Hacking memory
Cheat engine have a feature called Dissect mono that can help hacking game‘s memory. This video series about using cheat engine is really useful.
https://wiki.cheatengine.org/index.php?title=Mono
https://github.com/cheat-engine/cheat-engine
[Open Source] A powerful, all-in-one game hacking tool with an extensive feature set. Varying versions for Mac, Linux, and Android can be found here. CE video tutorials here.
[Open Source] A memory scanner akin to Cheat Engine, but with different features and a cleaner UI.
可以找到mono.dll的起始地址,size是39700
搜字符串
搜索IsValidForCurrentMode
this.externalProcessMemory_0.ReadStringA(address) "IsValidForCurrentMode" string
+ address 0x0C1CDFDB System.IntPtr 现在是0x1254E325
this.externalProcessMemory_0.ReadStringA(address) "CanClickToConvertToStandard" string
+ address 0x0C1CDFF1 System.IntPtr 现在是0x1254E33B
0x3B-0x25=0x16
0xF1-0xDB=0x16
this.externalProcessMemory_0.ReadStringA(address) "get_SCALED_UP_LOCAL_SCALE" string
+ address 0x0C1CDE38 System.IntPtr 现在是 0x1254E182 相差0x0638 034A?
this.externalProcessMemory_0.ReadStringA(address) "set_SCALED_UP_LOCAL_SCALE" string
+ address 0x0C1CDE52 System.IntPtr 现在是0x1254E19C 也是相差638 034A?
0x9c-0x82=0x1A
public bool IsValidForCurrentMode() { return base.method_11<bool>("IsValidForCurrentMode", Array.Empty<object>()); } internal T method_11<T>(string string_4, params object[] object_0) where T : struct { return this.method_10<T>(string_4, null, object_0); } internal T method_10<T>(string string_4, Class276.Enum20[] enum20_0, params object[] object_0) where T : struct { IntPtr intPtr = this.method_7(string_4, enum20_0, object_0); if (intPtr == IntPtr.Zero) { return default(T); } if (typeof(T) == typeof(bool)) { IntPtr addr = MonoClass.Class276_0.method_26(intPtr); return (T)((object)(MonoClass.ExternalProcessMemory_0.Read<byte>(addr) > 0)); } return MonoClass.ExternalProcessMemory_0.Read<T>(MonoClass.Class276_0.method_26(intPtr)); }
internal IntPtr method_33(IntPtr intptr_37, string string_0, params Class276.Enum20[] enum20_0) { while (intptr_37 != IntPtr.Zero) { using (AllocatedMemory allocatedMemory = this.externalProcessMemory_0.CreateAllocatedMemory(256)) { allocatedMemory.AllocateOfChunk<IntPtr>("Itr"); IntPtr intPtr; while ((intPtr = this.method_35(intptr_37, allocatedMemory["Itr"])) != IntPtr.Zero) { IntPtr address = this.method_37(intPtr); if (this.externalProcessMemory_0.ReadStringA(address) == string_0) { if (enum20_0 != null) { Class276.Enum20[] array = this.method_31(intPtr); if (array.Length != enum20_0.Length || !array.SequenceEqual(enum20_0)) { continue; } } return intPtr; } } intptr_37 = this.method_25(intptr_37); } } return IntPtr.Zero; }
原文:https://www.cnblogs.com/chucklu/p/11645277.html