c - 将数据写入C中另一个程序的指针？

Question

我目前正在学习 C，尤其是内存是如何工作的，以及我如何编写和读取程序使用的数据。为了练习，我开始为游戏 Undertale 编写一个小作弊程序，它会不断用最大生命值覆盖生命值地址，从而使角色无敌。我用作弊引擎搜索了健康值的地址，现在我有了这段代码：

#include <stdio.h>
#include <Windows.h>

int main(void) {
    printf("\n");
    double MAXHEALTH = 20;

    HWND hwnd = FindWindowA(NULL, "UNDERTALE");
    if(hwnd == NULL) {
        printf("ERROR: COULD NOT FIND GAME WINDOW. PLEASE OPEN THE GAME.\n");
        return 1;
    }
    printf("[+] Undertale window found\n");
    DWORD processID;
    GetWindowThreadProcessId(hwnd, &processID);
    HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);

    if (processID == NULL) {
        printf("ERROR: COULD NOT HANDLE PROCESS.\n");
        return 1;
    }
    printf("[+] Obtained handle\n");

    while(1) {
        printf("[*] Writing max health value to health address..\n");
        WriteProcessMemory(handle, (LPVOID)0x049B2F8, &MAXHEALTH, sizeof(MAXHEALTH), 0);
        printf("[+] Done!\n");
    }
    return 0;
}

它有效。糟糕的是，当你关闭游戏并重新打开它时，所有的地址都不同......这不是很有效。所以我想尝试使用作弊引擎找到健康值的基地址。我进行了多次指针扫描，并将结果缩小到大约 150 个地址，指向健康地址。我尝试随机选择一个，关闭游戏，重新打开它，它工作：我能够使用我找到的指针修改健康值。

所以我想我会在我的代码中使用它。在指针扫描窗口的“基地址”下，显示"UNDERTALE.exe"+059E4F8. 我尝试将代码中的地址替换为指针的地址（我输入了(LPVOID)0x059E4F8），但没有成功。输出[+] Done!重复说“”但健康值没有改变，而它在作弊引擎中工作......我对整个内存管理的事情是新手，我做错了什么？我想做的甚至可能吗？

我希望我对我所做的一切的解释足够清楚，如果没有，请告诉我。

谢谢你。

Answer 1

好吧，我找到了如何做我想做的事。我终于（也许很明显，但是嘿）我发现的第一个指针只是 5 个指针链中的第一个，我必须遵循它才能到达健康地址。所以我读取每个指针包含的值以找到下一个，直到最终到达正确的健康地址。现在我每次运行游戏时作弊都有效:)。

我的代码（我知道它没有优化，我可以使用 for 循环，但它只是为了测试目的。）：

#include <stdio.h>
#include <Windows.h>

int main(void) {
    printf("\n");
    LPVOID readPointer;
    double health;
    int pointerval = 0x00400000 + 0x0059E470 ;  //UNDERTALE.exe base address + first offset to get to first pointer

    HWND hwnd = FindWindowA(NULL, "UNDERTALE");
    if(hwnd == NULL) {
        printf("ERROR: COULD NOT FIND GAME WINDOW. PLEASE OPEN THE GAME.\n");
        return 1;
    }
    printf("[+] Undertale window found\n");
    DWORD procID;
    GetWindowThreadProcessId(hwnd, &procID);
    HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);

    if (procID == NULL) {
        printf("ERROR: COULD NOT OBTAIN HANDLE FOR PROCESS.\n");
        return 1;
    }
    printf("[+] Obtained handle\n");


    printf("[*] Following pointer chain...\n");


    printf("[*] Reading pointer 1 value from memory at address 0x%p...\n", pointerval);
    ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
    pointerval = (int*)readPointer;
    printf("Pointer 1 value: 0x%p\n", pointerval);
    printf("Applying offset 0x98..\n\n");
    pointerval += 0x98;

    printf("[*] Reading pointer 2 value from memory at address 0x%p...\n", pointerval);
    ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
    pointerval = (int*)readPointer;
    printf("Pointer 2 value: 0x%p\n", pointerval);
    printf("Applying offset 0xC..\n\n");
    pointerval += 0xC;

    printf("[*] Reading pointer 3 value from memory at address 0x%p...\n", pointerval);
    ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
    pointerval = (int*)readPointer;
    printf("Pointer 3 value: 0x%p\n", pointerval);
    printf("Applying offset 0x4..\n\n");
    pointerval += 0x4;

    printf("[*] Reading pointer 4 value from memory at address 0x%p...\n", pointerval);
    ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
    pointerval = (int*)readPointer;
    printf("Pointer 4 value: 0x%p\n", pointerval);
    printf("Applying offset 0x1D0..\n\n");
    pointerval += 0x1D0;


    printf("[+] Pointer chain over: health address is 0x%p.\n\n",pointerval);

    printf("[*] Reading actual health value\n");
    ReadProcessMemory(handle, (PVOID*)pointerval, &health, sizeof(health), 0);
    printf("[+] Actual health value: %f\n\n",health);

    printf("[*] Writing health value to health address repeatedly..\n");
    printf("[+] God mode activated ;)\n");
    while(1) {
        WriteProcessMemory(handle, (LPVOID)pointerval, &health, sizeof(health), 0);
    }

    return 0;
}