游戏培训师如何更改动态内存中的地址? [英] How do game trainers change an address in memory that's dynamic?

问题描述

让我们假设我是一个游戏，并且我拥有一个包含我健康状况的全局int*.游戏培训师的工作是将这个值修改为任何值，以实现上帝模式.我查看了有关游戏训练师的教程，以了解它们的工作原理，通常的想法是使用内存扫描仪尝试查找具有特定值的地址.然后通过注入dll或其他方式修改此地址.

Lets assume I am a game and I have a global int* that contains my health. A game trainer's job is to modify this value to whatever in order to achieve god mode. I've looked up tutorials on game trainers to understand how they work, and the general idea is to use a memory scanner to try and find the address of a certain value. Then modify this address by injecting a dll or whatever.

但是我编写了一个带有全局int*的简单程序，并且每次运行该应用程序时其地址都会更改，因此我不知道游戏培训师如何对这些地址进行硬编码?还是我的例子错了?

But I made a simple program with a global int* and its address changes every time I run the app, so I don't get how game trainers can hard code these addresses? Or is my example wrong?

我想念什么?

推荐答案

通常做到这一点的方法是，将指针链从静态变量跟踪到包含相关变量的堆地址.例如:

The way this is usually done is by tracing the pointer chain from a static variable up to the heap address containing the variable in question. For example:

struct CharacterStats
{
    int health;
    // ...
}

class Character
{
public:
    CharacterStats* stats;

    // ...

    void hit(int damage)
    {
        stats->health -= damage;
        if (stats->health <= 0)
            die();
    }
}


class Game
{
public:
    Character* main_character;
    vector<Character*> enemies;
    // ...
}

Game* game;

void main()
{
    game = new Game();
    game->main_character = new Character();
    game->main_character->stats = new CharacterStats;

    // ...

}

在这种情况下，如果您遵循mikek3332002的建议并在Character :: hit()函数中设置一个断点并取消减去，这将导致所有角色(包括敌人)无敌.解决方案是找到游戏"变量的地址(该变量应驻留在数据段或函数的堆栈中)，并遵循所有指针，直到找到运行状况变量的地址为止.

In this case, if you follow mikek3332002's advice and set a breakpoint inside the Character::hit() function and nop out the subtraction, it would cause all characters, including enemies, to be invulnerable. The solution is to find the address of the "game" variable (which should reside in the data segment or a function's stack), and follow all the pointers until you find the address of the health variable.

一些工具，例如Cheat Engine，具有自动执行此功能的功能，并尝试自行查找指针链.不过，在更复杂的情况下，您可能不得不诉诸逆向工程.

Some tools, e.g. Cheat Engine, have functionality to automate this, and attempt to find the pointer chain by themselves. You will probably have to resort to reverse-engineering for more complicated cases, though.

这篇关于游戏培训师如何更改动态内存中的地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！