C/C++程序中怎么会有静态地址? [英] How can there be static addresses in C/C++ programs?
问题描述
我一直在研究 Cheat Engine,它允许您检查和操作 Windows 上正在运行的进程的内存:您根据变量的值扫描变量,然后您可以修改它们,例如在游戏中作弊.
I've been looking a bit into Cheat Engine, which allows you to inspect and manipulate the memory of running processes on Windows: You scan for variables based on their value, then you can modify them, e.g. to cheat in a game.
为了编写机器人或类似的东西,您需要为要更改的变量找到一个静态地址 - 即,如果进程重新启动,该地址保持不变.其方法大致如下:
In order to write a bot or something similar, you need to find a static address for the variable you want to change - i.e. one that stays the same if the process is restarted. The method for that goes roughly like this:
- 寻找你感兴趣的变量的地址,按值搜索
- 使用该地址查找代码,例如找到它所属的结构的地址(因为结构偏移是固定的)
- 寻找另一个指向该指针的指针,直到找到具有静态地址的指针(在作弊引擎中显示为绿色)
从我看过的教程来看,它似乎工作得很好,但我无法理解为什么它工作.
It seems to work just fine judging from the tutorials I've looked at, but I have trouble understanding why it works.
不是所有变量(包括全局静态变量)在运行时都会获得相当随机的地址吗?
额外问题:
- 作弊引擎如何判断地址是否是静态的(即重启时会保持不变)?
- 一个教程提到了许多旧游戏和一些现代游戏(例如使命召唤 4)仅使用静态地址这一事实.这怎么可能?
- How can Cheat Engine tell if an address is static (i.e. will stay the same on restart)?
- A tutorial referred to the fact that many older and some modern games (e.g. Call of Duty 4) use only static addresses. How is that possible?
推荐答案
我将首先回答附赠问题,因为它们会介绍一些您可能需要了解的概念才能理解主要问题的答案.
I will answer the bonus questions first because they introduce some concepts you may need to know to understand the answer for the main question.
如果您知道可执行文件是如何工作的,那么回答第一个额外问题很容易:所有全局/静态变量都在 .data 部分中,.exe 在其中存储了部分,所以作弊引擎只检查变量是否在这个地址范围内(从这个部分到下一个部分).
Answering the first bonus question is easy if you know how an executable file works: all the global/static variables are inside the .data section, in which the .exe stores the address offset for the section so Cheat Engine just checks if the variable is in this address range (from this section to the next one).
对于第二个问题,可以只使用静态地址,但这对于游戏来说几乎是不可能的.甚至那些年长的.教程创建者可能想说的是,他想要的所有变量实际上都有一个指向它们的静态指针.但是仅仅因为你创建了一个局部变量,或者甚至将一个参数传递给一个函数,它们的值就被存储到了堆栈中.这就是为什么几乎不可能拥有仅静态"程序的原因.即使你编译了一个实际上什么都不做的程序,它也可能会在堆栈中存储一些东西.
For the second question, it is possible to use only static addresses, but that is nearly impossible for a game. Even the older ones. What the tutorial creator was probably trying to say is that all variables that he wants, actually had a static pointer pointing to them. But solely by the fact that you create a local variable, or even pass an argument to a function, their values are being stored into the stack. That's why it is nearly impossible to have a "static-only" program. Even if you compile a program that actually doesn't do anything, it will probably have some stuff being stored in the stack.
对于整个问题本身,并不是所有的动态地址变量都指向一个全局变量.这完全取决于程序员.例如,我可以创建一个局部变量,并且从不将其地址分配给 C 程序中的全局/静态指针.在这种情况下,找到该地址的唯一确定方法是实际知道变量第一次在堆栈中赋值时的代码.
For the whole question itself, not all dynamic address variables are pointed by a global variable. It depends totally on the programmer. I can create a local variable and never assign its address to a global/static pointer in a C program, for example. The only certain way to find that address in this case is to actually know the code when the variable was first assigned a value in the stack.
有些变量具有动态地址,因为它们只是局部变量,它们在第一次被赋值时存储在堆栈中.
Some variables have a dynamic address because they are just local variables, which are stored in the stack the first time they have a value assigned to them.
其他一些变量具有静态地址,因为它们被声明为编译器的全局变量或静态变量.这些变量有一个固定的地址偏移量,它是可执行文件中 .data 部分的一部分.
Some other variables have a static address because they are declared either as a global or a static variable to the compiler. These variables have a fixed address offset that is part of the .data section in the executable file.
可执行文件里面的每个节都有一个固定的偏移地址,.data节也不例外.
The executable file has a fixed offset address for each section inside it, and the .data section is no exception.
但值得注意的是,可执行文件本身内部的偏移量是固定的.在操作系统中,情况可能会有所不同(所有随机地址),但这是操作系统的工作,为您抽象这类东西(在这种情况下创建可执行文件的虚拟地址空间).所以看起来静态变量实际上是静态的,但只在可执行文件的内存空间内.RAM 上的东西可能在任何地方.
But it is worth to note that the offset inside the executable itself is fixed. In the operating system things might be different (all random addresses), but that is the job of an OS, abstracting this kind of stuff for you (creating the executable's virtual address space in this case). So it just looks like static variables are actually static, but only inside the executable's memory space. On the RAM things might be anywhere.
最后,很难尝试向您解释这一点,因为您必须了解可执行文件的工作原理.一个好的开始是寻找一些关于低级编程的解释,比如堆栈框架、调用约定、汇编语言本身以及编译器如何使用一些众所周知的技术来管理函数(一般的作用域)、全局/静态/本地/constant 变量和内存系统(节、堆栈等),也许还有一些对 PE(甚至是 ELF)文件的研究.
Finally, it is difficult to try to explain this to you because you'll have to understand how executable files work. A good start would be to search for some explanations regarding low-level programming, like stack frame, calling conventions, the Assembly language itself and how compilers use some well-known techniques to manage functions (scopes in general), global/static/local/constant variables, and the memory system (sections, the stack, etc.), and maybe some research into PE (and even ELF) files.
这篇关于C/C++程序中怎么会有静态地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
