问题
I found a code that works perfectly for static addresses.
However, how would I change this code so it works for pointers? I need to get value from this pointer:
0x1002CAA70 + 0x10 + 0x18 + 0x0 + 0x18
.
It is for 64 bit application.
public class Program
{
private const int PROCESS_WM_READ = 0x0010;
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess,
Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
static void Main(string[] args)
{
Process process = Process.GetProcessesByName("Tutorial-x86_64")[0];
IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
int bytesRead = 0;
var buffer = new byte[4];
ReadProcessMemory((int)processHandle, 0x0011D598, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(BitConverter.ToInt32(buffer, 0));
Console.ReadLine();
}
}
image 1 image 2
回答1:
Byte[] buffer = new Byte[4];
Int32 bytesRead = 0;
Int32 processHandle = (Int32)process.Handle;
Int32 baseAddress = process.MainModule.BaseAddress.ToInt32() + 0x1002CAA70;
ReadProcessMemory(processHandle, baseAddress, buffer, buffer.Length, ref bytesRead);
Int32 baseValue = BitConverter.ToInt32(buffer, 0));
Int32 firstAddress = baseValue + 0x10;
ReadProcessMemory(processHandle, firstAddress, buffer, buffer.Length, ref bytesRead);
Int32 firstValue = BitConverter.ToInt32(buffer, 0));
Int32 secondAddress = firstValue + 0x18;
ReadProcessMemory(processHandle, secondAddress, buffer, buffer.Length, ref bytesRead);
Int32 secondValue = BitConverter.ToInt32(buffer, 0));
Int32 thirdAddress = secondValue + 0x00;
ReadProcessMemory(processHandle, thirdAddress, buffer, buffer.Length, ref bytesRead);
Int32 thirdValue = BitConverter.ToInt32(buffer, 0));
Int32 fourthAddress = thirdValue + 0x18;
ReadProcessMemory(processHandle, fourthAddress, buffer, buffer.Length, ref bytesRead);
Int32 fourthValue = BitConverter.ToInt32(buffer, 0));
回答2:
Thank you Tommaso Belluzzo!!
my final code for those who interested:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace ConsoleApplication1
{
class Program
{
const int PROCESS_WM_READ = 0x0010;
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess,
Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
static void Main(string[] args)
{
Process process = Process.GetProcessesByName("Tutorial-x86_64")[0];
IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
int bytesRead = 0;
byte[] buffer = new byte[4];
//Byte[] buffer = new Byte[4];
Int64 baseAddress = 0x1002CAA70;
ReadProcessMemory((int)processHandle, baseAddress, buffer, buffer.Length, ref bytesRead);
Int64 baseValue = BitConverter.ToInt32(buffer, 0);
Int64 firstAddress = baseValue + 0x10;
ReadProcessMemory((int)processHandle, firstAddress, buffer, buffer.Length, ref bytesRead);
Int64 firstValue = BitConverter.ToInt32(buffer, 0);
Int64 secondAddress = firstValue + 0x18;
ReadProcessMemory((int)processHandle, secondAddress, buffer, buffer.Length, ref bytesRead);
Int64 secondValue = BitConverter.ToInt32(buffer, 0);
Int64 thirdAddress = secondValue + 0x0;
ReadProcessMemory((int)processHandle, thirdAddress, buffer, buffer.Length, ref bytesRead);
Int64 thirdValue = BitConverter.ToInt32(buffer, 0);
Int64 fourthAddress = thirdValue + 0x18;
ReadProcessMemory((int)processHandle, fourthAddress, buffer, buffer.Length, ref bytesRead);
Int64 fourthValue = BitConverter.ToInt32(buffer, 0);
ReadProcessMemory((int)processHandle, fourthValue, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(BitConverter.ToInt32(buffer, 0));
Console.ReadLine();
}
}
}
来源:https://stackoverflow.com/questions/47481769/c-sharp-multi-level-pointers-memory-reading