Witam,
Mógłby ktoś podać prosty przykład jak w C# czytać pamięć z jakiegoś procesu pod wskazanym adresem? W c++ mam gotowy przykład, znalazłem, że w C# wygląda to podobnie, ale nie widzi mi funkcji takich jak findwindow czy readprocessmemory. Pozdrawiam
0
2
pioncz napisał(a):
nie widzi mi funkcji takich jak findwindow czy readprocessmemory
Bo to są funkcje WinAPI i musisz je zaimportować.
[DllImport("user32.dll")]
public static extern IntPtr FindWindow(String sClassName, String sAppName);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[Out] byte[] lpBuffer,
int dwSize,
out int lpNumberOfBytesRead
);
0
Typowa klasa np. dla gier wygląda mniej więcej tak
public class GameMemory
{
public GameMemory(string pname, string mainmodule)
{
OpenProcessx(pname, mainmodule);
}
private int _ProccID;
private IntPtr _pHandle;
public int BaseAddress; // ex. Game.dll + 0xBF676C -> BaseAddress + 0xBF676C
#region DllImports
[DllImport("kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesWritten);
[DllImportAttribute("User32.dll")]
private static extern bool SetForegroundWindow(IntPtr hWnd);
[DllImportAttribute("User32.dll")]
private static extern bool IsIconic(IntPtr hWnd);
[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
private static extern bool _CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
private static extern bool ReadProcessMemory(IntPtr hProcess, UIntPtr lpBaseAddress, [Out] byte[] lpBuffer, UIntPtr nSize, IntPtr lpNumberOfBytesRead);
#endregion
public void OpenProcessx(string pname, string mainmodule)
{
Process[] procs = Process.GetProcessesByName(pname);
if (procs.Length == 0) { _ProccID = 0; }
else
{
_ProccID = procs[0].Id;
_pHandle = OpenProcess(0x1F0FFF, false, _ProccID);
ProcessModuleCollection modules = procs[0].Modules;
foreach (ProcessModule module in modules)
{
if (module.ModuleName == mainmodule)
{
BaseAddress = module.BaseAddress.ToInt32();
}
}
}
}
public void SetForeground()
{
Process p = Process.GetProcessById(_ProccID);
SetForegroundWindow(p.MainWindowHandle);
}
public bool IsMinimized()
{
Process p = Process.GetProcessById(_ProccID);
return IsIconic(p.MainWindowHandle);
}
public int ReadInt(long Address)
{
byte[] buffer = new byte[sizeof(int)];
ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
return BitConverter.ToInt32(buffer, 0);
}
public uint ReadUInt(long Address)
{
byte[] buffer = new byte[sizeof(int)];
ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
return (uint)BitConverter.ToUInt32(buffer, 0);
}
public float ReadFloat(long Address)
{
byte[] buffer = new byte[sizeof(float)];
ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)4, IntPtr.Zero);
return BitConverter.ToSingle(buffer, 0);
}
public string ReadString(long Address)
{
byte[] buffer = new byte[50];
ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)50, IntPtr.Zero);
string ret = Encoding.Unicode.GetString(buffer);
if (ret.IndexOf('\0') != -1)
ret = ret.Remove(ret.IndexOf('\0'));
return ret;
}
public byte ReadByte(long Address)
{
byte[] buffer = new byte[1];
ReadProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)1, IntPtr.Zero);
return buffer[0];
}
public void WriteFloat(long Address, float value)
{
byte[] buffer = BitConverter.GetBytes(value);
WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
}
public void WriteInt(long Address, int value)
{
byte[] buffer = BitConverter.GetBytes(value);
WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
}
public void WriteUInt(long Address, uint value)
{
byte[] buffer = BitConverter.GetBytes(value);
WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
}
public void WriteString(Encoding enc, long Address, string value)
{
//Not really effective
byte[] buffer = enc.GetBytes(value);
WriteProcessMemory(_pHandle, (UIntPtr)Address, buffer, (UIntPtr)buffer.Length, IntPtr.Zero);
}
}