C# ReadProcessMemory:如何读取64位内存地址？

Question

我开始阅读应用程序内存了。我使用CheatEngine获取内存地址，然后尝试返回它的值。但是，CheatEngine似乎返回64位内存地址，所以我的ReadProcessMemory函数一直告诉我，每当我输入地址时，它都不能将“long”转换为“int”。我找到的所有教程似乎都基于类似00AB5678的内存地址，但我得到的更像是D3569227FC。

所以我的问题是，如何在内存地址更大的情况下使用ReadProcessMemory？

下面是我的代码：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace ConsoleApplication1
{
    class Program
    {
        const int PROCESS_WM_READ = 0x0010;

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(int hProcess,
        int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

        static void Main(string[] args)
        {
            Process process = Process.GetProcessesByName("MyProgram")[0]; 
            IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id); 

            int bytesRead = 0;
            byte[] buffer = new byte[24]; //To read a 24 byte unicode string

            ReadProcessMemory((int)processHandle, 0xD5369227FC, buffer, buffer.Length, ref bytesRead);

            Console.WriteLine(Encoding.Unicode.GetString(buffer) + 
                  " (" + bytesRead.ToString() + "bytes)");
            Console.ReadLine();
        }
    }
}

编辑:通过进入VS2012-->项目-->ApplicationName Properties-->Build-->Platform Target-->更改为"x64"，我已经将我的C#应用程序转换为64位应用程序，现在我只需要知道如何更改我的代码来读取64位地址。

Answer 1

您可以将lpBaseAddress路径设置为Int64。尝试更换您的

[DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess,
    int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

至

[DllImport("kernel32.dll")] 
public static extern bool ReadProcessMemory(int hProcess,
    Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead); 

但最正确的实现是：

[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess,
    IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);