堆栈内存溢出
  简体   繁体   English

如何获取其他程序内存的地址然后在我的程序中读取

[英]How to obtain address of other program memory and then read it in my program

 原文  2020-09-24 16:30:00       c#/ memory/ reverse-engineering

问题描述

I'd want to find an address of where other program ( other.exe ) is storing some specific value我想找到其他程序( other.exe )存储某些特定值的地址

and then read it from my program (C#), but I don't really understand how can I achieve that然后从我的程序(C#)中读取它,但我真的不明白我怎么能做到这一点

I tried finding it with CheatEngine, and I managed to find that value under two addresses, so eg 0x048907B0我尝试使用 CheatEngine 找到它,并且设法在两个地址下找到该值,例如0x048907B0

在此处输入图片说明

Now I tried to add this particular address to base address of the process, but the returned value is just chaos, nothing even close to my value现在我尝试将此特定地址添加到进程的基地址,但返回的值只是混乱,甚至没有接近我的值

What I'm doing wrong here?我在这里做错了什么?

Previously I've seen some "proved" approach where there was "xor" involved, basically you had to read some "xor" value with known "xor address" and then in order to read other values, the formula was以前我见过一些“经过验证”的方法,其中涉及“xor”,基本上你必须用已知的“xor 地址”读取一些“xor”值,然后为了读取其他值,公式是

info.MyValue = BitConverter.ToInt32(buffer, 0) ^ xor;

Thanks in advance!提前致谢!

My Code:我的代码:

var process = Process.GetProcessesByName(processName).FirstOrDefault();

if (process == null)
{
    throw new Exception($"Process with name: '{processName}' is not running");
}

var mc = new MemoryContext(process);

public class MemoryContext
{
    const int PROCESS_WM_READ = 0x0010;

    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

    private int baseAddress;
    private Process _process;
    private IntPtr handle;

    public MemoryContext(Process process)
    {
        _process = process;
        baseAddress = _process.MainModule.BaseAddress.ToInt32();
        handle = OpenProcess(PROCESS_WM_READ, false, _process.Id);
    }
    
    public ProcessDetails RefreshData()
    {
        var info = new ProcessDetails();

        int bytesRead = 0;
        byte[] buffer = new byte[4];

        // here I'm trying to read that value
        ReadProcessMemory((int)handle, 0x048907B0 + baseAddress, buffer, buffer.Length, ref bytesRead);
        info.MyValue = BitConverter.ToInt32(buffer, 0);
        
        return info;
    }
}

1 个解决方案

解决方案1
 2 已采纳  2020-09-24 17:00:30

I posted this as a comment, but since it worked I'll post it as an answer.我将此作为评论发布,但由于它有效,我将其发布为答案。

When you find the address of your data in Cheat Engine, the address it gives you is already the correct one.当你在 Cheat Engine 中找到你的数据地址时,它给你的地址已经是正确的了。 So, to read the correct address, instead of 0x048907B0 + baseAddress , you can simply put in 0x048907B0 and it should work.因此,要读取正确的地址,而不是0x048907B0 + baseAddress ,您只需输入0x048907B0就可以了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何访问其他程序内存中的结构? - How to access structure in other program's memory? 如何恢复程序的内存使用情况? - How to restore memory usage of my program? 如何读取程序中另一个应用程序正在使用的内存量? - How Can I Read the Amount of Memory Being Used by Another Application Within My Program? 如何让我的程序不在其他计算机上运行? - How to make my program not run on other computers? 如何获取另一个C#应用程序要读取的内存地址? - How can I obtain a memory address for another C# app to read? 如何在客户端程序中指定服务器IP地址? - How do I specify Server Ip address in my Client program? 如何使我的程序使用Twilio阅读我的SMS响应 - How to get my Program to read my SMS response using Twilio 在WinCE上运行应用程序之前,如何分配程序内存和存储空间? - How to allocate program memory and storage before running my application on WinCE? 如何减少 C# 程序中的内存使用量? - How do i reduce memory usage in my C# program? 如何使我的程序从文本文件中读取一行? - How to make my program read a line from text file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM