想想Cheat Engine或任何其他内存编辑软件。我想做他们做的事情。我想获取每个地址并读取值,以便我可以将其更改为我想要的地址。通过我的代码,我尝试逐个浏览每个地址。因为有这么多地址,这显然需要很长时间。然后我尝试使用线程来加速这个过程,但时间框架仍然很长。
在Cheat Engine等内存编辑软件中,他们几乎可以立即读取内存信息。选择进程后,与我正在尝试的内容相比,内存视图会以快速重复更新。如何比我尝试过的方式更快地扫描地址并读取它们的值?
**CODE**
功能使用
Task[] threadpool = new Task[5];
threadpool[0] = Task.Factory.StartNew(() => scanforaddresses(0x30000000, "0x32000000", 1));
threadpool[1] = Task.Factory.StartNew(() => scanforaddresses(0x32000000, "0x34000000", 2));
threadpool[2] = Task.Factory.StartNew(() => scanforaddresses(0x34000000, "0x36000000", 3));
threadpool[3] = Task.Factory.StartNew(() => scanforaddresses(0x36000000, "0x38000000", 4));
threadpool[4] = Task.Factory.StartNew(() => scanforaddresses(0x38000000, "0x40000000", 5));
Task.WaitAll(threadpool);
扫描地址
public void scanforaddresses(int start, string cap, int threadid)
{
Console.WriteLine("started " + threadid);
IntPtr currentAddress = new IntPtr(start);
while (true)
{
addressValue = GetMemoryAddress.HexToString(Class_Memory.ReadAddressAOB(HexStringToInt(currentAddress.ToString("X8")), 10));
filtervalue = GetMemoryAddress.HexToString(Class_Memory.ReadAddressAOB(HexStringToInt(currentAddress.ToString("X8")) + 4, 6));
if (AlphaNumeric(addressValue))
{
if (addressValue.Length == 10)
{
if (addressValue.Substring(4) == filtervalue)
{
memoryvalues.Add(new List<string>() { currentAddress.ToString("X8"), addressValue });
}
}
}
if (HexStringToInt(currentAddress.ToString("X8")) > HexStringToInt(cap))
{
break;
}
currentAddress = new IntPtr(currentAddress.ToInt32() + 1);
}
Console.WriteLine("End " + threadid);
}
答案 0 :(得分:0)
您可以通过pinvoke使用WinAPI方法
class NativeMethods
{
[DllImport("kernel32.dll",SetLastError = true)]
static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
int nSize,
out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
IntPtr lpBuffer,
int nSize,
out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out, MarshalAs(UnmanagedType.AsAny)] object lpBuffer,
int dwSize,
out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
IntPtr lpBuffer,
int dwSize,
out IntPtr lpNumberOfBytesRead);
}
使用样本:
var targetProcess = Process.GetProcessesByName("target.exe");
IntPtr targetProcAddress = GetAddres();
byte[] data = GetData();
int bytesWriten;
int retVal = NativeMethods.WriteProcessMemory(targetProcess.Handle, targetProcAddress , data, data.Length, out bytesWriten);
使用ReadProcessMemory是类似的。