转换作弊引擎基址



我找到了一个内存地址,并使用作弊引擎的指针扫描来获取引用指针。要在脚本中使用它,我需要一个基址,即 [game.exe+009274] .如何将其转换为在AutoIt脚本中使用的地址?

我使用 NomadMemory.au3 UDF。

我前段时间写了 2 个函数。一个用于加载随进程加载的所有模块,另一个用于获取所需模块的基址。两者都可能在这里很方便。

Local $iPID = WinGetProcess("app.exe")
Local $sLoadedModules = _ProcessGetLoadedModules($iPID)
Local $My_dll = _MemoryModuleGetBaseAddress($iPID, "My.dll")
For $i = 0 To UBound($sLoadedModules) - 1
    ConsoleWrite($sLoadedModules[$i] & @LF) ; find your process here
Next
ConsoleWrite($My_dll & @LF)

Func _ProcessGetLoadedModules($iPID)
    Local Const $PROCESS_QUERY_INFORMATION = 0x0400
    Local Const $PROCESS_VM_READ = 0x0010
    Local $aCall, $hPsapi = DllOpen("Psapi.dll")
    Local $hProcess, $tModulesStruct
    $tModulesStruct = DllStructCreate("hwnd [200]")
    Local $SIZEOFHWND = DllStructGetSize($tModulesStruct) / 200
    $hProcess = _WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION, $PROCESS_VM_READ), False, $iPID)
    If Not $hProcess Then Return SetError(1, 0, -1)
    $aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", DllStructGetSize($tModulesStruct), "dword*", "")
    If $aCall[4] > DllStructGetSize($tModulesStruct) Then
        $tModulesStruct = DllStructCreate("hwnd [" & $aCall[4] / $SIZEOFHWND & "]")
        $aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", $aCall[4], "dword*", "")
    EndIf
    Local $aReturn[$aCall[4] / $SIZEOFHWND]
    For $i = 0 To UBound($aReturn) - 1
        $aCall = DllCall($hPsapi, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", DllStructGetData($tModulesStruct, 1, $i + 1), "wstr", "", "dword", 65536)
        $aReturn[$i] = $aCall[3]
    Next
    _WinAPI_CloseHandle($hProcess)
    DllClose($hPsapi)
    Return $aReturn
EndFunc   ;==>_ProcessGetLoadedModules
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
    If Not IsString($sModule) Then Return SetError(2, 0, 0)
    Local $PSAPI = DllOpen("psapi.dll")
    Local $hProcess
    Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf
    Local $Modules = DllStructCreate("ptr[1024]")
    Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local $iModnum = $aCall[4] / 4
        Local $aTemp
        For $i = 1 To $iModnum
            $aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf
    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc   ;==>_MemoryModuleGetBaseAddress

相关内容

  • 没有找到相关文章

最新更新