0

这是代码:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace MemoryScan
{
    public partial class Form1 : Form
    {
        [DllImport("kernel32.dll")]
        public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesRead);
        [DllImport("kernel32.dll")]
        protected static extern int VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);

        [StructLayout(LayoutKind.Sequential)]
        protected struct MEMORY_BASIC_INFORMATION
        {
            public IntPtr BaseAddress;
            public IntPtr AllocationBase;
            public uint AllocationProtect;
            public uint RegionSize;
            public uint State;
            public uint Protect;
            public uint Type;
        }

        List<MEMORY_BASIC_INFORMATION> MemReg { get; set; }
        Byte[] toFind = new Byte[] { 0x31, 0x55, 0x78, 0x33, 0, 0, 0, 0x37 };
        IntPtr MyAddress;
        List<string> Processes = new List<string>();

        public Form1()
        {
            InitializeComponent();

            Process[] processlist = Process.GetProcesses();
            foreach (Process theprocess in processlist)
            {
                string t = string.Format("Process: {0} ID: {1}", theprocess.ProcessName, theprocess.Id);
                Processes.Add(t);
            }

            MyAddress = AobScan("FlashPlayerPlugin_11_8_800_168", toFind);
        }

        public void MemInfo(IntPtr pHandle)
        {
            IntPtr Addy = new IntPtr();
            while (true)
            {
                MEMORY_BASIC_INFORMATION MemInfo = new MEMORY_BASIC_INFORMATION();
                int MemDump = VirtualQueryEx(pHandle, Addy, out  MemInfo, Marshal.SizeOf(MemInfo));
                if (MemDump == 0) break;
                if ((MemInfo.State & 0x1000) != 0 && (MemInfo.Protect & 0x100) == 0)
                    MemReg.Add(MemInfo);
                Addy = new IntPtr(MemInfo.BaseAddress.ToInt32() + MemInfo.RegionSize);
            }
        }
        public IntPtr _Scan(byte[] sIn, byte[] sFor)
        {
            int[] sBytes = new int[256]; int Pool = 0;
            int End = sFor.Length - 1;
            for (int i = 0; i < 256; i++)
                sBytes[i] = sFor.Length;
            for (int i = 0; i < End; i++)
                sBytes[sFor[i]] = End - i;
            while (Pool <= sIn.Length - sFor.Length)
            {
                for (int i = End; sIn[Pool + i] == sFor[i]; i--)
                    if (i == 0) return new IntPtr(Pool);
                Pool += sBytes[sIn[Pool + End]];
            }
            return IntPtr.Zero;
        }
        public IntPtr AobScan(string ProcessName, byte[] Pattern)
        {
            Process[] P = Process.GetProcessesByName(ProcessName);
            if (P.Length == 0) return IntPtr.Zero;
            MemReg = new List<MEMORY_BASIC_INFORMATION>();
            MemInfo(P[0].Handle);
            for (int i = 0; i < MemReg.Count; i++)
            {
                byte[] buff = new byte[MemReg[i].RegionSize];
                ReadProcessMemory(P[0].Handle, MemReg[i].BaseAddress, buff, MemReg[i].RegionSize, 0);

                IntPtr Result = _Scan(buff, Pattern);
                if (Result != IntPtr.Zero)
                    return new IntPtr(MemReg[i].BaseAddress.ToInt32() + Result.ToInt32());
            }
            return IntPtr.Zero;
        }

        private void Form1_Load(object sender, EventArgs e)
        {

        }


    }
}

我得到的例外是在这一行:

Addy = new IntPtr(MemInfo.BaseAddress.ToInt32() + MemInfo.RegionSize);

OverflowException 算术运算导致溢出

System.OverflowException was unhandled
  HResult=-2146233066
  Message=Arithmetic operation resulted in an overflow.
  Source=mscorlib
  StackTrace:
       at System.IntPtr..ctor(Int64 value)
       at MemoryScan.Form1.MemInfo(IntPtr pHandle) in d:\C-Sharp\MemoryScan\MemoryScan\MemoryScan\Form1.cs:line 63
       at MemoryScan.Form1.AobScan(String ProcessName, Byte[] Pattern) in d:\C-Sharp\MemoryScan\MemoryScan\MemoryScan\Form1.cs:line 87
       at MemoryScan.Form1..ctor() in d:\C-Sharp\MemoryScan\MemoryScan\MemoryScan\Form1.cs:line 50
       at MemoryScan.Program.Main() in d:\C-Sharp\MemoryScan\MemoryScan\MemoryScan\Program.cs:line 19
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException:
4

0 回答 0