C++ DLL注入和通过偏移读取内存
我向exe注入了一个DLL。现在我需要从特定偏移量读取数据。我的DLL代码:C++ DLL注入和通过偏移读取内存,c++,memory,dll,C++,Memory,Dll,我向exe注入了一个DLL。现在我需要从特定偏移量读取数据。我的DLL代码: DWORD ExeBaseAddress = (DWORD)GetModuleHandleA(0); // HANDLE baseAddr = GetModuleHandleA(0) uint16_t value = ExeBaseAddress + 0x7198BC + 0x70e; cout << value << endl; 通过与OP的长时间评论和聊天(也有一些基本的输入),解决
DWORD ExeBaseAddress = (DWORD)GetModuleHandleA(0);
// HANDLE baseAddr = GetModuleHandleA(0)
uint16_t value = ExeBaseAddress + 0x7198BC + 0x70e;
cout << value << endl;
通过与OP的长时间评论和聊天(也有一些基本的输入),解决方案找到了方向 加载的exe将另一个PE的基址存储在位置0x7198BC。此基址+偏移量(0x70E)包含所需的值
HANDLE ExeBaseAddress = GetModuleHandleA(0);
/*ExeBaseAddress is a HANDLE, so it's size is unknown to the compiler.
That's why, we cast it to (unintptr_t).
And overall, we need an address which can be dereferenced,
to get the value kept at the location, so cast it to (uintptr_t*)*/
uintptr_t *p = (uintptr_t*)((uintptr_t)ExeBaseAddress + 0x7198BC);
uintptr_t ModuleBaseAdrs = (DWORD&)*p ;
printf( "ModBaseAdrsLoc - %p, ModuleBaseAdrs - %X\n", p, ModuleBaseAdrs ) ;
uintptr_t *ValLoc = (uintptr_t *) (ModuleBaseAdrs + 0x70E);
DWORD Val = (DWORD&)*ValLoc ;
printf( "ValLoc - %p, Val - %u\n", ValLoc, Val ) ;
您需要取消引用该位置的值,您只需打印其所在的地址。另外,
ExeBaseAddress
+0x7198BC
+0x70e
的值将溢出uint16\u t
对不起@cocarin,我对C++
不太在行。这是怎么做到的?即使是打印的地址也不象我在内存编辑器中看到的地址一样。在转换成指针之前,你需要先做数学运算,因为C++指针算法是数组元素,而不是字节(对于<代码> uTn16*t*<代码>所有的东西都会加倍)。
HANDLE ExeBaseAddress = GetModuleHandleA(0);
/*ExeBaseAddress is a HANDLE, so it's size is unknown to the compiler.
That's why, we cast it to (unintptr_t).
And overall, we need an address which can be dereferenced,
to get the value kept at the location, so cast it to (uintptr_t*)*/
uintptr_t *p = (uintptr_t*)((uintptr_t)ExeBaseAddress + 0x7198BC);
uintptr_t ModuleBaseAdrs = (DWORD&)*p ;
printf( "ModBaseAdrsLoc - %p, ModuleBaseAdrs - %X\n", p, ModuleBaseAdrs ) ;
uintptr_t *ValLoc = (uintptr_t *) (ModuleBaseAdrs + 0x70E);
DWORD Val = (DWORD&)*ValLoc ;
printf( "ValLoc - %p, Val - %u\n", ValLoc, Val ) ;