XiaoTouM1ng 发表于 2022-12-27 16:38

UE4 4.23版本以下暴力搜索GName

代码如下:

```
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>

DWORD64 GetName(HANDLE Process,LPVOID BaseAddress) {

    DWORD64 Buffer = 0;
    SIZE_T lpNumber = 0;
    ReadProcessMemory(Process, BaseAddress, &Buffer, sizeof(DWORD64), &lpNumber);
    if (Buffer != 0)
    {
      ReadProcessMemory(Process, (LPVOID)(Buffer), &Buffer, sizeof(DWORD64), &lpNumber);
    }
    if (Buffer != 0)
    {
      ReadProcessMemory(Process, (LPVOID)(Buffer + 0x8), &Buffer, sizeof(DWORD64), &lpNumber);
    }

    return Buffer + 0xc;

}

void main() {

    HANDLE Pid = OpenProcess(PROCESS_ALL_ACCESS, FALSE, 12060);
    DWORD64 BaseAddress = 0x7FF7122F0000;
    DWORD64 ValueAddress = 0;
    int i = 0;
    char buffer = { 0 };
    ReadProcessMemory(Pid, (LPVOID)ValueAddress, buffer, 12,NULL);
   
    while (true) {
   
   

      ReadProcessMemory(Pid, (LPVOID)GetName(Pid, (LPVOID)(BaseAddress+i)), buffer, 12, NULL);

      if (!strcmp(buffer,"ByteProperty"))
      {
            break;
      }
      i = i + 4;
      memset(buffer,0,255);
      printf("[-] 当前地址为:BaseAddress + %x \r\n", i);
   
    }
   

    printf("GName Address = %p\r\n", BaseAddress);

}
```

修改下return中的偏移就可以了:

```
return Buffer + 0xc;
```

测试了大概半小时左右能跑出来:



页: [1]
查看完整版本: UE4 4.23版本以下暴力搜索GName