C/C ++程序中怎么会有静态地址? [英] How can there be static addresses in C/C++ programs?

问题描述

我一直在研究作弊引擎，该引擎可让您检查和操作Windows上正在运行的进程的内存:您可以根据变量的值扫描变量，然后可以对其进行修改，例如在游戏中作弊.

I've been looking a bit into Cheat Engine, which allows you to inspect and manipulate the memory of running processes on Windows: You scan for variables based on their value, then you can modify them, e.g. to cheat in a game.

要编写一个机器人程序或类似程序，您需要为要更改的变量找到一个静态地址-即，如果重新启动该进程，则该地址不变.该方法大致如下:

In order to write a bot or something similar, you need to find a static address for the variable you want to change - i.e. one that stays the same if the process is restarted. The method for that goes roughly like this:

1. 按值搜索所需变量的地址
2. 使用该地址查找代码，例如查找它所属结构的地址(因为结构偏移量是固定的)
3. 寻找另一个指向该指针的指针，直到找到一个具有静态地址的指针(在作弊引擎中显示为绿色)

从我看过的教程来看，它似乎工作得很好，但是我很难理解为什么起作用.

It seems to work just fine judging from the tutorials I've looked at, but I have trouble understanding why it works.

不是所有变量(包括全局静态变量)在运行时都会获得一个相当随机的地址吗?

奖金问题:

1. 作弊引擎如何判断地址是否静态(即重新启动后保持不变)?
2. 一个教程提到了这样一个事实，即许多旧游戏和某些现代游戏(例如《使命召唤4》)仅使用 静态地址.那怎么可能?

1. How can Cheat Engine tell if an address is static (i.e. will stay the same on restart)?
2. A tutorial referred to the fact that many older and some modern games (e.g. Call of Duty 4) use only static addresses. How is that possible?

推荐答案

我将首先回答奖金问题，因为它们引入了一些您可能需要了解的概念才能理解主要问题的答案.

I will answer the bonus questions first because they introduce some concepts you may need to know to understand the answer for the main question.

如果您知道可执行文件的工作方式，则回答第一个红利问题很容易:所有全局/静态变量都在.data节中，.exe在其中存储该节的地址偏移，因此Cheat Engine只会检查如果变量在此地址范围内(从本节到下一个).

Answering the first bonus question is easy if you know how an executable file works: all the global/static variables are inside the .data section, in which the .exe stores the address offset for the section so Cheat Engine just checks if the variable is in this address range (from this section to the next one).

对于第二个问题，可以仅使用静态地址，但这对于游戏几乎是不可能的.甚至更老的.教程创建者可能想说的是，他想要的所有变量实际上都有指向它们的静态指针.但是仅由于您创建了局部变量，或者甚至将参数传递给函数的事实，它们的值才被存储到堆栈中.这就是为什么几乎不可能拥有仅静态"程序的原因.即使您编译的程序实际上什么也没做，它可能还会在堆栈中存储一些东西.

For the second question, it is possible to use only static addresses, but that is nearly impossible for a game. Even the older ones. What the tutorial creator was probably trying to say is that all variables that he wants, actually had a static pointer pointing to them. But solely by the fact that you create a local variable, or even pass an argument to a function, their values are being stored into the stack. That's why it is nearly impossible to have a "static-only" program. Even if you compile a program that actually doesn't do anything, it will probably have some stuff being stored in the stack.

对于整个问题本身，并非所有动态地址变量都由全局变量指向.这完全取决于程序员.例如，我可以创建局部变量，而从不将其地址分配给C程序中的全局/静态指针.在这种情况下，找到该地址的唯一确定方法是在首次在堆栈中为变量分配值时才真正知道代码.

For the whole question itself, not all dynamic address variables are pointed by a global variable. It depends totally on the programmer. I can create a local variable and never assign its address to a global/static pointer in a C program, for example. The only certain way to find that address in this case is to actually know the code when the variable was first assigned a value in the stack.

某些变量具有动态地址，因为它们只是局部变量，它们在第一次为其分配值时就存储在堆栈中.

Some variables have a dynamic address because they are just local variables, which are stored in the stack the first time they have a value assigned to them.

某些其他变量具有静态地址，因为它们被声明为编译器的全局变量或静态变量.这些变量具有固定的地址偏移量，该地址偏移量是可执行文件中的.data部分的一部分.

Some other variables have a static address because they are declared either as a global or a static variable to the compiler. These variables have a fixed address offset that is part of the .data section in the executable file.

可执行文件的内部每个部分都有一个固定的偏移地址，.data部分也不例外.

The executable file has a fixed offset address for each section inside it, and the .data section is no exception.

但是，值得注意的是，可执行文件本身内部的偏移量是固定的.在操作系统中，情况可能有所不同(所有随机地址)，但这是OS的工作，它为您抽象了此类内容(在这种情况下，创建可执行文件的虚拟地址空间).因此，看起来静态变量实际上是静态的，但仅在可执行文件的内存空间内.在RAM上可能无处不在.

But it is worth to note that the offset inside the executable itself is fixed. In the operating system things might be different (all random addresses), but that is the job of an OS, abstracting this kind of stuff for you (creating the executable's virtual address space in this case). So it just looks like static variables are actually static, but only inside the executable's memory space. On the RAM things might be anywhere.

最后，很难向您解释这一点，因为您必须了解可执行文件的工作方式.一个好的开始是搜索有关低级编程的一些解释，例如堆栈框架，调用约定，汇编语言本身以及编译器如何使用一些众所周知的技术来管理函数(通常是作用域)，全局/静态/局部/常数变量，内存系统(节，堆栈等)，以及对PE(甚至ELF)文件的一些研究.

Finally, it is difficult to try to explain this to you because you'll have to understand how executable files work. A good start would be to search for some explanations regarding low-level programming, like stack frame, calling conventions, the Assembly language itself and how compilers use some well-known techniques to manage functions (scopes in general), global/static/local/constant variables, and the memory system (sections, the stack, etc.), and maybe some research into PE (and even ELF) files.

这篇关于C/C ++程序中怎么会有静态地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！