1. 首頁
  2. 問答
  3. 操作程序內存。 (Memory Hack)

操作程序內存。 (Memory Hack)

2012-04-21 41 views
0

嗯,我最近在C#中創建了一個改變程序內存的程序,它可以工作,但是每次關閉程序並重新打開程序時,我都必須重新找到內存值,有沒有辦法阻止程序的內存在我關閉後改變?操作程序內存。 (Memory Hack)

public partial class Form1 : Form 
{ 

    public Form1() 
    { 
     InitializeComponent(); 
    } 

    [DllImport("kernel32.dll")] 
    static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId); 

    [DllImport("kernel32.dll", SetLastError = true)] 
    static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); 

    [DllImport("kernel32.dll")] 
    public static extern Int32 CloseHandle(IntPtr hProcess); 

    [Flags] 
    public enum ProcessAccessFlags : uint 
    { 
     All = 0x001F0FFF, 
     Terminate = 0x00000001, 
     CreateThread = 0x00000002, 
     VMOperation = 0x00000008, 
     VMRead = 0x00000010, 
     VMWrite = 0x00000020, 
     DupHandle = 0x00000040, 
     SetInformation = 0x00000200, 
     QueryInformation = 0x00000400, 
     Synchronize = 0x00100000 
    } 

    public static void WriteMem(Process p, int address, long v) 
    { 
     var hProc = OpenProcess(ProcessAccessFlags.All, false, (int)p.Id); 
     var val = new byte[] { (byte)v }; 

     int wtf = 0; 
     WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32)val.LongLength, out wtf); 

     CloseHandle(hProc); 
    } 

    private void notify(string not) 
    { 
     if (textBox1.Text != "") 
     { 
      textBox1.Text += Environment.NewLine; 
     } 

     textBox1.Text += not; 
    } 

    private void button1_Click(object sender, EventArgs e) 
    { 
     var p = Process.GetProcessesByName("SAFlashPlayer").FirstOrDefault(); 
     WriteMem(p, 0x07A6A0C1, 1000); 
     notify("A lot of Ability Points added."); 
    } 
    private void button2_Click(object sender, EventArgs e) 
    { 
     var p = Process.GetProcessesByName("SAFlashPlayer").FirstOrDefault(); 
     //WriteMem(p, 0x008373CC, 0); 
     notify("Power set to 0."); 
    } 

    private void Checker_Tick(object sender, EventArgs e) 
    { 
     Process[] pname = Process.GetProcessesByName("SAFlashPlayer"); 

     if (pname.Length == 0) 
     { 
      button1.Enabled = false; 
      button2.Enabled = false; 
      status.ForeColor = System.Drawing.Color.Red; 
      status.Text = "Flash Player not running!"; 
     } 
     else 
     { 
      button1.Enabled = true; 
      button2.Enabled = true; 
      status.ForeColor = System.Drawing.Color.Green; 
      status.Text = "Flash Player running!"; 
     } 
    } 
}

來源

2012-04-21 Tim

回答

1

是的,作弊是很難付費的黃金農民比較容易。由於內存佈局有很大的機會發生變化,尤其是在Win7上,您很可能需要在每次程序重新啓動後掃描其他進程以查找要更新的值/模式。

在舊時光的人只會更新可執行文件本身......在印刷雜誌上讀了一些文章之後...

Nowdays所有JIT,ASLR,壓縮/編碼executatbles和腳本,甚至遠程加載的模塊/ SWF更難。因此,指責互聯網在作弊時需要花費更多的精力。

來源

2012-04-21 06:36:57

3

無法估計或決定該程序將被加載運行時。操作系統決定,但我認爲你可以在運行時動態地查找進程的內存位置,而無需對應用程序進行硬編碼。

你試過ReadProcessMemory WinAPI call

來源

2012-04-21 06:17:01

相關問題

 相關問題