我使用以下函数从x64二进制进程获取BaseAddress:
public static long GetBaseAddress(string ProcessName, string ModuleName)
{
try
{
Process[] processes = Process.GetProcessesByName(ProcessName);
ProcessModuleCollection modules = processes[0].Modules;
ProcessModule DLLBaseAddress = null;
foreach (ProcessModule i in modules)
{
if (i.ModuleName == ModuleName)
{
DLLBaseAddress = i;
}
}
return DLLBaseAddress.BaseAddress.ToInt64();
}
catch
{
return 0;
}
}
收到BaseAddress后,我正在尝试使用以下函数获取PointerAdress:
public static int GetPointerAddress(int Pointer, int[] Offset)
{
byte[] Buffer = new byte[4];
ReadProcessMemory(GetProcessHandle(), Pointer, Buffer, Buffer.Length);
for (int x = 0; x < (Offset.Length - 1); x++)
{
Pointer = BitConverter.ToInt32(Buffer, 0) + Offset[x];
ReadProcessMemory(GetProcessHandle(), Pointer, Buffer, Buffer.Length);
}
Pointer = BitConverter.ToInt32(Buffer, 0) + Offset[Offset.Length - 1];
return Pointer;
}
仍然设置为x32二进制方式,我怎样才能重做此函数以将其与x64二进制进程一起使用?
我一直在尝试以下方法:
public static long GetPointerAddress(long Pointer, int[] Offset)
{
byte[] Buffer = new byte[8];
ReadProcessMemory(GetProcessHandle(), Pointer, Buffer, Buffer.Length);
for (int x = 0; x < (Offset.Length - 1); x++)
{
Pointer = BitConverter.ToInt64(Buffer, 0) + Offset[x];
ReadProcessMemory(GetProcessHandle(), Pointer, Buffer, Buffer.Length);
}
Pointer = BitConverter.ToInt64(Buffer, 0) + Offset[Offset.Length - 1];
return Pointer;
}
这有意义吗?
答案 0 :(得分:0)
32位二进制进程无法像64位二进制进程那样反映出来。如果希望ReadProcessMemory()起作用,则必须将自己的代码编写为64位。