All geek questions in one place

Reading a memory fragment, saving it in a local structure

So, I read the memory of another program for the purpose of reverse engineering. I am using a function from kernel32.dll.

The function is as follows:

ReadProcessMemory(Handle, new IntPtr(Address), buffer, BytesToRead, out ptrBytesRead);

I use it to read in half, for example:

  public static int ReadInt32(IntPtr Handle, long Address) { return BitConverter.ToInt32(ReadBytes(Handle, Address, 4), 0); }

Then calling ReadInt32 using the program descriptor and the address I'm looking for to read, adding the base address of the program, since it is not static.

What I would like to do is read a whole bunch of memory (up to 1300 records, each record has a memory step of 0xB0).

I'm not sure the best way to do this. I looked at it, and it seems like you can do something when I take it all and basically dump it into my own structure. The problem I am facing is that I do not quite understand what I really need to do. I see it in my mind, but I can’t put a pen on it.

I will decode to show that it is actually a 2d array, similar to this in the structure:

  int OFFSET_CREATURE_ID = 0; int OFFSET_CREATURE_TYPE = 3; int OFFSET_CREATURE_NAME = 4; int OFFSET_CREATURE_Z = 36; int OFFSET_CREATURE_Y = 40; int OFFSET_CREATURE_X = 44; int OFFSET_CREATURE_IS_WALKING = 80; int OFFSET_CREATURE_DIRECTION = 84; int OFFSET_CREATURE_OUTFIT = 100; int OFFSET_CREATURE_OUTFIT_HEAD = 104; int OFFSET_CREATURE_OUTFIT_BODY = 108; int OFFSET_CREATURE_OUTFIT_LEGS = 112; int OFFSET_CREATURE_OUTFIT_FEET = 116; int OFFSET_CREATURE_OUTFIT_ADDON = 120; int OFFSET_CREATURE_LIGHT = 124; int OFFSET_CREATURE_LIGHT_COLOR = 128; int OFFSET_CREATURE_HP_BAR = 140; int OFFSET_CREATURE_WALK_SPEED = 144; int OFFSET_CREATURE_IS_VISIBLE = 148; int OFFSET_CREATURE_SKULL = 152; int OFFSET_CREATURE_PARTY = 156; int OFFSET_CREATURE_WARICON = 164; int OFFSET_CREATURE_ISBLOCKING = 168;

Each of these offsets must be assigned to a different element in my structure. Some of them are bool, some int and some lines. I have a structure. I cannot guarantee that the length will consume the entire "step" for each offset, although when I read these values, it seems to me that I need to declare a new instance of the structure each time (I will read them every 500 ms or so, maybe , more! The total reading time of 250 records is about 50 ms, which I expect to read! I need to be able to do up to 1300, though).

Please do not confuse the code, just an explanation of what I should do will be enough. I am afraid a lot when I work with this amount of code, so if someone is not going to build a class that will read all this with a structure to store it (so that I can convert it to work with mine) I would rate literally minimal code.

+4
source share
1 answer

For primitive types, if you know the offset, you can just take the bits from the offset n (start of data) to n+1 and use BitConverter to convert to type. Since you cannot specify the end using methods such as ToInt32(byte[] value, int startIndex) , you will have to copy the bytes into a new array.

Let's just assume that for this example, every thing is int . I am also going to assume that all offsets are in an array. Bytes are the memblock that you received from ReadInt32

 int[] values = new int[Bytes.Length/4]; byte[] current = new byte[4]; BitConverter bc = new BitConvert(); for (i = 0; i < Bytes.Length/4 -1; i++) { Buffer(Bytes, i(4), current, 0, 4); values[i] = bc.ToInt32(current, 0); }

This is a huge simplification, but it should be enough to make you move in the right direction. You might not even want to use a loop (perhaps you just copy all the BitConverter instructions, that is, how you do serialization when reading from db to C / C ++). If you have many types that will also simplify the work, In any case, the basic concept is to use a bit converter to convert sections of bytes that you read from another program into their corresponding properties in the data structure.

+3
source

Source: https://habr.com/ru/post/1446578/

More articles:


All Articles