Question

所以我一直试图用ReadProcessMemory读取变量，并且发现作弊引擎中的地址工作得很好，但是一旦我编程，我遇到了一些问题。我在作弊引擎中搜索了弹药和健康地址，健康状况是一个水平指针，弹药是一个三级指针。我试着阅读健康状况，但每次读到它都会返回0。

namespace AssaultCubeTrainer

{

public partial class MainWindow : Window
{

    [DllImport("kernel32.dll", SetLastError = true)]
    public static extern bool ReadProcessMemory(IntPtr pHandle, IntPtr Address, byte[] Buffer, int Size, IntPtr NumberofBytesRead);

    public static Process myProc;

    public static Player p1;

    public MainWindow()
    {
        InitializeComponent();

        p1  = new Player();

        MessageBox.Show("Please press the attach button as soon as the game has started", " Information",MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK);



    }

    private void AttachProcButton_Click(object sender, RoutedEventArgs e)
    {

        try
        {
            myProc = Process.GetProcessesByName("ac_client")[0];


            if (myProc.Handle != null)
            {
                MessageBox.Show("Process successfully attached", "Success", MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK);
            }
        }

        catch
        {
            MessageBox.Show("The process was not found","Error", MessageBoxButton.OK, MessageBoxImage.Error, MessageBoxResult.OK);
        }

    }

    private void ButtonTest_Click(object sender, RoutedEventArgs e)
    {

            lbHealthInfo.Content = p1.GetHealthInfo();

    }
}

}

namespace AssaultCubeTrainer
{
    public class Player
{

    private byte[] buffer;

    public bool ReadSuccess;

    public int HealthAddress;
    public int HealthOffset;

    public int AmmoAddress;
    public int AmmoOffset;

    public int Health;
    public int Ammo;

    public IntPtr bytesRead;

    public Player()
    {
        HealthAddress = 0x00509B74;
        HealthOffset = 0xF8;

        AmmoAddress = 0x00509B74;
        AmmoOffset = 0x374;

        Health = HealthAddress + HealthOffset;
        Ammo = AmmoAddress + AmmoOffset;

    }


//Here I have the problem when reading variable
public int GetHealthInfo()
        {
            **buffer = new byte[4];
            ReadSuccess = MainWindow.ReadProcessMemory(MainWindow.myProc.Handle, (IntPtr)Health, buffer, buffer.Length, bytesRead);
            return BitConverter.ToInt32(buffer, 0);**


    }
}

}

这是骗子引擎中地址的链接无法在这里上传：P

http://prntscr.com/gp1ko0

http://prntscr.com/gp1ksu

如何在我的代码中正确使用作弊引擎中的指针和偏移量，如何在代码中实现多级指针？请原谅我糟糕的英语。

Answer 1

ReadProcessMemory(MainWindow.myProc.Handle, ...)

hProcess [in]
正在读取内存的进程句柄。句柄必须具有PROCESS_VM_READ访问权限。

要获得此句柄，您需要使用OpenProcess：

[DllImport("kernel32", SetLastError = true)]
public static extern IntPtr OpenProcess(
            int dwDesiredAccess,
            IntPtr bInheritHandle,
            IntPtr dwProcessId
            );
public const int PROCESS_VM_READ = 0x10;

var handle = OpenProcess(PROCESS_VM_READ, IntPtr.Zero, new IntPtr(MainWindow.myProc.Id)); // note: use the id
ReadProcessMemory(handle, ...);

编辑：还要确保您的应用程序以提升的权限运行，这意味着您应该使用Run as Admin启动VStudio或您的应用程序。

EDIT2：您应该ref使用lpBuffer来避免进入unsafe领域：

    [DllImport("kernel32", SetLastError = true)]
    public static extern int ReadProcessMemory(
        IntPtr hProcess,
        int lpBase,
        ref int lpBuffer,
        int nSize,
        int lpNumberOfBytesRead
        );

对于多级指针，您读取基址的值，并添加偏移量并反复读取。

ReadProcessMemory(handle, BaseAddress, ref value, sizeof(int), 0);
ReadProcessMemory(handle, value + 0x508, ref value, sizeof(int), 0);
ReadProcessMemory(handle, value + 0xF8, ref value, sizeof(int), 0);

或者，您可以在Pointer中使用我的Xy.DataAnalysis课程。用法示例可以在Xy.PerfectWorld.Models中找到： https://github.com/Xiaoy312/Xy.PerfectWorld/tree/master/Xy.DataAnalysis

如何使用ReadProcessMemory

1 个答案: