C++ DLL注入和通过偏移读取内存

我向exe注入了一个DLL。现在我需要从特定偏移量读取数据。我的DLL代码：

DWORD ExeBaseAddress = (DWORD)GetModuleHandleA(0); 
// HANDLE baseAddr = GetModuleHandleA(0)

uint16_t value = ExeBaseAddress + 0x7198BC + 0x70e;

cout << value << endl;

---

通过与OP的长时间评论和聊天（也有一些基本的输入），解决方案找到了方向

加载的exe将另一个PE的基址存储在位置0x7198BC。此基址+偏移量（0x70E）包含所需的值

HANDLE ExeBaseAddress = GetModuleHandleA(0);

/*ExeBaseAddress is a HANDLE, so it's size is unknown to the compiler.
 That's why, we cast it to (unintptr_t). 
 And overall, we need an address which can be dereferenced,
 to get the value kept at the location, so cast it to (uintptr_t*)*/

uintptr_t *p = (uintptr_t*)((uintptr_t)ExeBaseAddress + 0x7198BC);
uintptr_t ModuleBaseAdrs = (DWORD&)*p ;
printf( "ModBaseAdrsLoc - %p, ModuleBaseAdrs - %X\n", p, ModuleBaseAdrs ) ;

uintptr_t *ValLoc = (uintptr_t *) (ModuleBaseAdrs + 0x70E);
DWORD Val = (DWORD&)*ValLoc ;
printf( "ValLoc - %p, Val - %u\n", ValLoc, Val ) ;

---

您需要取消引用该位置的值，您只需打印其所在的地址。另外，

ExeBaseAddress

+

0x7198BC

+

0x70e

的值将溢出

uint16\u t

对不起@cocarin，我对

C++

不太在行。这是怎么做到的？即使是打印的地址也不象我在内存编辑器中看到的地址一样。在转换成指针之前，你需要先做数学运算，因为C++指针算法是数组元素，而不是字节（对于<代码> uTn16*t*<代码>所有的东西都会加倍）。

HANDLE ExeBaseAddress = GetModuleHandleA(0);

/*ExeBaseAddress is a HANDLE, so it's size is unknown to the compiler.
 That's why, we cast it to (unintptr_t). 
 And overall, we need an address which can be dereferenced,
 to get the value kept at the location, so cast it to (uintptr_t*)*/

uintptr_t *p = (uintptr_t*)((uintptr_t)ExeBaseAddress + 0x7198BC);
uintptr_t ModuleBaseAdrs = (DWORD&)*p ;
printf( "ModBaseAdrsLoc - %p, ModuleBaseAdrs - %X\n", p, ModuleBaseAdrs ) ;

uintptr_t *ValLoc = (uintptr_t *) (ModuleBaseAdrs + 0x70E);
DWORD Val = (DWORD&)*ValLoc ;
printf( "ValLoc - %p, Val - %u\n", ValLoc, Val ) ;