可能是个愚蠢的问题,但我正在尝试为赛车游戏 TDU2 编写 hack,我可以在其中输入,我想在控制台中拥有多少辆汽车,代码使用静态指针和偏移量,我有一个问题.在 Cheat Engine 中,当我添加带有所有偏移量的模块基地址时,我得到了汽车的正确值(见屏幕截图)。在 visual studio 中,我已经实现了获取基址并添加所有偏移量的代码,但我根本没有得到正确的值。当我在谷歌计算器中添加带有偏移量的地址时,它与 Visual Studio 匹配并且没有 Cheat Engine。 Cheat Engine 如何添加数字,我可以更改或应该做什么?
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <vector>
uintptr_t GetModuleBaseAddress(DWORD procID, const wchar_t* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32,
procID);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_wcsicmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
}
CloseHandle(hSnap);
return modBaseAddr;
}
uintptr_t FindDMAADY(HANDLE handle, uintptr_t ptr, std::vector<unsigned int> offsets)
{
uintptr_t addr = ptr;
for (unsigned int i = 0; i < offsets.size(); ++i)
{
ReadProcessMemory(handle, (BYTE*)addr, &addr, sizeof(addr), NULL);
addr += offsets[i];
}
return addr;
}
int main()
{
int newValue;
HWND hwnd = FindWindowA(NULL, "Test Drive Unlimited 2");
if (hwnd == NULL)
{
std::cout << "Couldn't find the window" << std::endl;
}
else
{
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (procID == NULL)
{
std::cout << "Couldn't find the process" << std::endl;
Sleep(1500);
exit(-1);
}
else
{
uintptr_t modulebase = GetModuleBaseAddress(procID, L"TestDrive2.exe");
uintptr_t dynamicptrbaseaddr = modulebase + 0x00F488D4;
std::vector <unsigned int> offsets = { 0x74, 0x4C, 0xC8, 0xCC, 0xC8, 0xCC, 0x38
};
uintptr_t caraddr = FindDMAADY(handle, dynamicptrbaseaddr, offsets);
std::cout << "Enter the value" << std::endl;
std::cin >> newValue;
std::cout << "Window and Process found. Changing the value..." << std::endl;
WriteProcessMemory(handle, (LPVOID)caraddr, &newValue, sizeof(newValue), 0);
}
}
问题出在代码上:
ReadProcessMemory(handle, (BYTE*)addr, &addr, sizeof(addr), NULL);
第三个参数应该是应用程序中写入数据的地址,第四个参数应该指定缓冲区的大小。您在您的应用程序中使用与被调查应用程序相同的偏移量,这是“在不知名的地方”。