如何访问结构，其他程序的内存？ [英] How to access structure in other program's memory?

问题描述

我知道如何导入和使用读/ writeprocessmomory在C＃。 我正在比赛的教练。我需要有直接访问其他进程的内存浇铸结构体。我可以用readprocessmemory或WriteProcessMemory的，但是这将需要很多时间来inplement许多结构。

I know how to import and use read/writeprocessmomory in C#. I'm working on game trainer. I need to have "direct" access to other process memory casted to struct. I can use readprocessmemory or writeprocessmemory but that would take much time to inplement for many structures.

有这样的结构在C ++中：

There is this structure in C++:

class CRenderer
{
public:
    char unknown0[1692]; //0x0000
    BYTE ID07D54FC8; //0x069C  
    BYTE drawObjects; //0x069D  
    BYTE drawDeferred; //0x069E  
    BYTE drawParticles; //0x069F  
    BYTE ID07E1CA70; //0x06A0  
    BYTE drawBundledMeshes; //0x06A1  
    BYTE drawStaticMeshes; //0x06A2  
    BYTE drawSkinnedMeshes; //0x06A3  
    BYTE drawRoads; //0x06A4  
    BYTE drawTerrain; //0x06A5  
    BYTE drawUnderGrowth; //0x06A6  
    BYTE drawOverGrowth; //0x06A7  
    BYTE drawNameTags; //0x06A8  
    BYTE drawTrees; //0x06A9  
    BYTE ID07E1CE70; //0x06AA  
    BYTE ID07E1CDF0; //0x06AB  
    BYTE DrawFPS; //0x06AC  
    BYTE ID07E1CEF0; //0x06AD  
    BYTE ID07E1C8F0; //0x06AE  
    BYTE ID07E1C870; //0x06AF  
    BYTE drawGraphs; //0x06B0  
    BYTE ID07D55048; //0x06B1  
    BYTE drawSkyDome; //0x06B2  
    BYTE drawSunFlare; //0x06B3  
    BYTE drawPostProduction; //0x06B4  
    BYTE ID07D550C8; //0x06B5  
    char unknown1718[6534]; //0x06B6
};//Size=0x203C(8252)

如何重新present该结构在C＃中？ 什么是才达到某事像这样最简单的方法：

How to represent that structure in C#? What is the easiest way to achive sth like this:

//C++
DWORD RendererBase = (DWORD)GetModuleHandle( "RendDx9.dll" ); //Gets the base address of RenDX9.dll
DWORD RendererOffset = RendererBase + 0x23D098; //Static address
CRenderer *cRenderer = *(CRenderer**)RendererOffset; //Points to the class using the static offset

cRenderer->drawSkyDome = 0; //No Sky
cRenderer->DrawFPS = 1; //Show FPS

在C＃中我希望能够利用这样的：

In C# I want to be able to use it like this:

cRenderer.drawSkyDome = 0; //No Sky
cRenderer.DrawFPS = 1; //Show FPS

如何使用其他进程内存的结构在我的C＃应用​​程序？

How to use other process memory as struct in my C# application?

推荐答案

如果你需要一个结构是二进制与非托管的程序兼容，可以使用 [StructLayout] 属性和它的朋友们。例如。在你的情况下，它会是这样的：

If you need a structure to be binary compatible with a non-managed program, you can use the [StructLayout] attribute and its friends. E.g. in your case it would be something like:

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);

[StructLayout(LayoutKind.Sequential, Pack = 1)]
public struct RendererData
{
    [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1692)]
    public byte[] Unknown;
    public byte ID07D54FC8;
    public byte DrawObjects;
    public byte DrawDeferred;
    // ...
    public byte DrawFPS;
    // ...
    public byte DrawSkyDome;
    // ...
}

void Main()
{
    IntPtr rendererBase = GetModuleHandle("RendDx9.dll");
    if (rendererBase == IntPtr.Zero)
    {
        throw new InvalidOperationException("RendDx9.dll not found");
    }
    IntPtr rendererAddr = IntPtr.Add(rendererBase, 0x23D098);

    var data = new RendererData();
    Marshal.PtrToStructure(rendererAddr, data);

    data.DrawSkyDome = 0;
    data.DrawFPS = 1;

    Marshal.StructureToPtr(data, rendererAddr, false);
}

我不知道，如果你将能够访问这种直接的方式与其他模块的数据，但你可以用替换法用 ReadProcessMemory / WriteProcessMemory的，其基本原理仍然保持（只有这个时候，你需要以管理为结构的内存）。

I am not sure if you would be able to access the data of the other module in such a direct way, but you can replace the method with ReadProcessMemory/WriteProcessMemory, the basic principle would still hold (only this time, you would need to manage the memory for the structure).

这篇关于如何访问结构，其他程序的内存？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！