用C将数据写入另一个程序的指针?
我目前正在学习C,尤其是内存的工作原理,以及如何编写和读取程序使用的数据。在实践中,我开始为游戏Undertale编写一个小作弊,它会不断地用最大的健康值覆盖健康地址,这将使角色无敌。我使用欺骗引擎搜索了健康值的地址,现在我有了以下代码:
#include <stdio.h>
#include <Windows.h>
int main(void) {
printf("\n");
double MAXHEALTH = 20;
HWND hwnd = FindWindowA(NULL, "UNDERTALE");
if(hwnd == NULL) {
printf("ERROR: COULD NOT FIND GAME WINDOW. PLEASE OPEN THE GAME.\n");
return 1;
}
printf("[+] Undertale window found\n");
DWORD processID;
GetWindowThreadProcessId(hwnd, &processID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
if (processID == NULL) {
printf("ERROR: COULD NOT HANDLE PROCESS.\n");
return 1;
}
printf("[+] Obtained handle\n");
while(1) {
printf("[*] Writing max health value to health address..\n");
WriteProcessMemory(handle, (LPVOID)0x049B2F8, &MAXHEALTH, sizeof(MAXHEALTH), 0);
printf("[+] Done!\n");
}
return 0;
}而且它是有效的。坏的是,当你关闭游戏并重新打开它,所有的地址都是不同的.这不是很有效率。因此,我想尝试使用欺骗引擎来查找健康值的基地址。我做了多个指针扫描,并将结果缩小到大约150个地址,指向健康地址。我试着随机选择一个,关闭游戏,重新打开它,它起作用了:我能够使用我找到的指针来修改健康值。
所以我想我应该在我的代码中使用它。在指针扫描窗口的“基本地址”下,它显示了"UNDERTALE.exe"+059E4F8。我尝试用指针的地址替换代码中的地址(我输入了(LPVOID)0x059E4F8),但是没有工作。输出反复说"[+] Done!“,但健康值没有变化,而它在欺骗引擎中工作。我对整个内存管理都很陌生,我做错了什么?我想做什么都有可能吗?
我希望我对所做的每件事的解释都足够清楚,如果没有,请告诉我。
谢谢。
回答 1
Stack Overflow用户
发布于 2018-04-10 16:45:22
好吧,我找到了怎么做我想做的事。我终于得到(可能很明显,但嘿),我发现的第一个指针只是5个指针链中的第一个指针,我必须遵循这个指针才能到达健康地址。因此,我读取每个指针所包含的值,以找到下一个指针,直到最终到达正确的健康地址。现在,每次我运行游戏时,我的欺骗都起作用:)。
我的代码(我知道它没有优化,我可以使用for循环,但它只是用于测试目的):
#include <stdio.h>
#include <Windows.h>
int main(void) {
printf("\n");
LPVOID readPointer;
double health;
int pointerval = 0x00400000 + 0x0059E470 ; //UNDERTALE.exe base address + first offset to get to first pointer
HWND hwnd = FindWindowA(NULL, "UNDERTALE");
if(hwnd == NULL) {
printf("ERROR: COULD NOT FIND GAME WINDOW. PLEASE OPEN THE GAME.\n");
return 1;
}
printf("[+] Undertale window found\n");
DWORD procID;
GetWindowThreadProcessId(hwnd, &procID);
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (procID == NULL) {
printf("ERROR: COULD NOT OBTAIN HANDLE FOR PROCESS.\n");
return 1;
}
printf("[+] Obtained handle\n");
printf("[*] Following pointer chain...\n");
printf("[*] Reading pointer 1 value from memory at address 0x%p...\n", pointerval);
ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
pointerval = (int*)readPointer;
printf("Pointer 1 value: 0x%p\n", pointerval);
printf("Applying offset 0x98..\n\n");
pointerval += 0x98;
printf("[*] Reading pointer 2 value from memory at address 0x%p...\n", pointerval);
ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
pointerval = (int*)readPointer;
printf("Pointer 2 value: 0x%p\n", pointerval);
printf("Applying offset 0xC..\n\n");
pointerval += 0xC;
printf("[*] Reading pointer 3 value from memory at address 0x%p...\n", pointerval);
ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
pointerval = (int*)readPointer;
printf("Pointer 3 value: 0x%p\n", pointerval);
printf("Applying offset 0x4..\n\n");
pointerval += 0x4;
printf("[*] Reading pointer 4 value from memory at address 0x%p...\n", pointerval);
ReadProcessMemory(handle, (PVOID*)pointerval, &readPointer, sizeof(readPointer), 0);
pointerval = (int*)readPointer;
printf("Pointer 4 value: 0x%p\n", pointerval);
printf("Applying offset 0x1D0..\n\n");
pointerval += 0x1D0;
printf("[+] Pointer chain over: health address is 0x%p.\n\n",pointerval);
printf("[*] Reading actual health value\n");
ReadProcessMemory(handle, (PVOID*)pointerval, &health, sizeof(health), 0);
printf("[+] Actual health value: %f\n\n",health);
printf("[*] Writing health value to health address repeatedly..\n");
printf("[+] God mode activated ;)\n");
while(1) {
WriteProcessMemory(handle, (LPVOID)pointerval, &health, sizeof(health), 0);
}
return 0;
}https://stackoverflow.com/questions/49738858
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号