UE4 4.23版本以下暴力搜索GName
代码如下:```
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
DWORD64 GetName(HANDLE Process,LPVOID BaseAddress) {
DWORD64 Buffer = 0;
SIZE_T lpNumber = 0;
ReadProcessMemory(Process, BaseAddress, &Buffer, sizeof(DWORD64), &lpNumber);
if (Buffer != 0)
{
ReadProcessMemory(Process, (LPVOID)(Buffer), &Buffer, sizeof(DWORD64), &lpNumber);
}
if (Buffer != 0)
{
ReadProcessMemory(Process, (LPVOID)(Buffer + 0x8), &Buffer, sizeof(DWORD64), &lpNumber);
}
return Buffer + 0xc;
}
void main() {
HANDLE Pid = OpenProcess(PROCESS_ALL_ACCESS, FALSE, 12060);
DWORD64 BaseAddress = 0x7FF7122F0000;
DWORD64 ValueAddress = 0;
int i = 0;
char buffer = { 0 };
ReadProcessMemory(Pid, (LPVOID)ValueAddress, buffer, 12,NULL);
while (true) {
ReadProcessMemory(Pid, (LPVOID)GetName(Pid, (LPVOID)(BaseAddress+i)), buffer, 12, NULL);
if (!strcmp(buffer,"ByteProperty"))
{
break;
}
i = i + 4;
memset(buffer,0,255);
printf("[-] 当前地址为:BaseAddress + %x \r\n", i);
}
printf("GName Address = %p\r\n", BaseAddress);
}
```
修改下return中的偏移就可以了:
```
return Buffer + 0xc;
```
测试了大概半小时左右能跑出来:
页:
[1]