ReadProcessMemory

Question

这将从我的程序中返回一个整数，用于计算游戏中的总体验量。它可以运行，而且很有效。

class Program
    {
        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
            [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

        static void Main(string[] args)
        {
            int add_base;
            int add_player_exp = 0x3C1200;

            Process p = Process.GetProcessesByName("Game")[0];

            if (p != null)
            {
                add_base = p.MainModule.BaseAddress.ToInt32();
                add_player_exp += add_base;

                string output;
                int exp;

                exp = ReadInt32(p.Handle, add_player_exp);

                output = String.Concat("Exp: ", exp.ToString());

                Console.WriteLine(output);
                Console.ReadKey();

            }
        }

        private static int ReadInt32(IntPtr handle, long address)
        {
            return BitConverter.ToInt32(ReadBytes(handle, address, 4), 0);
        }

        private static byte[] ReadBytes(IntPtr handle, long address, uint bytesToRead)
        {
            IntPtr ptrBytesRead;
            byte[] buffer = new byte[bytesToRead];

            ReadProcessMemory(handle, new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);

            return buffer;
        }
    }

从ReadProcessMemory中检索字符串的等效代码是什么？

Answer 1

要从内存中读取空终止字符串正则c字符串（char数组）：

public static string ReadNullTerminatedString(IntPtr handle, IntPtr addr, int maxlength)
{
    var bytearray = new byte[maxlength];

    IntPtr bytesread = IntPtr.Zero;

    ReadProcessMemory(handle, addr, bytearray, maxlength, out bytesread);

    int nullterm = 0;
    while (nullterm < bytesread.ToInt64() && bytearray[nullterm] != 0)
    {
        nullterm++;
    }

    string s = Encoding.ASCII.GetString(bytearray, 0, nullterm);

    return s;
}