Lua Alien 模块 - 使用 WriteProcessMemory 函数时出现问题,不确定类型 (unit32)
require "alien"
--the address im trying to edit in the Mahjong game on Win7
local SCOREREF = 0x0744D554
--this should give me full access to the process
local ACCESS = 0x001F0FFF
--this is my process ID for my open window of Mahjong
local PID = 1136
--function to open proc
local op = alien.Kernel32.OpenProcess
op:types{ ret = "pointer", abi = "stdcall"; "int", "int", "int"}
--function to write to proc mem
local wm = alien.Kernel32.WriteProcessMemory
wm:types{ ret = "long", abi = "stdcall"; "pointer", "pointer", "pointer", "long", "pointer" }
local pRef = op(ACCESS, true, PID)
local buf = alien.buffer("99")
-- ptr,uint32,byte arr (no idea what to make this),int, ptr
print( wm( pRef, SCOREREF, buf, 4, nil))
--prints 1 if success, 0 if failed
这就是我的代码。我什至不确定我的类型设置是否正确。
我完全迷失了,需要一些指导。我真的希望有更多关于外星人的在线帮助/文档,它让我可怜的大脑感到困惑。
让我完全困惑的是,它WriteProcessMemory有时会成功完成(尽管据我所知,它什么也没做),有时也无法成功完成。正如我所说,我的大脑很痛。
任何帮助表示赞赏。
require "alien"
--the address im trying to edit in the Mahjong game on Win7
local SCOREREF = 0x0744D554
--this should give me full access to the process
local ACCESS = 0x001F0FFF
--this is my process ID for my open window of Mahjong
local PID = 1136
--function to open proc
local op = alien.Kernel32.OpenProcess
op:types{ ret = "pointer", abi = "stdcall"; "int", "int", "int"}
--function to write to proc mem
local wm = alien.Kernel32.WriteProcessMemory
wm:types{ ret = "long", abi = "stdcall"; "pointer", "pointer", "pointer", "long", "pointer" }
local pRef = op(ACCESS, true, PID)
local buf = alien.buffer("99")
-- ptr,uint32,byte arr (no idea what to make this),int, ptr
print( wm( pRef, SCOREREF, buf, 4, nil))
--prints 1 if success, 0 if failed
So that is my code. I am not even sure if I have the types set correctly.
I am completely lost and need some guidance. I really wish there was more online help/documentation for alien, it confuses my poor brain.
What utterly baffles me is that it WriteProcessMemory will sometimes complete successfully (though it does nothing at all, to my knowledge) and will also sometimes fail to complete successfully. As I've stated, my brain hurts.
Any help appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
看起来您的缓冲区仅包含 2 个字节(“99”),但您在 WriteProcessMemory 调用中指定了 4 个字节。
如果您的目的是将 32 位值
99写入内存(作为数字,而不是 ASCII 字符串),则可以使用:您可以使用
alien 将任意整数转换为字符串表示形式。结构.pack:It looks like your buffer contains only 2 bytes ("99"), but you specify 4 bytes in the call to WriteProcessMemory.
If your intention was to write the 32-bit value
99into memory (as a number, not an ASCII string), you can use:You can convert arbitrary integers to string representations using
alien.struct.pack:我知道这个问题早已被遗忘,但我遇到了同样的问题(具有相同的功能),除了这个问题之外,网上没有任何内容,然后我自己解决了它,所以我将我的解决方案留在这里。
简短回答
WriteProcessMemory 的第二参数的类型不是“指针”。我的意思是,官方是这样,但是外星人不能将原始地址转换为“指针”,所以你最好假装它是“长”。所以你的类型声明应该看起来像
长答案
我正在玩ReadProcessMemory,因为我认为在写东西之前你需要验证这个东西是否确实存在。因此,有一次我调用 ReadProcessMemory,它返回的缓冲区不是我想要的,但它也不为空。事实上,那里似乎写了一些东西——比如一个 ASCII 字符串。不过,不是文本,只是一些数字。但这足以让我相信数据实际上来自某个地方。
所以我抓住了 Cheat Engine,打开了相同的进程并搜索了这个字符串。你猜怎么着——它确实在那里,但地址完全错误。这让我相信地址指定错误。在尝试找到一种从 Lua 数字生成“指针”对象的方法之后,我放弃并更改了类型声明 - 毕竟,指针只是一个不同解释的整数。
之后,我做了一些调查,包括阅读 lua 和 Alien 的源代码,并使用调试器单步执行相关部分。事实证明,错误的完整演练如下:
I know this question is long forgotten, but I ran into the same issue (with the same function), and there was nothing on the web except this question, and then I solved it myself, so I'm leaving my solution here.
SHORT ANSWER
The type of the second argument of WriteProcessMemory is not "pointer". I mean, officially it is, but alien cannot cast a raw address to a "pointer", so you are better off pretending it's a "long" instead. So your types declaration should look like
LONG ANSWER
I was playing around with ReadProcessMemory, since I figured that before writing something you need to verify that this something actually exists. So one time I called ReadProcessMemory, and it returned a buffer that wasn't what I was looking for, but it wasn't empty either. In fact, it seemed something was written there - as in, an ASCII string. Not text, though, just some digits. But that was enough to convince me that the data actually came from somewhere.
So I grabbed Cheat Engine, opened the same process and ran a search for this string. And guess what - it actually was there, but the address was completely wrong. That led me to believe that the address is specified wrongly. After trying to find a way to generate a "pointer" object from a Lua number, I gave up and changed the types declaration - after all, a pointer is just a differently interpreted integer.
After all that, I did some investigating, including reading the sources of both lua and alien, and stepping through the relevant parts with a debugger. It turns out, the full walkthrough of the error is as follows: