我在网上找到了这个功能:
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] buffer, int size, int lpNumberOfBytesRead);
public static int ReadAddress(string Process_Name, string Address_Offsets)
{
Process[] P;
if ((P = Process.GetProcessesByName(Process_Name)).Length == 0) return -1;
int Addy = -1;
while (Address_Offsets.Contains(" "))
Address_Offsets = Address_Offsets.Replace(" ", " ");
int Index = -1;
while ((Index = Address_Offsets.IndexOf("0x", StringComparison.OrdinalIgnoreCase)) != -1)
Address_Offsets = Address_Offsets.Replace(Address_Offsets.Substring(Index, 2), "");
string[] tmp = Address_Offsets.Split(' ');
if (tmp[0].Contains("+"))
{
string[] AD = tmp[0].Split('+');
foreach (ProcessModule M in P[0].Modules)
if (M.ModuleName.ToLower() == AD[0].ToLower())
Addy = M.BaseAddress.ToInt32() + int.Parse(AD[1], NumberStyles.HexNumber);
}
else Addy = int.Parse(tmp[0], NumberStyles.HexNumber);
if (tmp.Length == 1) return Addy;
byte[] buff = new byte[4];
ReadProcessMemory(P[0].Handle, Addy, buff, 4, 0);
Addy = BitConverter.ToInt32(buff, 0);
for (int i = 1; i < tmp.Length; i++)
{
int Off = int.Parse(tmp[i], NumberStyles.HexNumber);
ReadProcessMemory(P[0].Handle, Addy + Off, buff, 4, 0);
Addy = i != (tmp.Length - 1) ? BitConverter.ToInt32(buff, 0) : Addy += Off;
}
return Addy;
}
我像这样使用:
ReadAddress("solitaire", "solitaire.exe+97074 2c 10");
此函数适用于读取整数。但我想读花车。有人告诉我,我必须做
ReadProcessMemory(P[0].Handle, Addy, buff, 4, 0); // after you dereference all pointers and get the final "desired" value.
Addy = BitConverter.ToSingle(buff, 0); // ToSingle converts value to float.
但我不明白将他建议的代码放在函数中的什么位置。有人可以帮我吗?提前谢谢:D。