user10699450
Reputation:
How to find my static address from CheatEngine in C# with Memory functions
So I figured out a static address of my ping in TeamSpeak 3 with a cheat engine. The adress is "Qt5Gui.dll"+005F2E58 so module Qt5Gui.dll + offset of 0x005F2E58
With Cheat Engine it's not a problem to get the ping value after restarting the application.
Now I tried to find this address in C# using memory functions but I'm not getting my address.
The Wanted Adress is: 16CE3AB92E40549592 My Programm gets me: 14072403
How to find the right address like in cheat engine?
My getModule function:
static IntPtr getModule(String processName, String moduleName)
{
Process[] ProcessList = Process.GetProcessesByName(processName);
IntPtr BaseAddress = IntPtr.Zero;
if (ProcessList.Length > 0)
{
Process process = ProcessList[0];
foreach (System.Diagnostics.ProcessModule Module in process.Modules)
{
if (Module.ModuleName.Contains(moduleName))
{
BaseAddress = Module.BaseAddress;
break;
}
}
}
return BaseAddress;
}
Main Function:
String process = "ts3client_win64";
IntPtr handle = getProcessHandle(process);
if (!handle.Equals(new IntPtr(1337)))
{
IntPtr qtGui = getModule(process, "Qt5Gui.dll");
int pingOffset = 0x005F2E58;
IntPtr pingAdress = IntPtr.Add(qtGui, pingOffset);
Int64 finalPingAdress = pingAdress.ToInt64();
MessageBox.Show("Ping Adress: " + finalPingAdress);
}
else
{
MessageBox.Show("Process Not Found!");
}
Upvotes: 0
Views: 1699
Answers (1)
GuidedHacking
Reputation: 3923
To walk multilevel pointers using modulename.dll + 0xDEADC0DE scheme base addresses you can use my code
public static IntPtr FindDMAAddy(IntPtr hProc, IntPtr ptr, int[] offsets)
{
var buffer = new byte[IntPtr.Size];
foreach (int i in offsets)
{
ReadProcessMemory(hProc, ptr, buffer, buffer.Length, out var read);
ptr = (IntPtr.Size == 4)
? IntPtr.Add(new IntPtr(BitConverter.ToInt32(buffer, 0)), i)
: ptr = IntPtr.Add(new IntPtr(BitConverter.ToInt64(buffer, 0)), i);
}
return ptr;
}
public static IntPtr GetModuleBaseAddress(Process proc, string modName)
{
IntPtr addr = IntPtr.Zero;
foreach (ProcessModule m in proc.Modules)
{
if (m.ModuleName == modName)
{
addr = m.BaseAddress;
break;
}
}
return addr;
}
Here is an example of me using this code to do what you want to do
Process process;
process = Process.GetProcessesByName("ac_client")[0];
var hProc = OpenProcess(0x001F0FFF, false, process.Id);
var modBase = GetModuleBaseAddress(process, "ac_client.exe");
var addr = FindDMAAddy(hProc, (IntPtr)(modBase + 0x10f4f4), new int[] { 0x374, 0x14, 0 });
Console.WriteLine("0x" + addr.ToString("X"));
Console.ReadKey();
Upvotes: 1
Related Questions
- How to obtain address of other program memory and then read it in my program
- Memory address, knowing the offsets and the base address of a dll how can I obtain the memory adress to set values
- Finding static addresses in .exe file
- C# Multiple offsets
- how do i use a memory address from cheat engine with ReadProcessMemory?
- How do I find a memory address programmatically...?
- Getting the address location of variable
- Find address of static field in WinDbg w/ SOS
- C++ , Cheat Engine / OllyDBG finding base "static" address from multi-level pointers
- How do I access to an address in memory with c#?