Fatal编程技术网
  • csharp/
  • c#多级指针、内存读取

c#多级指针、内存读取

c# pointers

c#多级指针、内存读取,c#,pointers,readprocessmemory,cheat-engine,C#,Pointers,Readprocessmemory,Cheat Engine,我发现了一个适用于静态地址的代码 但是,如何更改此代码以使其适用于指针?我需要从该指针获取值: 0x70+0x10+0x18+0x0+0x18 它适用于64位应用程序 public class Program { private const int PROCESS_WM_READ = 0x0010; [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(int dwDesiredAcces

我发现了一个适用于静态地址的代码

但是,如何更改此代码以使其适用于指针?我需要从该指针获取值: 
0x70+0x10+0x18+0x0+0x18

它适用于64位应用程序

public class Program
{
    private const int PROCESS_WM_READ = 0x0010;

    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess,
    Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

    static void Main(string[] args)
    {
        Process process      = Process.GetProcessesByName("Tutorial-x86_64")[0];
        IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);

        int bytesRead = 0;
        var buffer = new byte[4];

        ReadProcessMemory((int)processHandle, 0x0011D598, buffer, buffer.Length, ref bytesRead);
        Console.WriteLine(BitConverter.ToInt32(buffer, 0));
        Console.ReadLine();
    }
}
谢谢托马索·贝鲁佐

我为感兴趣的人提供的最终代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace ConsoleApplication1
{
    class Program
    {
        const int PROCESS_WM_READ = 0x0010;

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(int hProcess,
        Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

        static void Main(string[] args)
        {
            Process process = Process.GetProcessesByName("Tutorial-x86_64")[0];
            IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);

            int bytesRead = 0;
            byte[] buffer = new byte[4];


            //Byte[] buffer = new Byte[4];

            Int64 baseAddress = 0x1002CAA70;
            ReadProcessMemory((int)processHandle, baseAddress, buffer, buffer.Length, ref bytesRead);
            Int64 baseValue = BitConverter.ToInt32(buffer, 0);

            Int64 firstAddress = baseValue + 0x10;
            ReadProcessMemory((int)processHandle, firstAddress, buffer, buffer.Length, ref bytesRead);
            Int64 firstValue = BitConverter.ToInt32(buffer, 0);

            Int64 secondAddress = firstValue + 0x18;
            ReadProcessMemory((int)processHandle, secondAddress, buffer, buffer.Length, ref bytesRead);
            Int64 secondValue = BitConverter.ToInt32(buffer, 0);

            Int64 thirdAddress = secondValue + 0x0;
            ReadProcessMemory((int)processHandle, thirdAddress, buffer, buffer.Length, ref bytesRead);
            Int64 thirdValue = BitConverter.ToInt32(buffer, 0);

            Int64 fourthAddress = thirdValue + 0x18;
            ReadProcessMemory((int)processHandle, fourthAddress, buffer, buffer.Length, ref bytesRead);
            Int64 fourthValue = BitConverter.ToInt32(buffer, 0);

            ReadProcessMemory((int)processHandle, fourthValue, buffer, buffer.Length, ref bytesRead);
            Console.WriteLine(BitConverter.ToInt32(buffer, 0));
            Console.ReadLine();
        }
    }
}
“修改并添加偏移量”是什么意思?我找不到指针0x1002Ca70+0x10+0x18+0x0+0x18=1002CaB0的工作示例?您想读取该值吗?或者您想使用连续值进行遍历?很抱歉,无法正确解释我的问题。请参阅所附图片。我找到了静态地址为“1002CA70”和4个偏移量(10,18,0,18)的指针。我希望我的程序返回这个指针的值。基本上,我试图用我的指针在内存中获取一个值。实际上,我看到4个不同的指针和4个不同的地址,你需要它们吗? 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace ConsoleApplication1
{
    class Program
    {
        const int PROCESS_WM_READ = 0x0010;

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(int hProcess,
        Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

        static void Main(string[] args)
        {
            Process process = Process.GetProcessesByName("Tutorial-x86_64")[0];
            IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);

            int bytesRead = 0;
            byte[] buffer = new byte[4];


            //Byte[] buffer = new Byte[4];

            Int64 baseAddress = 0x1002CAA70;
            ReadProcessMemory((int)processHandle, baseAddress, buffer, buffer.Length, ref bytesRead);
            Int64 baseValue = BitConverter.ToInt32(buffer, 0);

            Int64 firstAddress = baseValue + 0x10;
            ReadProcessMemory((int)processHandle, firstAddress, buffer, buffer.Length, ref bytesRead);
            Int64 firstValue = BitConverter.ToInt32(buffer, 0);

            Int64 secondAddress = firstValue + 0x18;
            ReadProcessMemory((int)processHandle, secondAddress, buffer, buffer.Length, ref bytesRead);
            Int64 secondValue = BitConverter.ToInt32(buffer, 0);

            Int64 thirdAddress = secondValue + 0x0;
            ReadProcessMemory((int)processHandle, thirdAddress, buffer, buffer.Length, ref bytesRead);
            Int64 thirdValue = BitConverter.ToInt32(buffer, 0);

            Int64 fourthAddress = thirdValue + 0x18;
            ReadProcessMemory((int)processHandle, fourthAddress, buffer, buffer.Length, ref bytesRead);
            Int64 fourthValue = BitConverter.ToInt32(buffer, 0);

            ReadProcessMemory((int)processHandle, fourthValue, buffer, buffer.Length, ref bytesRead);
            Console.WriteLine(BitConverter.ToInt32(buffer, 0));
            Console.ReadLine();
        }
    }
}