I found a code that works perfectly for static addresses.
However, how would I change this code so it works for pointers? I need to get value from this pointer:
0x1002CAA70 + 0x10 + 0x18 + 0x0 + 0x18.
It is for 64 bit application.
public class Program
{
private const int PROCESS_WM_READ = 0x0010;
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
public static extern bool ReadProcessMemory(int hProcess,
Int64 lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
static void Main(string[] args)
{
Process process = Process.GetProcessesByName("Tutorial-x86_64")[0];
IntPtr processHandle = OpenProcess(PROCESS_WM_READ, false, process.Id);
int bytesRead = 0;
var buffer = new byte[4];
ReadProcessMemory((int)processHandle, 0x0011D598, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(BitConverter.ToInt32(buffer, 0));
Console.ReadLine();
}
}
Byte[] buffer = new Byte[4];
Int32 bytesRead = 0;
Int32 processHandle = (Int32)process.Handle;
Int32 baseAddress = process.MainModule.BaseAddress.ToInt32() + 0x1002CAA70;
ReadProcessMemory(processHandle, baseAddress, buffer, buffer.Length, ref bytesRead);
Int32 baseValue = BitConverter.ToInt32(buffer, 0));
Int32 firstAddress = baseValue + 0x10;
ReadProcessMemory(processHandle, firstAddress, buffer, buffer.Length, ref bytesRead);
Int32 firstValue = BitConverter.ToInt32(buffer, 0));
Int32 secondAddress = firstValue + 0x18;
ReadProcessMemory(processHandle, secondAddress, buffer, buffer.Length, ref bytesRead);
Int32 secondValue = BitConverter.ToInt32(buffer, 0));
Int32 thirdAddress = secondValue + 0x00;
ReadProcessMemory(processHandle, thirdAddress, buffer, buffer.Length, ref bytesRead);
Int32 thirdValue = BitConverter.ToInt32(buffer, 0));
Int32 fourthAddress = thirdValue + 0x18;
ReadProcessMemory(processHandle, fourthAddress, buffer, buffer.Length, ref bytesRead);
Int32 fourthValue = BitConverter.ToInt32(buffer, 0));