C + +指针+偏移量读取内存地址
[英]C++ read memory address with pointer+offset
问题描述
I am trying to read an address of a process which should be the number 20. I determined this address was located at the dll base offset + a number with an offset of 10. I am using 
我正在尝试读取应该为20的进程的地址。我确定此地址位于dll基本偏移量+偏移量为10的数字中。
ReadProcessMemory(phandle, (void*)address, &number, sizeof(number), 0);
to read a specific address. 读取特定的地址。 My question is how do I correctly search for the address located at "57B86F68" + the 10 offset? 我的问题是如何正确搜索位于“ 57B86F68” + 10偏移量的地址?
1 个解决方案
解决方案1
2 已采纳 2016-08-24 05:37:21
You can read the data from handle if your phandle is a process handle with PROCESS_VM_READ access granted: 如果您的phandle是已授予PROCESS_VM_READ访问权限的进程句柄,则可以从句柄读取数据:
ReadProcessMemory(phandle, (void*)(0x57B86F68 + 0x10), &number, sizeof(number), 0);
To get proper access rights for the process handle check your OpenProcess flags, PROCESS_VM_READ should be there. 要获得对进程句柄的适当访问权限,请检查您的OpenProcess标志, PROCESS_VM_READ应该在那里。
If it still not working things are much more complex. 如果仍然无法正常工作,情况将更加复杂。 You should translate your virtual address to physical address and after that get direct access to the memory via kernel mode . 您应该将虚拟地址转换为物理地址 ,然后通过内核模式直接访问内存。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.