How to write process memory with multilevel pointer in C#

-3

There are probably several posts that explain my problem. But I have been searching StackOverflow for hours and googling and I didn't found anything working right. So here I go.

I want to Write in a Process Memory (but it's a multilevel pointer) and also it's not the executable file its the DLL in the executable file. As you can see in the Screenshot.

Screenshot: CheatEngine Pointer

But I don't even know clearly how it works so I am asking for your help.

This is the class I am using:

public class NewMem
{
    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);

    [DllImport("kernel32.dll", SetLastError = true)]
    public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);

    public Process Process { get; set; }

    public static IntPtr GetModuleBaseAddress(Process proc, string modName)
    {
        IntPtr addr = IntPtr.Zero;

        foreach (ProcessModule m in proc.Modules)
        {
            if (m.ModuleName == modName)
            {
                addr = m.BaseAddress;
                break;
            }
        }
        return addr;
    }

    public static IntPtr FindDMAAddy(IntPtr hProc, IntPtr ptr, int[] offsets)
    {
        var buffer = new byte[IntPtr.Size];
        foreach (int i in offsets)
        {
            ReadProcessMemory(hProc, ptr, buffer, buffer.Length, out var read);

            ptr = (IntPtr.Size == 4)
            ? IntPtr.Add(new IntPtr(BitConverter.ToInt32(buffer, 0)), i)
            : ptr = IntPtr.Add(new IntPtr(BitConverter.ToInt64(buffer, 0)), i);
        }
        return ptr;
    }

    public string ReadStringASCII(IntPtr address)
    {
        var myString = "";

        for (int i = 1; i < 50; i++)
        {
            var bytes = ReadMemory(address, i);
            if (bytes[(i - 1)] == 0)
            {
                return myString;
            }
            myString = Encoding.ASCII.GetString(bytes);
        }

        return myString;
    }

    public byte[] ReadMemory(IntPtr address, int size)
    {
        var buffer = new byte[size];
        var bytesRead = 0;

        ReadProcessMemory((int)Process.Handle, (int)address, buffer, buffer.Length, ref bytesRead);

        return buffer;

    }
}

That's how I call it:

NewMem MClass = new NewMem();

        var client = Process.GetProcessesByName("PokeOne").FirstOrDefault();

        MClass.Process = client;

        // Get handle to process
        var hProc = NewMem.OpenProcess(0x00000010, false, client.Id);

        // Get base module
        var modBase = NewMem.GetModuleBaseAddress(client, "UnityPlayer.dll");

        // Get relative base address
        var vBasePointer = NewMem.FindDMAAddy(hProc, (IntPtr)(modBase + 0x010ADE1C), new int[] { 0xAC, 0xC, 0x3C, 0x24, 0x38 });

        // Get string
        if (vBasePointer != IntPtr.Zero)
        {
            var vNameAddress = vBasePointer + 0x20;
            var vName = MClass.ReadStringASCII(vNameAddress);
        }

But it gives me the wrong address: Screenshot

c#
pointers
memory
cheat-engine
write
asked on Stack Overflow Aug 6, 2020 by Hesam A. • edited Aug 6, 2020 by Hesam A.

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0