- Pointers
- 在getchar处断点,断点后,调试->窗口->反汇编 查看数据
main
#include <iostream>
#include <Windows.h>
/*
Player : object
Name : string
Health : integer
Coins : integer
Coordinates : object
X : float
Z : float
Y : float
Inventory : array - Array of item objects, having the item and item count.
*/
uintptr_t _Inventory[3] = { 1,2,3 };
struct _Coordinates
{
float x = 4.0;
float y = 2.0;
float z = 3.0;
} coordinates;
struct Player
{
const char* Name = "ab";
uintptr_t Health = 6;
uintptr_t Coins = 3;
/*
// 这种方法类似把coordinates直接复制到这里来
// Padding1的偏移量将是 playerBaseAddress+4*6
_Coordinates Coordinates = coordinates;
float x = 4.0;
float y = 2.0;
float z = 3.0;
*/
_Coordinates* Coordinates = &coordinates;
// uintptr_t Padding1 = 1;
/*
//类似直接复制到这
//std::cout << "arrar[0]: " << *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 4) << std::endl;
//std::cout << "arrar[1]: " << *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 5) << std::endl;
//std::cout << "arrar[2]: " << *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 6) << std::endl;
const int Inventory[3] = { 1,2,3 };
*/
// 数组直接返回的就是指针,所以不用&
uintptr_t* Inventory = _Inventory;
} player;
int main()
{
std::cout << "playerBaseAddress: " << &player << std::endl;
uintptr_t playerBaseAddress = (uintptr_t)&player;
// name
// lea stringNameAddress, [playerBaseAddress]
uintptr_t* stringNameAddress = (uintptr_t*)(playerBaseAddress);
// 从指针中获取值
// mov eax, dowrd ptr [stringNameAddress]
std::cout << "Name: " << std::hex << *(uintptr_t*)(*stringNameAddress) << std::endl;
// get Health
std::cout << "Health: " << *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t)) << std::endl;
// get Coins
std::cout << "Coins: " << *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 2) << std::endl;
// 获取Coordinates指针
uintptr_t coordinatesAddress = *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 3);
std::cout << "CoordinatesAddress: " << coordinatesAddress << std::endl;
std::cout << "Coordinates->x: " << *(float*)(coordinatesAddress) << std::endl;
std::cout << "Coordinates->y: " << *(float*)(coordinatesAddress + sizeof(float)) << std::endl;
std::cout << "Coordinates->z: " << *(float*)(coordinatesAddress + sizeof(float) * 2) << std::endl;
// 获取Inventory指针
uintptr_t InventoryAddress = *(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t) * 4);
std::cout << "InventoryAddress: " << InventoryAddress << std::endl;
std::cout << "Inventory[0]: " << *(uintptr_t*)(InventoryAddress) << std::endl;
std::cout << "Inventory[1]: " << *(uintptr_t*)(InventoryAddress + sizeof(uintptr_t)) << std::endl;
std::cout << "Inventory[2]: " << *(uintptr_t*)(InventoryAddress + sizeof(uintptr_t) * 2) << std::endl;
// set
*(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t)) = 4;
*(uintptr_t*)(playerBaseAddress + sizeof(uintptr_t)*2) = 5;
getchar();
return 0;
}
x86打印结果:
playerBaseAddress: 0026D05C
Name: 6261
Health: 6
Coins: 3
CoordinatesAddress: 26d050
Coordinates->x: 4
Coordinates->y: 2
Coordinates->z: 3
InventoryAddress: 26d044
Inventory[0]: 1
Inventory[1]: 2
Inventory[2]: 3
x64打印结果:
playerBaseAddress: 00007FF7CC8AD028
Name: 6261
Health: 6
Coins: 3
CoordinatesAddress: 7ff7cc8ad018
Coordinates->x: 4
Coordinates->y: 2
Coordinates->z: 3
InventoryAddress: 7ff7cc8ad000
Inventory[0]: 1
Inventory[1]: 2
Inventory[2]: 3