如何使用ReadProcessMemory

Question

所以我一直試圖用ReadProcessMemory讀取變量，並發現在作弊引擎中的地址工作完美，但一旦我編程，我遇到了一些問題。 我搜索了作弊引擎中的彈藥和健康地址，健康狀況是一級指針，彈藥是三級指針。 我想讀的健康，但每次我讀它，則返回0。

namespace AssaultCubeTrainer 

{ 

public partial class MainWindow : Window 
{ 

    [DllImport("kernel32.dll", SetLastError = true)] 
    public static extern bool ReadProcessMemory(IntPtr pHandle, IntPtr Address, byte[] Buffer, int Size, IntPtr NumberofBytesRead); 

    public static Process myProc; 

    public static Player p1; 

    public MainWindow() 
    { 
     InitializeComponent(); 

     p1 = new Player(); 

     MessageBox.Show("Please press the attach button as soon as the game has started", " Information",MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK); 



    } 

    private void AttachProcButton_Click(object sender, RoutedEventArgs e) 
    { 

     try 
     { 
      myProc = Process.GetProcessesByName("ac_client")[0]; 


      if (myProc.Handle != null) 
      { 
       MessageBox.Show("Process successfully attached", "Success", MessageBoxButton.OK, MessageBoxImage.Information, MessageBoxResult.OK); 
      } 
     } 

     catch 
     { 
      MessageBox.Show("The process was not found","Error", MessageBoxButton.OK, MessageBoxImage.Error, MessageBoxResult.OK); 
     } 

    } 

    private void ButtonTest_Click(object sender, RoutedEventArgs e) 
    { 

      lbHealthInfo.Content = p1.GetHealthInfo(); 

    } 
} 

}

namespace AssaultCubeTrainer 
{ 
    public class Player 
{ 

    private byte[] buffer; 

    public bool ReadSuccess; 

    public int HealthAddress; 
    public int HealthOffset; 

    public int AmmoAddress; 
    public int AmmoOffset; 

    public int Health; 
    public int Ammo; 

    public IntPtr bytesRead; 

    public Player() 
    { 
     HealthAddress = 0x00509B74; 
     HealthOffset = 0xF8; 

     AmmoAddress = 0x00509B74; 
     AmmoOffset = 0x374; 

     Health = HealthAddress + HealthOffset; 
     Ammo = AmmoAddress + AmmoOffset; 

    } 


//Here I have the problem when reading variable 
public int GetHealthInfo() 
     { 
      **buffer = new byte[4]; 
      ReadSuccess = MainWindow.ReadProcessMemory(MainWindow.myProc.Handle, (IntPtr)Health, buffer, buffer.Length, bytesRead); 
      return BitConverter.ToInt32(buffer, 0);** 


    } 
} 

}

繼承人的鏈接地址中作弊引擎 不可能上傳到這裏：P

http://prntscr.com/gp1ko0

http://prntscr.com/gp1ksu

如何在我的代碼中正確使用作弊引擎的指針和偏移量，以及如何在代碼中實現多級指針？ 請原諒我那低劣的英語。

Answer 1

ReadProcessMemory(MainWindow.myProc.Handle, ...)

hProcess [IN]
手柄與存儲器中的處理正在被讀出。該句柄必須具有進程的PROCESS_VM_READ訪問權限。

爲了得到這個句柄，你需要使用OpenProcess：

[DllImport("kernel32", SetLastError = true)] 
public static extern IntPtr OpenProcess(
      int dwDesiredAccess, 
      IntPtr bInheritHandle, 
      IntPtr dwProcessId 
      ); 
public const int PROCESS_VM_READ = 0x10; 

var handle = OpenProcess(PROCESS_VM_READ, IntPtr.Zero, new IntPtr(MainWindow.myProc.Id)); // note: use the id 
ReadProcessMemory(handle, ...); 

編輯：另外，請確保您的應用程序可以運行在更高的權限，這意味着你應該開始VStudio或Run as Admin您的應用程序。

EDIT2：您應該使用ref爲lpBuffer，以避免步入unsafe領土：

[DllImport("kernel32", SetLastError = true)] 
    public static extern int ReadProcessMemory(
     IntPtr hProcess, 
     int lpBase, 
     ref int lpBuffer, 
     int nSize, 
     int lpNumberOfBytesRead 
     ); 

至於多層次的指針，你讀基地址的值，並添加偏移和再讀一遍再次。

ReadProcessMemory(handle, BaseAddress, ref value, sizeof(int), 0); 
ReadProcessMemory(handle, value + 0x508, ref value, sizeof(int), 0); 
ReadProcessMemory(handle, value + 0xF8, ref value, sizeof(int), 0); 

或者，你可以用我的Pointer類Xy.DataAnalysis。用法例子可以在Xy.PerfectWorld.Models發現： https://github.com/Xiaoy312/Xy.PerfectWorld/tree/master/Xy.DataAnalysis