Pointer
const int Offset = 0x1E8; // offset
const int Base = 0x1023469C; // base
const string Game = "The Game you don't know"; //Name
//permission to read process memory
const int PROCESS_WM_READ = 0x0010; //needed for reading memory
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
public Form1()
{
InitializeComponent();
}
private void BTcheck_Click(object sender, EventArgs e)
{
if (Process.GetProcessesByName(Game).Length > 0)
{
Process process = Process.GetProcessesByName(Game)[0];
IntPtr procHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
IntPtr baseAddress = new IntPtr(Base); //whatever address you wish
int offset = Offset; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)]; //select a proper buffer size
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
LBcurrent.Text = Convert.ToString(value); //display the value
}
}
else
{ LBcurrent.Text = "Error!"; }
}
}
}
函数内部的基础,但这根本不起作用:(
我正在尝试从这个地址读取内存,因为我正在编写一个小工具,如果我的健康状况因为2而变得很低。
感谢您的帮助:D
这是我到目前为止所得到的:
javassist答案 0 :(得分:2)
这里是你如何做到的(测试过):
对于功能导入:
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead);
使用它:
IntPtr procHandle = Process.GetCurrentProcess().Handle;
IntPtr baseAddress = new IntPtr(0x027EF131); //whatever address you wish
int offset = 0x100; //whatever offset you wish
baseAddress += offset;
byte[] buffer = new byte[sizeof(int)];
int read = -1;
ReadProcessMemory(procHandle, baseAddress, buffer, buffer.Length, out read);
if (read == buffer.Length)
{
int value = BitConverter.ToInt32(buffer, 0);
//do something with it
}
编辑:
我假设你试图从当前进程内存中读取,因此procHandle = Process.GetCurrentProcess().Handle;部分。随意将该句柄更改为您需要的任何进程句柄并具有权限。
编辑: 我已经编辑了读取32位整数值的答案。对于64位,使用sizeof(long)作为缓冲区大小和BitConverter.ToInt64。