本帖最后由 古月不傲 于 2020-3-10 18:59 编辑
[C] 纯文本查看 复制代码 #include <iostream>
#include <Windows.h>
typedef enum _Address
{
baseAddress = 0x007794F8,
oneOffset = 0x868,
twoOffset = 0x5578,
}Address;
//读取指定进程的内存
BOOL ReadProcessMem(
_In_ HANDLE hProcess,
_In_ PDWORD pBaseAddress,
_In_ DWORD dwLayerOfOffset,
_In_ PDWORD pOffsetBuffer,
_In_ DWORD dwReadSize,
_Out_ PVOID pReturnValue)
{
if (hProcess == NULL || pBaseAddress == NULL || dwLayerOfOffset < 0) {
return FALSE;
}
if (dwLayerOfOffset >= 1 && pOffsetBuffer == NULL) {
return FALSE;
}
//没有偏移地址直接读取基地址返回
if (dwLayerOfOffset == 0)
{
//读取基地址
if (!ReadProcessMemory(hProcess, pBaseAddress, pReturnValue, dwReadSize, NULL)) {
return FALSE;
}
}
//有偏移地址的情况
else
{
//读取基地址
if (!ReadProcessMemory(hProcess, pBaseAddress, pReturnValue, sizeof(DWORD), NULL)) {
return FALSE;
}
PVOID pAddress = NULL;
//读取偏移
for (DWORD dwCount = 0; dwCount < dwLayerOfOffset - 1; dwCount++)
{
pAddress = (PVOID)((*(PDWORD)pReturnValue) + pOffsetBuffer[dwCount]);
if (!ReadProcessMemory(hProcess, pAddress, pReturnValue, sizeof(DWORD), NULL)) {
return FALSE;
}
}
pAddress = (PVOID)((*(PDWORD)pReturnValue) + pOffsetBuffer[dwLayerOfOffset - 1]);
//读取最后偏移的值
if (!ReadProcessMemory(hProcess, pAddress, pReturnValue, dwReadSize, NULL)) {
return FALSE;
}
}
return TRUE;
}
int main(void)
{
DWORD processId = 0;
HWND hWnd = FindWindow(NULL, TEXT("Plants vs. Zombies 1.2.0.1073 RELEASE"));
GetWindowThreadProcessId(hWnd, &processId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
DWORD uOffsetBuffer[2] = { oneOffset, twoOffset };
DWORD dwReturnValue = 0;
if (ReadProcessMem(hProcess, (PDWORD)baseAddress, 2, uOffsetBuffer, 4, &dwReturnValue)) {
printf("当前阳光值:%d\n", dwReturnValue);
}
system("pause");
return 0;
} | 
发表于 2020-3-10 16:49
