Czytanie pamięci

Odpowiedz Nowy wątek
2012-04-30 10:50

Rejestracja: 12 lat temu

Ostatnio: 8 lat temu

0

Witam,
Mógłby ktoś podać prosty przykład jak w C# czytać pamięć z jakiegoś procesu pod wskazanym adresem? W c++ mam gotowy przykład, znalazłem, że w C# wygląda to podobnie, ale nie widzi mi funkcji takich jak findwindow czy readprocessmemory. Pozdrawiam

Pozostało 580 znaków

2012-04-30 11:04

Rejestracja: 9 lat temu

Ostatnio: 6 lat temu

2
pioncz napisał(a):

nie widzi mi funkcji takich jak findwindow czy readprocessmemory

Bo to są funkcje WinAPI i musisz je zaimportować.

[DllImport("user32.dll")]
 public static extern IntPtr FindWindow(String sClassName, String sAppName);
[DllImport("kernel32.dll", SetLastError = true)]
   static extern bool ReadProcessMemory( 
     IntPtr hProcess, 
     IntPtr lpBaseAddress,
     [Out] byte[] lpBuffer, 
     int dwSize, 
     out int lpNumberOfBytesRead
    );

Pozostało 580 znaków

2012-05-02 14:51

Rejestracja: 8 lat temu

Ostatnio: 8 lat temu

0

Typowa klasa np. dla gier wygląda mniej więcej tak

public class GameMemory
    {
        public GameMemory(string pname, string mainmodule)
        {
            OpenProcessx(pname, mainmodule);
        }

        private int _ProccID;
        private IntPtr _pHandle;
        public int BaseAddress; // ex. Game.dll + 0xBF676C -> BaseAddress + 0xBF676C

        #region DllImports
        [DllImport("kernel32.dll")]
        private static extern bool WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesWritten);

        [DllImportAttribute("User32.dll")]
        private static extern bool SetForegroundWindow(IntPtr hWnd);

        [DllImportAttribute("User32.dll")]
        private static extern bool IsIconic(IntPtr hWnd);

        [DllImport("kernel32.dll")]
        private static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
        private static extern bool _CloseHandle(IntPtr hObject);

        [DllImport("kernel32.dll")]
        private static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [Out] byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesRead);
        #endregion

        public void OpenProcessx(string pname, string mainmodule)
        {
            Process[] procs = Process.GetProcessesByName(pname);
            if (procs.Length == 0) { _ProccID = 0; }
            else
            {
                _ProccID = procs[0].Id;
                _pHandle = OpenProcess(0x1F0FFF, false, _ProccID);

                ProcessModuleCollection modules = procs[0].Modules;
                foreach (ProcessModule module in modules)
                {
                    if (module.ModuleName == mainmodule)
                    {
                        BaseAddress = module.BaseAddress.ToInt32();
                    }
                }
            }
        }
        public void SetForeground()
        {
            Process p = Process.GetProcessById(_ProccID);
            SetForegroundWindow(p.MainWindowHandle);
        }
        public bool IsMinimized()
        {
            Process p = Process.GetProcessById(_ProccID);
            return IsIconic(p.MainWindowHandle);
        }
        public int ReadInt(long Address)
        {
            byte[] buffer = new byte[sizeof(int)];
            ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
            return BitConverter.ToInt32(buffer, 0);
        }
        public uint ReadUInt(long Address)
        {
            byte[] buffer = new byte[sizeof(int)];
            ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
            return (uint)BitConverter.ToUInt32(buffer, 0);
        }
        public float ReadFloat(long Address)
        {
            byte[] buffer = new byte[sizeof(float)];
            ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
            return BitConverter.ToSingle(buffer, 0);
        }
        public string ReadString(long Address)
        {
            byte[] buffer = new byte[50];

            ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)50, IntPtr.Zero);

            string ret = Encoding.Unicode.GetString(buffer);

            if (ret.IndexOf('\0') != -1)
                ret = ret.Remove(ret.IndexOf('\0'));
            return ret;
        }
        public byte ReadByte(long Address)
        {
            byte[] buffer = new byte[1];
            ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)1, IntPtr.Zero);
            return buffer[0];
        }
        public void WriteFloat(long Address, float value)
        {
            byte[] buffer = BitConverter.GetBytes(value);
            WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
        }
        public void WriteInt(long Address, int value)
        {
            byte[] buffer = BitConverter.GetBytes(value);
            WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
        }
        public void WriteUInt(long Address, uint value)
        {
            byte[] buffer = BitConverter.GetBytes(value);
            WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
        }
        public void WriteString(Encoding enc, long Address, string value)
        {
            //Not really effective
            byte[] buffer = enc.GetBytes(value);
            WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
        }
    }
edytowany 2x, ostatnio: Nerfpl, 2012-05-02 14:55

Pozostało 580 znaków

Odpowiedz

1 użytkowników online, w tym zalogowanych: 0, gości: 1, botów: 0