我正在尝试从具有多个指针/偏移量的进程内存中读取一些值在我的控制台.Net App上,但是我得到了错误的后3个值,我不知道自己在做错什么,我一直在检查代码并尝试使用数小时的其他方式,但结果仍然相同。
我正在从64位进程中读取这些值
同时是我的应用和作弊引擎的预览(作弊引擎包含正确的值)。
这是我的阅读这些指针的代码:
Memory.OpenProcess(Data.Core.ProcessID);
Data.Core.GameBase = (uint)Memory.BaseAddress("Game.dll");
uint Num0 = Memory.ReadInt((int)Data.Core.GameBase +
(int)Data.Core.Offsets.Animation);
uint Num1 = Memory.ReadInt((int)Num0 + (int)Data.Core.Offsets.P1);
uint Num2 = Memory.ReadInt((int)Num1 + (int)Data.Core.Offsets.P2);
uint Num3 = Memory.ReadInt((int)Num2 + (int)Data.Core.Offsets.P3);
uint Num4 = Memory.ReadInt((int)Num3 + (int)Data.Core.Offsets.P4);
uint Num5 = Memory.ReadInt((int)Num4 + (int)Data.Core.Offsets.P5);
ReadInt函数:
public uint ReadInt(int iMemoryAddress)
{
byte[] bBuffer = new byte[4];
IntPtr lpNumberOfBytesRead;
if (Mapi.ReadProcessMemory(this._hReadProcess, (IntPtr) iMemoryAddress,
bBuffer, 4U, out lpNumberOfBytesRead) == 0)
return 0;
return BitConverter.ToUInt32(bBuffer, 0);
}
也:
public uint ReadInt(int Address)
{
OpenProcessMemory();
int BytesRead = 0;
byte[] Data = new byte[4];
ReadProcessMemory((int)PHandle, Address, Data, 4, ref BytesRead);
CloseProcessMemory();
return BitConverter.ToUInt32(Data, 0);
}
偏移枚举:
public enum Offsets : uint
{
Animation = 0x1494198,
P1 = 0x68,
P2 = 0x70,
P3 = 0x28,
P4 = 0x378,
P5 = 0x522,
}
win api:
[DllImport("kernel32.dll")]
public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr
lpBaseAddress, [In, Out] byte[] bBuffer, uint size, out IntPtr
lpNumberOfBytesRead);
我已经尝试使用IntPtr / uint / int / Int32为每个Pointer + Offset添加指针和偏移量,但最后仍然是相同的怪异值。我想我显然不能做的更多。.
如果目标进程是x64,则还需要针对x64进行编译,并且应将IntPtr用于所有指针,偏移量和地址,以确保它们是正确的长度以接受64位地址。
对于行走指针链,您应该使用此函数,该函数取消引用每个指针,然后为您添加偏移量。
public static IntPtr FindDMAAddy(IntPtr hProc, IntPtr ptr, int[] offsets)
{
var buffer = new byte[IntPtr.Size];
foreach (int i in offsets)
{
ReadProcessMemory(hProc, ptr, buffer, buffer.Length, out var read);
ptr = (IntPtr.Size == 4)
? IntPtr.Add(new IntPtr(BitConverter.ToInt32(buffer, 0)), i)
: ptr = IntPtr.Add(new IntPtr(BitConverter.ToInt64(buffer, 0)), i);
}
return ptr;
}
var ammoAddr = FindDMAAddy(hProc, (IntPtr)(modBase + 0x10f4f4), new int[] { 0x374, 0x14, 0 });