我找到了一个内存地址并使用作弊引擎的指针扫描来获取引用指针。要在脚本中使用它,我需要一个基地址,即[game.exe+009274]
. 如何将其转换为用于 AutoIt 脚本的地址?
问问题
1653 次
1 回答
3
我前段时间写了2个函数。一个加载进程加载的所有模块,一个获取所需模块的基地址。两者在这里都可能很方便。
Local $iPID = WinGetProcess("app.exe")
Local $sLoadedModules = _ProcessGetLoadedModules($iPID)
Local $My_dll = _MemoryModuleGetBaseAddress($iPID, "My.dll")
For $i = 0 To UBound($sLoadedModules) - 1
ConsoleWrite($sLoadedModules[$i] & @LF) ; find your process here
Next
ConsoleWrite($My_dll & @LF)
Func _ProcessGetLoadedModules($iPID)
Local Const $PROCESS_QUERY_INFORMATION = 0x0400
Local Const $PROCESS_VM_READ = 0x0010
Local $aCall, $hPsapi = DllOpen("Psapi.dll")
Local $hProcess, $tModulesStruct
$tModulesStruct = DllStructCreate("hwnd [200]")
Local $SIZEOFHWND = DllStructGetSize($tModulesStruct) / 200
$hProcess = _WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION, $PROCESS_VM_READ), False, $iPID)
If Not $hProcess Then Return SetError(1, 0, -1)
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", DllStructGetSize($tModulesStruct), "dword*", "")
If $aCall[4] > DllStructGetSize($tModulesStruct) Then
$tModulesStruct = DllStructCreate("hwnd [" & $aCall[4] / $SIZEOFHWND & "]")
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", $aCall[4], "dword*", "")
EndIf
Local $aReturn[$aCall[4] / $SIZEOFHWND]
For $i = 0 To UBound($aReturn) - 1
$aCall = DllCall($hPsapi, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", DllStructGetData($tModulesStruct, 1, $i + 1), "wstr", "", "dword", 65536)
$aReturn[$i] = $aCall[3]
Next
_WinAPI_CloseHandle($hProcess)
DllClose($hPsapi)
Return $aReturn
EndFunc ;==>_ProcessGetLoadedModules
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc ;==>_MemoryModuleGetBaseAddress
于 2016-03-17T17:54:16.993 回答