需求:获取struct里的信息
struct cTopicInfo {
basic_string_a490aa4c _field1;
basic_string_a490aa4c _field2;
int _field3;
_Bool _field4;
_Bool _field5;
_Bool _field6;
_Bool _field7;
_Bool _field8;
int _field9;
int _field10;
int _field11;
int _field12;
struct cClueInfo *_field13;
int _field14;
int _field15;
int _field16;
int _field17;
int _field18;
int _field19;
basic_string_a490aa4c _field20;
basic_string_a490aa4c _field21;
basic_string_a490aa4c _field22;
basic_string_a490aa4c _field23;
…
然后 basic_string_a490aa4c 这是
typedef struct basic_string<char, std::__1::char_traits, std::__1::allocator> {
struct __compressed_pair<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator>::__rep, std::__1::allocator> {
struct __rep {
union {
struct __long {
char *_data;
unsigned long long _size;
unsigned long long _cap;
} __l;
struct __short {
char _data[23];
struct {
unsigned char _size;
} ;
} __s;
struct __raw {
unsigned long long __words[3];
} __r;
} ;
} _first;
} _r;
} basic_string_a490aa4c;
是 std::string
应该是24位
但是debug下看到的是
8位很奇怪,然后就导致了tweak里面结构体里面的变量位置偏移不正确
需求2:要能正常获取到字符串
先不管需求1的结构体我写了这样一个结构体
struct cTopicInfo {
std::string _field1;
std::string _field2;
std::string _field3;
std::string _field4;
std::string _field5;
std::string _field6;
std::string _field7;
std::string _field8;
std::string _field9;
std::string _field10;
std::string _field11;
std::string _field12;
std::string _field13;
std::string _field14;
std::string _field15;
std::string _field16;
std::string _field17;
std::string _field18;
std::string _field19;
std::string _field20;
std::string _field21;
std::string _field22;
};
按照上面说的
现在能拿到这个结构体的地址,能利用地址 po (char*)(0x000xxxxxxxxx+ 0x70)…获取到具体信息
但是这样却不行
abc是这个结构体,_field17偏移是0x70
然后我又发现了
_field18 偏移为 0x88
这样在内存存在的字符串,_field18能正常获取到。
问题就是怎么才能正常获取到字符串呢
还有需求3:
如果1,2都解决了,需求3就可以不用管了