CODEWITHSUNDEEP
c#memoryreverse-engineering
Axelly
Axelly

Reputation: 859

How to obtain address of other program memory and then read it in my program

I'd want to find an address of where other program (other.exe) is storing some specific value

and then read it from my program (C#), but I don't really understand how can I achieve that

I tried finding it with CheatEngine, and I managed to find that value under two addresses, so e.g 0x048907B0

enter image description here

Now I tried to add this particular address to base address of the process, but the returned value is just chaos, nothing even close to my value

What I'm doing wrong here?

Previously I've seen some "proved" approach where there was "xor" involved, basically you had to read some "xor" value with known "xor address" and then in order to read other values, the formula was

info.MyValue = BitConverter.ToInt32(buffer, 0) ^ xor;

Thanks in advance!

My Code:

var process = Process.GetProcessesByName(processName).FirstOrDefault();

if (process == null)
{
    throw new Exception($"Process with name: '{processName}' is not running");
}

var mc = new MemoryContext(process);

public class MemoryContext
{
    const int PROCESS_WM_READ = 0x0010;

    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

    private int baseAddress;
    private Process _process;
    private IntPtr handle;

    public MemoryContext(Process process)
    {
        _process = process;
        baseAddress = _process.MainModule.BaseAddress.ToInt32();
        handle = OpenProcess(PROCESS_WM_READ, false, _process.Id);
    }
    
    public ProcessDetails RefreshData()
    {
        var info = new ProcessDetails();

        int bytesRead = 0;
        byte[] buffer = new byte[4];

        // here I'm trying to read that value
        ReadProcessMemory((int)handle, 0x048907B0 + baseAddress, buffer, buffer.Length, ref bytesRead);
        info.MyValue = BitConverter.ToInt32(buffer, 0);
        
        return info;
    }
}

Upvotes: 0

Views: 799

Answers (1)

Random Davis
Random Davis

Reputation: 6857

I posted this as a comment, but since it worked I'll post it as an answer.

When you find the address of your data in Cheat Engine, the address it gives you is already the correct one. So, to read the correct address, instead of 0x048907B0 + baseAddress, you can simply put in 0x048907B0 and it should work.

Upvotes: 2

Related Questions