Bru*_*oLM 8 c# process memory-editing
我有一个我想修改的地址.我有这个过程.我有新的价值.那么现在怎么办?
// My Process
var p = Process.GetProcessesByName("ePSXe").FirstOrDefault();
// Address
var addr = 0x00A66E11;
// Value
var val = 0x63;
如何0x63在另一个进程内存上写入(99)此地址?
Bru*_*oLM 12
@Harvey,从你的回答中我挖出来并发现了很多:
打开,关闭和写入签名:
[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);
标志:
[Flags]
public enum ProcessAccessFlags : uint
{
All = 0x001F0FFF,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
}
让我的生活更轻松的方法:
public static void WriteMem(Process p, int address, long v)
{
var hProc = OpenProcess(ProcessAccessFlags.All, false, (int)p.Id);
var val = new byte[] { (byte)v };
int wtf = 0;
WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32)val.LongLength, out wtf);
CloseHandle(hProc);
}
写入另一个进程内存:
static void Main(string[] args)
{
var p = Process.GetProcessesByName("ePSXe").FirstOrDefault();
WriteMem(p, 0x00A66DB9, 99);
}
尽管 P/Invoke 本机函数(例如)WriteProcessMemory工作得很好,但专用于内存编辑的库仍然存在,使您能够以更简单的方式完成此任务。
使用MemorySharp库,这可以总结为:
using(var sharp = new MemorySharp(Process.GetProcessesByName("ePSXe").FirstOrDefault()))
{
sharp[0x00A66E11, false].Write(0x63);
}
前面的代码假设写入值的地址未重新基址化。
| 归档时间: |
|
| 查看次数: |
15743 次 |
| 最近记录: |