参考赵春生的代码private void button_go_Click(object sender, EventArgs e)
{
IntPtr PinballHandle;
IntPtr PinballScoreAddressPointer = (IntPtr)0x1025040; //内存0x1025040中的值+0x52->PinballScoreAddress
uint[] PinballScoreAddress = new uint[1]; //游戏分数的内存地址
uint[] PinballScoreWrite = new uint[] { 0x3B94AF80 }; //将分数改为:999600000
uint[] PinballScoreRead = new uint[1]; //用来存放当前分数 //"3D Pinball"在“Windows 任务管理器”中显示为"PINBALL.EXE",但作为
//GetProcessesByName的参数使用时并不能包含扩展名".EXE"。
System.Diagnostics.Process[] PinballProcessID
= System.Diagnostics.Process.GetProcessesByName("PINBALL"); //根据进程名获取进程ID if (PinballProcessID.Length != 0)
{
PinballHandle = ProcessMemoryWorkApi.OpenProcess(0x1F0FFF, 0, (UInt32)PinballProcessID[0].Id); //PROCESS_ALL_ACCESS=0x1F0FFF
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, PinballScoreAddressPointer, PinballScoreAddress, 4, (IntPtr)0);//通过指针得到PinballScoreAddress
PinballScoreAddress[0] = PinballScoreAddress[0] + 0x52; //PinballScoreAddress+0x52才是游戏分数的内存地址
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreRead, 4, (IntPtr)0); //当前游戏分数
MessageBox.Show("当前分数为: " + PinballScoreRead[0].ToString() + "\n" + "分数即将被修改成: 999600000", "ProcessMemoryWork_Demo");
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreWrite, 4, (IntPtr)0); //修改游戏分数
ProcessMemoryWorkApi.CloseHandle(PinballHandle);
}
else
MessageBox.Show("\"3D Pinball\" 还没有运行吧?", "ProcessMemoryWork_Demo"); }
PinballScoreAddress 不加任何数据,可以这样写?PinballScoreAddress[0] = PinballScoreAddress[0] + 0x0 ; //PinballScoreAddress 游戏内存地址若修改范围 0162286C - 0162286E 该如何写入?利用他的代码,改成我写的,无法正确修改,可否指教?private void button_go_Click(object sender, EventArgs e)
{
IntPtr PinballHandle;
IntPtr PinballScoreAddressPointer = (IntPtr)0x0162286C; //修改內存 0x0162286C ->PinballScoreAddress
uint[] PinballScoreAddress = new uint[1]; //遊戲数据地址
uint[] PinballScoreWrite = new uint[] { 0xF423F }; //將数据改為:999999
uint[] PinballScoreRead = new uint[1]; //存放当前数据 System.Diagnostics.Process[] PinballProcessID
= System.Diagnostics.Process.GetProcessesByName("Text123"); //获取当前进程 if (PinballProcessID.Length != 0)
{
PinballHandle = ProcessMemoryWorkApi.OpenProcess(0x1F0FFF, 0, (UInt32)PinballProcessID[0].Id); //PROCESS_ALL_ACCESS=0x1F0FFF
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, PinballScoreAddressPointer, PinballScoreAddress, 4, (IntPtr)0);//通过指针得到PinballScoreAddress
PinballScoreAddress[0] = PinballScoreAddress[0] + 0x0 ; //PinballScoreAddress 游戏内存地址
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreRead, 4, (IntPtr)0); //當前遊戲数据
MessageBox.Show("当前数据为: " + PinballScoreRead[0].ToString() + "\n" + "数据修改为: 999999", "Text_edit");
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreWrite, 4, (IntPtr)0); //修改遊戲数据
ProcessMemoryWorkApi.CloseHandle(PinballHandle);
}
else
MessageBox.Show("\"Text123\" 没有运行", "Text123"); }
{
IntPtr PinballHandle;
IntPtr PinballScoreAddressPointer = (IntPtr)0x1025040; //内存0x1025040中的值+0x52->PinballScoreAddress
uint[] PinballScoreAddress = new uint[1]; //游戏分数的内存地址
uint[] PinballScoreWrite = new uint[] { 0x3B94AF80 }; //将分数改为:999600000
uint[] PinballScoreRead = new uint[1]; //用来存放当前分数 //"3D Pinball"在“Windows 任务管理器”中显示为"PINBALL.EXE",但作为
//GetProcessesByName的参数使用时并不能包含扩展名".EXE"。
System.Diagnostics.Process[] PinballProcessID
= System.Diagnostics.Process.GetProcessesByName("PINBALL"); //根据进程名获取进程ID if (PinballProcessID.Length != 0)
{
PinballHandle = ProcessMemoryWorkApi.OpenProcess(0x1F0FFF, 0, (UInt32)PinballProcessID[0].Id); //PROCESS_ALL_ACCESS=0x1F0FFF
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, PinballScoreAddressPointer, PinballScoreAddress, 4, (IntPtr)0);//通过指针得到PinballScoreAddress
PinballScoreAddress[0] = PinballScoreAddress[0] + 0x52; //PinballScoreAddress+0x52才是游戏分数的内存地址
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreRead, 4, (IntPtr)0); //当前游戏分数
MessageBox.Show("当前分数为: " + PinballScoreRead[0].ToString() + "\n" + "分数即将被修改成: 999600000", "ProcessMemoryWork_Demo");
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreWrite, 4, (IntPtr)0); //修改游戏分数
ProcessMemoryWorkApi.CloseHandle(PinballHandle);
}
else
MessageBox.Show("\"3D Pinball\" 还没有运行吧?", "ProcessMemoryWork_Demo"); }
PinballScoreAddress 不加任何数据,可以这样写?PinballScoreAddress[0] = PinballScoreAddress[0] + 0x0 ; //PinballScoreAddress 游戏内存地址若修改范围 0162286C - 0162286E 该如何写入?利用他的代码,改成我写的,无法正确修改,可否指教?private void button_go_Click(object sender, EventArgs e)
{
IntPtr PinballHandle;
IntPtr PinballScoreAddressPointer = (IntPtr)0x0162286C; //修改內存 0x0162286C ->PinballScoreAddress
uint[] PinballScoreAddress = new uint[1]; //遊戲数据地址
uint[] PinballScoreWrite = new uint[] { 0xF423F }; //將数据改為:999999
uint[] PinballScoreRead = new uint[1]; //存放当前数据 System.Diagnostics.Process[] PinballProcessID
= System.Diagnostics.Process.GetProcessesByName("Text123"); //获取当前进程 if (PinballProcessID.Length != 0)
{
PinballHandle = ProcessMemoryWorkApi.OpenProcess(0x1F0FFF, 0, (UInt32)PinballProcessID[0].Id); //PROCESS_ALL_ACCESS=0x1F0FFF
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, PinballScoreAddressPointer, PinballScoreAddress, 4, (IntPtr)0);//通过指针得到PinballScoreAddress
PinballScoreAddress[0] = PinballScoreAddress[0] + 0x0 ; //PinballScoreAddress 游戏内存地址
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreRead, 4, (IntPtr)0); //當前遊戲数据
MessageBox.Show("当前数据为: " + PinballScoreRead[0].ToString() + "\n" + "数据修改为: 999999", "Text_edit");
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)PinballScoreAddress[0], PinballScoreWrite, 4, (IntPtr)0); //修改遊戲数据
ProcessMemoryWorkApi.CloseHandle(PinballHandle);
}
else
MessageBox.Show("\"Text123\" 没有运行", "Text123"); }
这段尾端写错MessageBox.Show("当前数据为: " + PinballScoreRead[0].ToString() + "\n" + "数据修改为: 999999", "Text123");
有另外地方法可达到修改目的
参考下 http://www.cnblogs.com/flydoos/archive/2012/01/19/2326149.html
内存基址我发现个低级的失误,修改过后还是无法修改类的代码大侠帮忙分析下
class ProcessMemoryWorkApi
{
//HANDLE OpenProcess(
// DWORD dwDesiredAccess,// access flag
// BOOL bInheritHandle, // handle inheritance flag
// DWORD dwProcessId // process identifier
// );
[DllImport("kernel32.dll")]
public static extern
IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId); //BOOL CloseHandle(
// HANDLE hObject // handle to object to close
// );
[DllImport("kernel32.dll")]
public static extern
Int32 CloseHandle(IntPtr hObject); //BOOL WriteProcessMemory(
// HANDLE hProcess, // handle to process whose memory is written to
// LPVOID lpBaseAddress, // address to start writing to
// LPVOID lpBuffer, // pointer to buffer to write data to
// DWORD nSize, // number of bytes to write
// LPDWORD lpNumberOfBytesWritten // actual number of bytes written
// );
[DllImport("kernel32.dll")]
public static extern
Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, uint[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesWritten); //BOOL ReadProcessMemory(
// HANDLE hProcess, // handle of the process whose memory is read
// LPCVOID lpBaseAddress, // address to start reading
// LPVOID lpBuffer, // address of buffer to place read data
// DWORD nSize, // number of bytes to read
// LPDWORD lpNumberOfBytesRead // address of number of bytes read
// );
[DllImport("kernel32.dll")]
public static extern
Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, uint[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesRead);
}