访问另一个程序的值
[英]Accesing values of another program
问题描述
So, I've been wondering that how I access values of different program with my c++ code. 
因此,我一直想知道如何使用C ++代码访问不同程序的值。
I understand that I have to know the memory location and access it somehow but I don't really know how. 我知道我必须知道内存位置并以某种方式访问它,但我真的不知道如何。
Let's say that I have a game where I have a character that has a certain amount of health and I want to read that health with my c++ code (similar to how you can read different values with the cheat engine program). 假设我有一个游戏,其中的角色具有一定的生命值,并且我想用我的C ++代码读取该生命值(类似于您如何使用作弊引擎程序读取不同的值)。
How would I accomplish this? 我将如何完成?
For clarity: Operating system is windows 为了清楚起见:操作系统是Windows
3 个解决方案
解决方案1
7 已采纳
You can use the ReadProcessMemory / VirtualQuery (safer than ReadProcessMemory) and WriteProcessMemory functions. 您可以使用ReadProcessMemory / VirtualQuery (比ReadProcessMemory安全)和WriteProcessMemory函数。
If you are clever you can inject a DLL, then you can use pointers in your code 如果您很聪明,则可以注入DLL,然后可以在代码中使用指针
int * money = 0x00400000+0x00ABCDEF;//pointer to money address
*money = 5000;//set money to 5000.
if you need DLL examples, here are some: 如果您需要DLL示例,请参考以下示例:
Red Alert 3 Player Information Mod 红色警报3玩家信息模组
Need for Speed: Underground 2 cheat mod 极品飞车:地下2作弊Mod
Sometimes pointers can change what they point to, this can be "dangerous" in terms of the application. 有时,指针可以更改其指向的内容,这对于应用程序而言可能是“危险的”。
When you access a pointer which points to a protected memory area, inaccessible memory, not to the stuff you want or an invalid location your application may crash. 当您访问指向受保护的内存区域,无法访问的内存,而不是您想要的内容或无效位置的指针时,应用程序可能崩溃。 I don't know how Cheat Engine prevents it but you have a few options, the ones I suggest: 我不知道作弊引擎如何阻止它,但是您有几种选择,我建议:
- Exit application gracefully and let the user know you couldn't handle it 正常退出应用程序,并让用户知道您无法处理它
- Handle the problem with a try / catch block instead? 用try / catch块处理问题? (be sure to capture the correct error) (确保捕获正确的错误)
- Hard exit the application 硬退出应用程序
- Do nothing and let the application behave weird / crash 什么也不做,让应用程序表现异常/崩溃
- ... more and more ... 越来越多
I also wrote pointer class myself which handles the dereferencing and stops when an error is encountered (returns null) 我还自己编写了指针类,该类处理解引用并在遇到错误时停止(返回null)
//null as last parameter automaticly "Dereferences"
template<class T = DWORD, class S = DWORD> struct Pointer
{
private:
std::vector<S> params;
S variable;
bool MoreThanOne;
public:
//null as last parameter automaticly "Dereferences"
template<class... Args>
Pointer(Args... args)
{
std::array<S, sizeof...(args)> list = {args...};
for( auto i : list)
params.push_back(i);
if(params.size() > 1)
MoreThanOne = true;
else
MoreThanOne = false;
}
T ResolvePointer()
{
variable = params[0];
if(!MoreThanOne)
return (T)variable;
try
{
auto it = params.begin();
++it;
for(; it != params.end(); ++it)
{
if(*reinterpret_cast<S*>(variable) == NULL)
return static_cast<T>(NULL);
variable = *reinterpret_cast<S*>(variable) + *it;
}
}
catch(...)
{
return static_cast<T>(NULL);
}
return (T)variable;
}
T operator()()
{
return ResolvePointer();
}
};
usage: 用法:
unsigned long ipaddr = htonl(Pointer<unsigned long>(0x00400000+0x008E3A74,0x04,0x38,NULL)());//pointer to players IP address
if(ipaddr != NULL)//....
解决方案2
0 2013-03-27 00:30:11
You should not write to another process's memory space without using specific IPC mechanisms. 如果不使用特定的IPC机制,则不应写入另一个进程的内存空间。 Operating systems typically prevent this for obvious reasons. 操作系统通常出于明显的原因来防止这种情况。 Instead, you would need to use the target application's extension mechanisms, or decompile / modify / hex edit to effect the changes you want. 相反,您将需要使用目标应用程序的扩展机制,或反编译/修改/十六进制编辑以实现所需的更改。 That being said, doing so may be in violation of the terms of service for the software you are messing with. 话虽如此,否则可能会违反您正在使用的软件的服务条款。
To be clear, the code will compile just fine, letting you set a pointer to whatever arbitrary address you'd like, but once you try to read or write that address, the OS will step in and cause an error condition. 需要明确的是,代码可以很好地编译,允许您将指针设置为所需的任意地址,但是一旦尝试读取或写入该地址,操作系统就会介入并导致错误情况。
If you aren't violating the software's EULA by doing so, here are some pointers for finding things you might like to modify: 如果您没有违反软件的最终用户许可协议(EULA) ,那么这里有一些指针可以帮助您找到可能要修改的内容:
- If the code can be decompiled into some readable source form, do so and make modifications there. 如果可以将代码反编译为某种可读的源代码形式,请在此处进行修改。
- Edit the compiled binary with a hex editor, look for well-defined values and change them (does the max_health always start out at 25? That might be unique enough to locate and modify). 使用十六进制编辑器编辑已编译的二进制文件,查找定义明确的值并更改它们(max_health是否总是从25开始?这可能足以定位和修改)。 A note about this: Make sure the values you intend to insert fit in the same space as the original values, otherwise you will break things and have undefined results. 关于此的注意事项:确保要插入的值与原始值位于同一空格中,否则将破坏内容并产生不确定的结果。
- Does the application provide an extension mechanism, such as a scripting API or mod support? 该应用程序是否提供扩展机制,例如脚本API或mod支持? If so, this can be a vector for causing the types of system changes you want. 如果是这样,这可能是导致所需系统更改类型的媒介。
解决方案3
0 2013-03-27 00:37:59
You can't access variables in another process unless: 除非:
- Your program uses "debug functions" to access the values. 您的程序使用“调试功能”来访问值。
- You use some sort of IPC (shared memory, pipes, message queues) to share/transfer the data. 您使用某种IPC(共享内存,管道,消息队列)共享/传输数据。
Each process has its own address space [1], and there is no way to access into another process's address space without some mechanism to access it. 每个进程都有其自己的地址空间[1],并且如果没有某种机制可以访问另一个进程的地址空间。
[1] Assuming we're talking about a "real" OS that uses proper memory management. [1]假设我们正在谈论使用适当的内存管理的“真实”操作系统。 In some OS's such as traditional DOS, there is no memory protection between processes. 在某些操作系统(例如传统DOS)中,进程之间没有内存保护。 But no sane person works with these OS's unless the system is running with a very feeble processor and small amounts of memory. 但是,除非系统运行的处理器非常微弱且内存量很少,否则没有理智的人可以使用这些OS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.