-1

我在理解地址的含义和指针时遇到问题。当我正在处理攻击立方体时,我得到了 client.dll 的地址,或者在本例中为“ac_client.exe”。我将此地址添加到基地址以获取本地播放器指针,该指针显示为 509b74。 示例图像 在此指针中,我使用 localplayer 并添加 F8 的偏移量,这将指向我的健康状况。如您所见,它说 0x509b74 -> 000E1B188 .....“000E1B188”来自哪里?我不明白?那么 000E1B188 + f8 = 00E1B280 会发生什么?我不明白?!

4

1 回答 1

0

To clarify 0x509b74 is a hard coded address which works out ok for Assault Cube because Address Space Layor Randomization is not enabled and the .exe is always loaded into 0x400000. You could also dynamically grab the address of the ac_client.exe module and then add the relative offset of 0x109B74 using ToolHelp32Snapshot

For the purposes of this exercise, a pointer is a variable that simply contains a number that represents an address. When you're programming and defining a pointer you must define the type of variable the pointer will point at. This is only for the sake of the compiler so that it may create code that properly accesses the variable at the end of the pointer with the correct instructions for that data type and strong typed compiler error checking.

0x509b74 happens to be a pointer that points to the dynamic local player object. To put it another way, the dynamic player object pointer is located at 0x509b74. It points to 0x00E1B188 which is the address of the local player object, which is dynamically allocated. To get from 0x509b74 to 0x00E1B188 is called de-referencing, which is simply reading the address contained in the pointer.

Once the pointer is de-referenced you you are looking at address 0x00E1B188 which can be referred to as the "base address" of the local player object. Also consider that this is at offset 0x0 of the player object. When you add 0xF8 to it you are now looking at 0x0E1B280, the address of the health variable that resides inside the player class, it's just simple addition at this point.

It's actually simple once you learn it. It basically looks similar to this in the code:

struct player
{
int ammo;
int health;
}

player* localPlayerPtr = new player();

In this example ammo is offset 0x0, health is offset 0x4 assuming ints are 4 bytes. Lets say localPlayerPtr is located at 0x509b74, points to a new player object located at 0x00E1B188. Offset 0x0 is the ammo. When you add offset 0x4 you get 0x00E1B18C which is the health address.

Understanding pointers and object oriented programming from a C++ perspective will make reverse engineering pointers much easier so you may want to brush up on that and make some practice applications.

于 2017-11-22T04:50:48.470 回答