寻找正确的基址 [英] Finding the correct baseaddress
问题描述
我意识到我得到正确的baseaddress版本是错误的
I realized that my version of getting the correct baseaddress was wrong
Process[] iexp = Process.GetProcessesByName("Solitaire");
if (iexp.Length == 0) {
//EXIT
}
Process internet = iexp[0];
uint baseAddress = (uint)internet.MainModule.BaseAddress.ToInt64();
但是baseaddress是错误的
我还查看了 MSDN 但是此代码非常奇怪,它给出了我是一个无限循环.
I also looked in MSDN but this code is very strange and gives me an infinite loop.
我希望你能帮助我,因为我找不到任何例子.
I hope you can help me because I can't find any example.
ReadProcessMemory(readHandle, ((IntPtr)(((baseAddress) + 0x14) + 0x50)), bytes, (UIntPtr)4, ref rw);
在这里,我制作了桌面图像. 我真的很困惑,也许有人知道我在哪里弄错了. http://i.stack.imgur.com/50lva.jpg
Here i made an image of my desktop. Im realy confused, maybe someone knows where i made a mistake. http://i.stack.imgur.com/50lva.jpg
推荐答案
如果您想要我想要的东西,我只能想到几种实现方式,但它们都不是.NET内置的.
If you want what I think you want, I can only think of a few ways to do it, none of them are .NET built-in though...
-
使用P/Invoke返回启动可执行文件的基地址.
Use P/Invoke to return the base address of the startup executable.
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
返回包含MyClass的可执行文件的基址
Returns the base address of the executable containing MyClass
Marshal.GetHINSTANCE(typeof(MyClass).Module)
使用以下方法将句柄返回到当前模块:
Return a handle to the current module using:
Marshal.GetHINSTANCE(this.GetType().Module)
这篇关于寻找正确的基址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
