3

我找到了一个内存地址并使用作弊引擎的指针扫描来获取引用指针。要在脚本中使用它,我需要一个基地址,即[game.exe+009274]. 如何将其转换为用于 AutoIt 脚本的地址?

我使用NomadMemory.au3 UDF

4

1 回答 1

3

我前段时间写了2个函数。一个加载进程加载的所有模块,一个获取所需模块的基地址。两者在这里都可能很方便。

Local $iPID = WinGetProcess("app.exe")
Local $sLoadedModules = _ProcessGetLoadedModules($iPID)
Local $My_dll = _MemoryModuleGetBaseAddress($iPID, "My.dll")

For $i = 0 To UBound($sLoadedModules) - 1
    ConsoleWrite($sLoadedModules[$i] & @LF) ; find your process here
Next
ConsoleWrite($My_dll & @LF)


Func _ProcessGetLoadedModules($iPID)
    Local Const $PROCESS_QUERY_INFORMATION = 0x0400
    Local Const $PROCESS_VM_READ = 0x0010
    Local $aCall, $hPsapi = DllOpen("Psapi.dll")
    Local $hProcess, $tModulesStruct
    $tModulesStruct = DllStructCreate("hwnd [200]")
    Local $SIZEOFHWND = DllStructGetSize($tModulesStruct) / 200
    $hProcess = _WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION, $PROCESS_VM_READ), False, $iPID)
    If Not $hProcess Then Return SetError(1, 0, -1)
    $aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", DllStructGetSize($tModulesStruct), "dword*", "")
    If $aCall[4] > DllStructGetSize($tModulesStruct) Then
        $tModulesStruct = DllStructCreate("hwnd [" & $aCall[4] / $SIZEOFHWND & "]")
        $aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", $aCall[4], "dword*", "")
    EndIf
    Local $aReturn[$aCall[4] / $SIZEOFHWND]
    For $i = 0 To UBound($aReturn) - 1

        $aCall = DllCall($hPsapi, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", DllStructGetData($tModulesStruct, 1, $i + 1), "wstr", "", "dword", 65536)
        $aReturn[$i] = $aCall[3]

    Next
    _WinAPI_CloseHandle($hProcess)
    DllClose($hPsapi)
    Return $aReturn
EndFunc   ;==>_ProcessGetLoadedModules

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    Local $PSAPI = DllOpen("psapi.dll")
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)


EndFunc   ;==>_MemoryModuleGetBaseAddress
于 2016-03-17T17:54:16.993 回答