0

好吧,我最近在C#中创建了一个程序,可以改变程序的内存,它会起作用,但是每次我关闭程序并重新打开它时,我都必须再次找到内存值,有没有办法可以关闭程序后防止程序的内存发生变化?

public partial class Form1 : Form
{

    public Form1()
    {
        InitializeComponent();
    }

    [DllImport("kernel32.dll")]
    static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);

    [DllImport("kernel32.dll")]
    public static extern Int32 CloseHandle(IntPtr hProcess);

    [Flags]
    public enum ProcessAccessFlags : uint
    {
        All = 0x001F0FFF,
        Terminate = 0x00000001,
        CreateThread = 0x00000002,
        VMOperation = 0x00000008,
        VMRead = 0x00000010,
        VMWrite = 0x00000020,
        DupHandle = 0x00000040,
        SetInformation = 0x00000200,
        QueryInformation = 0x00000400,
        Synchronize = 0x00100000
    }

    public static void WriteMem(Process p, int address, long v)
    {
        var hProc = OpenProcess(ProcessAccessFlags.All, false, (int)p.Id);
        var val = new byte[] { (byte)v };

        int wtf = 0;
        WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32)val.LongLength, out wtf);

        CloseHandle(hProc);
    }

    private void notify(string not)
    {
        if (textBox1.Text != "")
        {
            textBox1.Text += Environment.NewLine;
        }

        textBox1.Text += not;
    }

    private void button1_Click(object sender, EventArgs e)
    {
        var p = Process.GetProcessesByName("SAFlashPlayer").FirstOrDefault();
        WriteMem(p, 0x07A6A0C1, 1000);
        notify("A lot of Ability Points added.");
    }
    private void button2_Click(object sender, EventArgs e)
    {
        var p = Process.GetProcessesByName("SAFlashPlayer").FirstOrDefault();
        //WriteMem(p, 0x008373CC, 0);
        notify("Power set to 0.");
    }

    private void Checker_Tick(object sender, EventArgs e)
    {
        Process[] pname = Process.GetProcessesByName("SAFlashPlayer");

        if (pname.Length == 0)
        {
            button1.Enabled = false;
            button2.Enabled = false;
            status.ForeColor = System.Drawing.Color.Red;
            status.Text = "Flash Player not running!";
        }
        else
        {
            button1.Enabled = true;
            button2.Enabled = true;
            status.ForeColor = System.Drawing.Color.Green;
            status.Text = "Flash Player running!";
        }
    }
}

4

2 回答 2

3

您无法估计或决定程序在运行时将加载到哪里。操作系统决定了这一点,但我认为您可以在运行时动态地找到进程的内存位置,而无需对您的应用程序进行硬编码。

您是否尝试过 ReadProcessMemory WinAPI 调用

于 2012-04-21T06:17:01.050 回答
1

是的,作弊很难——支付金农更容易。您很可能需要在每次程序重新启动后扫描其他进程以获取要更新的值/模式,因为内存布局很有可能发生变化,尤其是在 Win7 上。

在过去的美好时光里,人们只会更新可执行文件本身......在阅读印刷杂志上的一些文章后......

如今,所有 JIT、ASLR、压缩/编码的可执行文件和脚本甚至远程加载的模块/SWF 都变得更加困难。所以归咎于互联网作弊时需要花费更多的努力。

于 2012-04-21T06:36:57.687 回答