如何使用ReadProcessMemory

Question

因此，我一直试图用ReadProcessMemory读取变量，并发现作弊引擎中的附件工作得很好，但一开始编程，我就遇到了一些问题。我在欺骗引擎中搜索弹药和健康地址，健康是一个一级指针，弹药是一个三级指针。我试着阅读它，但是每次我读它时，它都返回0。

namespace AssaultCubeTrainer

{

public partial class MainWindow : Window
{

    [DllImport("kernel32.dll", SetLastError = true)]
    public static extern bool ReadProcessMemory(IntPtr pHandle, IntPtr Address, byte[] Buffer, int Size, IntPtr NumberofBytesRead);

    public static Process myProc;

    public static Player p1;

    public MainWindow()
    {
        InitializeComponent();

        p1  = new Player();

        MessageBox.Show("Please press the attach button as soon as the game has started", " Information",MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK);



    }

    private void AttachProcButton_Click(object sender, RoutedEventArgs e)
    {

        try
        {
            myProc = Process.GetProcessesByName("ac_client")[0];


            if (myProc.Handle != null)
            {
                MessageBox.Show("Process successfully attached", "Success", MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK);
            }
        }

        catch
        {
            MessageBox.Show("The process was not found","Error", MessageBoxButton.OK, MessageBoxImage.Error, MessageBoxResult.OK);
        }

    }

    private void ButtonTest_Click(object sender, RoutedEventArgs e)
    {

            lbHealthInfo.Content = p1.GetHealthInfo();

    }
}

}

namespace AssaultCubeTrainer
{
    public class Player
{

    private byte[] buffer;

    public bool ReadSuccess;

    public int HealthAddress;
    public int HealthOffset;

    public int AmmoAddress;
    public int AmmoOffset;

    public int Health;
    public int Ammo;

    public IntPtr bytesRead;

    public Player()
    {
        HealthAddress = 0x00509B74;
        HealthOffset = 0xF8;

        AmmoAddress = 0x00509B74;
        AmmoOffset = 0x374;

        Health = HealthAddress + HealthOffset;
        Ammo = AmmoAddress + AmmoOffset;

    }


//Here I have the problem when reading variable
public int GetHealthInfo()
        {
            **buffer = new byte[4];
            ReadSuccess = MainWindow.ReadProcessMemory(MainWindow.myProc.Handle, (IntPtr)Health, buffer, buffer.Length, bytesRead);
            return BitConverter.ToInt32(buffer, 0);**


    }
}

}

下面是到欺骗引擎中的地址的链接，不能在这里上传:P

http://prntscr.com/gp1ko0

http://prntscr.com/gp1ksu

如何在代码中正确地使用来自欺骗引擎的指针和偏移量，以及如何在代码中实现多级指针？请原谅我糟糕的英语。

Answer 1

ReadProcessMemory(MainWindow.myProc.Handle, ...)

hProcess in 具有正在读取的内存的进程的句柄。句柄必须具有对进程的PROCESS_VM_READ访问权限。

要获得这个句柄，您需要使用OpenProcess

[DllImport("kernel32", SetLastError = true)]
public static extern IntPtr OpenProcess(
            int dwDesiredAccess,
            IntPtr bInheritHandle,
            IntPtr dwProcessId
            );
public const int PROCESS_VM_READ = 0x10;

var handle = OpenProcess(PROCESS_VM_READ, IntPtr.Zero, new IntPtr(MainWindow.myProc.Id)); // note: use the id
ReadProcessMemory(handle, ...);

编辑:还确保您的应用程序以提升的权限运行，这意味着您应该使用Run as Admin启动VStudio或应用程序。

EDIT2:您应该为lpBuffer使用ref，以避免进入unsafe区域：

    [DllImport("kernel32", SetLastError = true)]
    public static extern int ReadProcessMemory(
        IntPtr hProcess,
        int lpBase,
        ref int lpBuffer,
        int nSize,
        int lpNumberOfBytesRead
        );

对于多层指针，您读取基地址的值，并添加偏移量和读取一次又一次。

ReadProcessMemory(handle, BaseAddress, ref value, sizeof(int), 0);
ReadProcessMemory(handle, value + 0x508, ref value, sizeof(int), 0);
ReadProcessMemory(handle, value + 0xF8, ref value, sizeof(int), 0);

或者，您可以在Pointer中使用我的Xy.DataAnalysis类。用法示例可在Xy.PerfectWorld.Models：https://github.com/Xiaoy312/Xy.PerfectWorld/tree/master/Xy.DataAnalysis中找到