如何找到变量的内存地址(文件句柄)? [英] How to find the memory address of a variable (File handle)?
问题描述
为了尝试使用其他共享选项重新打开文件,我将DLL注入到进程中,并尝试写入特定的内存地址,我认为这是存储文件挂钩的地址...但是最终导致应用程序崩溃.
我一直在使用TSearch在4个字节中查找句柄的数字表示形式,最初我发现7个内存地址随着文件句柄的变化而变化,通过截获CreateFile可以找到该地址.我试图使用ReOpenFile创建一个新的文件句柄,并用新的文件句柄覆盖了这7个内存地址,但这导致应用程序崩溃.但是,在应用程序崩溃后,我再也找不到了始终显示该文件句柄的内存地址. .
这是我用来覆盖旧句柄的方法....但是,即使它是正确的,我也找不到在哪里覆盖....
In an attempt to reopen a file with a different share option, I have injected a DLL into the process, and attempt to write to a specific memory address which I thought was the address where a file hook was stored... But it ended up crashing the application.
I had been using TSearch to look for the numerical representation of the handle in 4 bytes, and originally I had found 7 memory addresses that changed with the file handle I could find by intercepting CreateFile. I attempted to create a new file handle using ReOpenFile, and overwrote those 7 memory addresses with the new file handle, but that caused the application to crash However after the application crashed, I can no longer find a memory address that consistently shows the file handle.
This is the method I used to overwrite the old handle.... But even if it is correct I can''t find where to overwrite....
IntPtr[] memAddr = { new IntPtr(0x18971C), new IntPtr(0x617B9AAC), new IntPtr(0x645106DC), new IntPtr(0x660CC0EC), new IntPtr(0x6F861728), new IntPtr(0x74E300BC), new IntPtr(0x7500011C) };
foreach (IntPtr iter in memAddr)
{
IntPtr iinn = Marshal.ReadIntPtr(iter, Marshal.SizeOf(typeof(IntPtr)));
IntPtr outt = ReOpenFile(iinn, 0x00000001, 0x00000001, 0x00000000);
Marshal.WriteIntPtr(iter, Marshal.SizeOf(typeof(IntPtr)), outt);
}
Queue.Push(memAddr.Length + " memory addresses patched!");
推荐答案
这现在已经很深入了,但是我认为您需要暂停执行之类的操作,获取其中一种调试工具,使您可以查看文件句柄是什么.由哪个进程拥有,找到文件句柄的值并搜索它的内存空间.那就是如果反编译您认为必须在其中设置的代码部分(我想您首先尝试过)不会帮助找到变量.
最简单的方法就是与游戏作者合作,当然是:P
This is into pretty deep hackery now, but I think you need to something like suspend execution, get one of those debug tools that will allow you to see what file handles are owned by what process, find the value of the file handle and search the memory space for it. That''s if decompiling the bit of the code you think it must be set in (which I guess you tried first) doesn''t help locate the variable.
The easiest way would be to work with the game''s author, of course :P
这篇关于如何找到变量的内存地址(文件句柄)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
