CODEWITHSUNDEEP
c#memorymodulememory-address
John P.
John P.

Reputation: 1249

Read memory with module base address

How can I read a memory with module base address? For example how can I read this memory: "winCap64.dll"+0x123456 + offsets.

I have added an example code of what I could produce after some research but I still cant read anything in C#. However the addresses are absolutely fine since they return me the correct value when I add them on Cheat Engine.

Edit: added samle code

    [DllImport("kernel32.dll")]
    static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Boolean bInheritHandle, UInt32 dwProcessId);
    [DllImport("kernel32.dll")]
    static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
    byte[] lpBuffer, UIntPtr nSize, uint lpNumberOfBytesWritten);

    static IntPtr Handle;

    static void Main(string[] args)
    {
        Process[] Processes = Process.GetProcessesByName("process");
        Process nProcess = Processes[0];
        Handle = OpenProcess(0x10, false, (uint)nProcess.Id);
        IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x020C5150);
        int curhp = ReadOffset(pointer, 0x4D8);
        int curhp2 = ReadOffset((IntPtr)curhp, 0x0);
        int curhp3 = ReadOffset((IntPtr)curhp2, 0x1c0);
        Console.WriteLine(curhp3.ToString());
        Console.ReadKey();
    }

    public static int ReadOffset(IntPtr pointer, uint offset)
    {
        byte[] bytes = new byte[24];

        uint adress = (uint)ReadPointer(pointer) + offset;
        ReadProcessMemory(Handle, (IntPtr)adress, bytes, (UIntPtr)sizeof(int), 0);
        return BitConverter.ToInt32(bytes, 0);
    }

    public static int ReadPointer(IntPtr pointer)
    {
        byte[] bytes = new byte[24];

        ReadProcessMemory(Handle, pointer, bytes, (UIntPtr)sizeof(int), 0);
        return BitConverter.ToInt32(bytes, 0);
    }

Upvotes: 14

Views: 4445

Answers (2)

user2530266
user2530266

Reputation: 287

How about something like this?

IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, BaseAddress);
Console.WriteLine("Final: " + pointer.ToString("X"));

int hp = ReadInt32(pointer, Handle);
string hexPrefix = "80" + hp.ToString("X"); //because int32 will cut some digits. I sugget using int64. Even UInt64.
long hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x00, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x1c0, Handle);
hexPrefix = "80" + hp.ToString("X");
hexToint = long.Parse(hexPrefix, NumberStyles.HexNumber);
hp = ReadInt32((IntPtr)hexToint + 0x0, Handle);

Upvotes: 1

Alex K.
Alex K.

Reputation: 175766

IntPtr is the architecture agnostic way to store a pointer and pass it around, say to ReadProcessMemory:

IntPtr pointer = IntPtr.Add(nProcess.Modules[125].BaseAddress, 0x02093458);

Upvotes: 0

Related Questions