How do I interpret this read memory?

agolangf · · 540 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>Hi, I am using a WinApi wrapper to ReadProccessMemory an address from a game. Here is the code I have so far.</p> <p> </p> <p>Here is me implementing it <code>buffer, bytesRead, _ := w32.ReadProcessMemory(csgoHandle, newHealth, unsafe.Sizeof(newHealth))</code></p> <p> </p> <p>This is how I printed the data</p> <pre><code>fmt.Println(&#34;This is data from the read proccess:&#34;, buffer,bytesRead) for i := 1; i &lt; len(buffer); i++ { fmt.Println(w32.UTF16PtrToString(&amp;buffer[i])) } </code></pre> <p>and this is the result <a href="https://i.imgur.com/cSQUaeo.png" rel="nofollow">https://i.imgur.com/cSQUaeo.png</a></p> <p>How can I interpret the data as something actually useful and legible? It will be a health value so I suppose it would be an integer?</p> <p> </p> <p>Here is a link to the wrapper I am using <a href="https://github.com/AllenDang/w32/blob/master/kernel32.go" rel="nofollow">https://github.com/AllenDang/w32/blob/master/kernel32.go</a></p> <p>and this is the code of the function</p> <pre><code>func ReadProcessMemory(hProcess HANDLE, lpBaseAddress, nSize uintptr) (lpBuffer []uint16, lpNumberOfBytesRead int, ok bool) { var nBytesRead int buf := make([]uint16, nSize) ret, _, _ := procReadProcessMemory.Call( uintptr(hProcess), lpBaseAddress, uintptr(unsafe.Pointer(&amp;buf[0])), nSize, uintptr(unsafe.Pointer(&amp;nBytesRead)), ) return buf, nBytesRead, ret != 0 } </code></pre> <hr/>**评论:**<br/><br/>JHunz: <pre><p>It&#39;s hard to tell exactly what&#39;s wrong with your code without seeing a bit more context, but here are some things to think about: </p> <p>1) Are you sure you have the correct base address for the health value inside the process?<br/> 2) If newHealth is the correct base address for the health value you want to read (which it needs to be, per the API), then you are passing in the wrong size. The size should be the number of bytes you want to read, not the size of the base address.<br/> 3) You&#39;re ignoring the return value that tells you whether reading the value was successful or not. You probably shouldn&#39;t.<br/> 4) Once you&#39;re sure you&#39;re getting the right bytearray, it&#39;s pretty simple to convert to an int. See stackoverflow: <a href="https://stackoverflow.com/questions/20872173/more-idiomatic-way-in-go-to-encode-a-byte-slice-int-an-int64/20872656#20872656" rel="nofollow">https://stackoverflow.com/questions/20872173/more-idiomatic-way-in-go-to-encode-a-byte-slice-int-an-int64/20872656#20872656</a></p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

540 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传