我正在使用 WinAPIReadProcessMemory()
从游戏中读取一些“隐藏”信息。
我已经使用 Cheat Engine 找出静态指针,但我不知道如何读取它们。
Cheat Engine 给了我一个类似这样的指针:"mygame.exe"+1C50
我对 WinAPI 很陌生,如何转换"mygame.exe"+1C50
到我可以阅读的地址ReadProcessMemory()
?
EDIT:我尝试简化问题,但我想我应该首先给出完整的代码。
所以我在这里使用静态地址和多级指针,但我仍然坚持获取基地址或w/e。
这是完整的代码和我的作弊引擎地址的图片 http://pbrd.co/11uVjjf:
#include <iostream>
#include <windows.h>
#include <tlhelp32.h>
using namespace std;
HANDLE GetProcessHandle(const char *procName);
int main()
{
const char *procName = "prism3d.exe";
HANDLE hProc = GetProcessHandle(procName);
if (hProc) {
/* This works if I use the dynamic address (f.e. 0x02C2C4DC),
but it changes every time I restart the game.
I need to use the static address (prism3d.exe+A1C) to get
the dynamic address for my "nuke".
*/
float nuke;
ReadProcessMemory(hProc, (void*)0x02C2C4DC, &nuke, 4, 0);
cout << nuke;
}
CloseHandle(hProc);
return 0;
}
HANDLE GetProcessHandle(const char *procName)
{
HANDLE hProc = NULL;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (Process32First(hSnapshot, &pe32)) {
do {
if (!strcmp(pe32.szExeFile, procName)) {
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
break;
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
return hProc;
}
Edit 2:这是我尝试读取核武器值的方法,但它给了我随机数,每次重新启动游戏时都会有所不同(有时是0
, 有时324324324
, ETC...):
if (hProc) [
DWORD baseAddr = (DWORD)GetModuleHandle(procName) + 0xA1C50; // also tried this with GetModuleHandle(NULL)
DWORD mainAddr;
ReadProcessMemory(hProc, (void*)(baseAddr + 0x111C), &mainAddr, 4, 0);
// Nuke
float nuke;
DWORD nukeAddr;
ReadProcessMemory(hProc, (void*)(mainAddr + 0x48), &nukeAddr, 4, 0);
ReadProcessMemory(hProc, (void*)nukeAddr, &nuke, 4, 0);
cout << nuke;
}