写入进程内存没有错误,它不会写入正确的地址

WriteProcessMemory no error and it don't writes to correct address

本文关键字:地址 进程 内存 有错误      更新时间:2023-10-16

首先,我从地址读取正确的值:此部分正常工作。

 ReadProcessMemory(phandle, (LPCVOID)(baseAddr + staticOffset), &value, sizeof(DWORD), &numBytesRead);
 value += 0x174;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0x4;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0xc;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0x130;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);

您看到这是一个LVL 4指针,该值具有正确的信息。现在我已经想到了,嘿,让我们将该值降低1,然后将结果写回此地址。

  newValue = value - 1; //new value is a DWORD
  std::cout << "WriteValue: " << newValue << std::endl;
            if (!WriteProcessMemory(phandle, &value, &newValue, sizeof(DWORD), NULL))
            {
                std::cout << "Oh write error: " << GetLastError() << std::endl;
            }
            ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
            std::cout << "After write Value: " << value << std::endl;

现在,没有错误,地址值不会更改。我对写记忆没有太多经验,希望您能帮助我。

重要:我仅将其用于自己的过程。我目前正在学习反向工程。

我也尝试了:

WriteProcessMemory(phandle, (LPVOID)value, &newValue, sizeof(DWORD), NULL)

error_invalid_address 

487 (0x1E7)
Attempt to access invalid address.

&获取之后变量的地址。前任。&value。因此,您要做的是写入变量value的地址,并且由于value包含在您自己的过程的地址空间中,这意味着&value通过的地址可能在远程过程中有效或可能不有效。

您无需将最终ReadProcessMemory存储在value中。在最后一个ReadProcessMemory的那一刻,正在存储所需的实际值,而不是该值的地址。取而代之的是,让value是您要在远程进程中访问的变量的指针,并创建一个新变量以保持您要访问的值。

,由于您将sizeof(DWORD)作为写入和阅读的参数,因此我将假设您想要的值也是DWORD

这样:

ReadProcessMemory(phandle, (LPCVOID)(baseAddr + staticOffset), &value, sizeof(DWORD), &numBytesRead);
 value += 0x174;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0x4;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0xc;
 ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead);
 value += 0x130;
 DWORD dwValue = 0;
 ReadProcessMemory(phandle, (LPCVOID)value, &nValue, sizeof(DWORD), &numBytesRead);

现在value保存变量的地址,dwValue包含该变量的值。

但是newValue = value - 1现在需要为newValue = dwValue - 1

ReadProcessMemory(phandle, (LPCVOID)value, &value, sizeof(DWORD), &numBytesRead)需要成为ReadProcessMemory(phandle, (LPCVOID)value, &dwValue, sizeof(DWORD), &numBytesRead)。同样,std::cout << "After write Value: " << value << std::endl;需要成为std::cout << "After write Value: " << dwValue << std::endl;

结果:

newValue = dwValue - 1; //new value is a DWORD
  std::cout << "WriteValue: " << newValue << std::endl;
            if (!WriteProcessMemory(phandle, &value, newValue, sizeof(DWORD), NULL))
            {
                std::cout << "Oh write error: " << GetLastError() << std::endl;
            }
            ReadProcessMemory(phandle, (LPCVOID)value, &dwValue, sizeof(DWORD), &numBytesRead);
            std::cout << "After write Value: " << dwValue << std::endl;

我强烈鼓励您了解有关虚拟记忆,指针等的更多信息。在线上有很多教程。可能需要一段时间才能变得良好,但最终您会得到它。祝您好运,编码快乐!:)

ReadProcessMemory的最后一个呼叫覆盖了正确的地址。

ReadProcessMemory(phandle, (LPVOID)value, &newDWORD, sizeof(DWORD), &numBytesRead);

现在,我更改输出变量,WriteProcessMemory函数正常工作。

相关文章: