发表新帖
发表新帖

C++: reading memory of another process

后端 未结
关注
2 2021
野的像风
野的像风 2020-12-15 02:07

I\'d like to have a function that allows me to read the memory of another process. I was thinking about something like this (pseudo code):

staticAddress = 0x
相关标签:
2条回答
  • 忘掉有多难
    2020-12-15 02:32

    https://github.com/T-vK/Memory-Hacking-Class
    Is a pretty simple class to do all that and even more.
    Here is a list with all the methods it supports: 

    GetProcessId()
GetModuleBase()
SetPrivilege()
GetDebugPrivileges()
ReadInt()
GetPointerAddress()
ReadPointerInt()
ReadFloat()
ReadPointerFloat()
ReadText()
ReadPointerText()

    Example usage:

    #include "Memory.hpp"
using std::string;

int main() {
    char* TARGET_PROCESS_NAME = "League of Legends.exe";

    int GAME_VERSION_MODULE_OFFSET = 0x2A1D738; // [Base address of 'League of Legends.exe']+0x2A1D738 (address of a string containing a version number)

    Memory Memory;
    Memory.GetDebugPrivileges();
    int processId = Memory.GetProcessId(TARGET_PROCESS_NAME);
    HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, false, processId);

    int baseAddress = Memory.GetModuleBase(processHandle, (string)TARGET_PROCESS_NAME);

    int gameVersionAddress = baseAddress + GAME_VERSION_MODULE_OFFSET;

    string gameVersion = Memory.ReadText(processHandle, gameVersionAddress);

    std::cout << "Game version: " << gameVersionAddress << std::endl;

    cin.get();
    return 0;
}

    In case you were wondering, yes, I'm the author.

    0 讨论(0)
  • 广开言路
    2020-12-15 02:45

    Here is an example for your ReadMemoryInt() function:

    int ReadMemoryInt(HANDLE processHandle, LPCVOID address) {
    int buffer = 0;
    SIZE_T NumberOfBytesToRead = sizeof(buffer); //this is equal to 4
    SIZE_T NumberOfBytesActuallyRead;
    BOOL err = ReadProcessMemory(processHandle, address, &buffer, NumberOfBytesToRead, &NumberOfBytesActuallyRead);
    if (err || NumberOfBytesActuallyRead != NumberOfBytesToRead)
      /*an error occured*/ ;
    return buffer; 
}

    The & mean that the address of the variable is passed instead its value.

    And in ReadMemoryString() you cannot know the actual size you need to read, you could either read a big block (size 999) or read many little blocks till you get one containing \0.

    And if you want to know if it works, you can start it in a debugger and look if the values you expect are returned.

    0 讨论(0)
 看不清?
提交回复
热议问题