ReadProcessMemory from a .DLL with offset

**LEZIK** · 04-23-2016

Hello,

i am kinda stuck with my function.
i want to read out a string from the game SAMP.
Found it in CE and looks exactly like this:

It is pretty easy to read out the memory from only a window, but reading with a pointer from a .DLL is a bit too unknow for me.

So far i got the GetModuleBaseAddress function:

Code:

DWORD GetModuleBaseAddress(LPCWSTR szProcessName, LPCWSTR szModuleName)
{
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pe32;

	if (hSnap == INVALID_HANDLE_VALUE)
	{
		return 0;
	}
	pe32.dwSize = sizeof(PROCESSENTRY32);
	if (Process32First(hSnap, &pe32) == 0)
	{
		CloseHandle(hSnap);
		return 0;
	}

	do
	{
		if (lstrcmp(pe32.szExeFile, szProcessName) == 0)
		{
			int PID;
			PID = pe32.th32ProcessID;

			HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
			MODULEENTRY32 xModule;

			if (hSnap == INVALID_HANDLE_VALUE)
			{
				return 0;
			}
			xModule.dwSize = sizeof(MODULEENTRY32);
			if (Module32First(hSnap, &xModule) == 0)
			{
				CloseHandle(hSnap);
				return 0;
			}

			do
			{
				if (lstrcmp(xModule.szModule, szModuleName) == 0)
				{
					CloseHandle(hSnap);
					return (DWORD)xModule.modBaseAddr;
				}
			} while (Module32Next(hSnap, &xModule));
			CloseHandle(hSnap);
			return 0;
		}
	} while (Process32Next(hSnap, &pe32));
	CloseHandle(hSnap);
	return 0;
}

and this is in my main function:

Code:

	pHandle = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_VM_OPERATION, TRUE, pId);
	DWORD ADDR;
	DWORD SAMPDLLBASE = GetModuleBaseAddress(L"GTA:SA:MP", L"samp.dll");
	const char* ServerString;

	ReadProcessMemory(pHandle, (LPVOID)(SAMPDLLBASE + 0x21A0F8), (LPVOID)&ADDR, sizeof(ADDR), NULL);
	ADDR += 121;
	ReadProcessMemory(pHandle, (LPVOID)(ADDR), (LPVOID)&ServerString, sizeof(ServerString), NULL);
	cout << ServerString;

hopefully some nice guy can post me an example or something where i can look up, how this works.

**MikeRohsoft** · 04-23-2016

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <stdio.h>
#include <TlHelp32.h>


__int64 GetModuleBaseAddress(LPCWSTR szProcessName, LPCWSTR szModuleName)
{
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pe32;

	if (hSnap == INVALID_HANDLE_VALUE)
	{
		return 0;
	}
	pe32.dwSize = sizeof(PROCESSENTRY32);
	if (Process32First(hSnap, &pe32) == 0)
	{
		CloseHandle(hSnap);
		return 0;
	}

	do
	{
		if (lstrcmp(pe32.szExeFile, szProcessName) == 0)
		{
			int PID;
			PID = pe32.th32ProcessID;

			HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
			MODULEENTRY32 xModule;

			if (hSnap == INVALID_HANDLE_VALUE)
			{
				return 0;
			}
			xModule.dwSize = sizeof(MODULEENTRY32);
			if (Module32First(hSnap, &xModule) == 0)
			{
				CloseHandle(hSnap);
				return 0;
			}

			do
			{
				if (lstrcmp(xModule.szModule, szModuleName) == 0)
				{
					CloseHandle(hSnap);
					return (__int64)xModule.modBaseAddr;
				}
			} while (Module32Next(hSnap, &xModule));
			CloseHandle(hSnap);
			return 0;
		}
	} while (Process32Next(hSnap, &pe32));
	CloseHandle(hSnap);
	return 0;
}

int main()
{
	wchar_t* wCharWindowName = L"Grand Theft Auto V";
	wchar_t* GameTitle = L"GTA5.exe";
	
	HWND WindowHandle = FindWindow(NULL, wCharWindowName);
	
	__int64 baseaddr = GetModuleBaseAddress(GameTitle, GameTitle);
	DWORD PlayerInfo = 0x1B29400;
	DWORD PlayerOffset = 0x280;
	float value = 0; 
	
	DWORD pid; 
	GetWindowThreadProcessId(WindowHandle, &pid); 
	HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid); 
	while (1)  
	{
		float Life = 0;
		__int64  pLifeAddress = 0;
			
		ReadProcessMemory(phandle, (void*)(baseaddr + PlayerInfo), &pLifeAddress, sizeof(pLifeAddress), 0);
		ReadProcessMemory(phandle, (void*)(pLifeAddress + PlayerOffset), &Life, sizeof(Life), 0);
		std::cout << "Life: "<< Life << "\n";
		Sleep(1000);
	}
	return 0;
}

Life: 200
Life: 200
Life: 200
...

**LEZIK** · 04-23-2016

Originally Posted by MikeRohsoft

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <stdio.h>
#include <TlHelp32.h>


__int64 GetModuleBaseAddress(LPCWSTR szProcessName, LPCWSTR szModuleName)
{
	HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 pe32;

	if (hSnap == INVALID_HANDLE_VALUE)
	{
		return 0;
	}
	pe32.dwSize = sizeof(PROCESSENTRY32);
	if (Process32First(hSnap, &pe32) == 0)
	{
		CloseHandle(hSnap);
		return 0;
	}

	do
	{
		if (lstrcmp(pe32.szExeFile, szProcessName) == 0)
		{
			int PID;
			PID = pe32.th32ProcessID;

			HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
			MODULEENTRY32 xModule;

			if (hSnap == INVALID_HANDLE_VALUE)
			{
				return 0;
			}
			xModule.dwSize = sizeof(MODULEENTRY32);
			if (Module32First(hSnap, &xModule) == 0)
			{
				CloseHandle(hSnap);
				return 0;
			}

			do
			{
				if (lstrcmp(xModule.szModule, szModuleName) == 0)
				{
					CloseHandle(hSnap);
					return (__int64)xModule.modBaseAddr;
				}
			} while (Module32Next(hSnap, &xModule));
			CloseHandle(hSnap);
			return 0;
		}
	} while (Process32Next(hSnap, &pe32));
	CloseHandle(hSnap);
	return 0;
}

int main()
{
	wchar_t* wCharWindowName = L"Grand Theft Auto V";
	wchar_t* GameTitle = L"GTA5.exe";
	
	HWND WindowHandle = FindWindow(NULL, wCharWindowName);
	
	__int64 baseaddr = GetModuleBaseAddress(GameTitle, GameTitle);
	DWORD PlayerInfo = 0x1B29400;
	DWORD PlayerOffset = 0x280;
	float value = 0; 
	
	DWORD pid; 
	GetWindowThreadProcessId(WindowHandle, &pid); 
	HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid); 
	while (1)  
	{
		float Life = 0;
		__int64  pLifeAddress = 0;
			
		ReadProcessMemory(phandle, (void*)(baseaddr + PlayerInfo), &pLifeAddress, sizeof(pLifeAddress), 0);
		ReadProcessMemory(phandle, (void*)(pLifeAddress + PlayerOffset), &Life, sizeof(Life), 0);
		std::cout << "Life: "<< Life << "\n";
		Sleep(1000);
	}
	return 0;
}

Life: 200
Life: 200
Life: 200
...

that would prob. fix my problem with the offset but not with .dll.
or should i just replace GTA5.exe with my dll?

**MikeRohsoft** · 04-23-2016

Originally Posted by LEZIK

that would prob. fix my problem with the offset but not with .dll.
or should i just replace GTA5.exe with my dll?

I don't know.
Create a new Pointer in CE, insert "samp.dll" in this and writedown the Integer
If your variable SAMPDLLBASE output of cout is the same, you got it

Code:

DWORD SAMPDLLBASE = GetModuleBaseAddress(L"GTA:SA:MP", L"samp.dll");
std::cout << SAMPDLLBASE << "\n";

Read String:

Code:

char* buffer = new char[1];
ReadProcessMemory(phandle, (void*)(baseaddr + 0x23713DE), &buffer[0], 10, 0);
std::cout << "PlayerName: " << buffer;

**LEZIK** · 04-29-2016

Found my mistake already some time ago, just want to clear things out and post my solution.
The function GetModuleBaseAddress() was right but it gave me no value back.
Thats when i realized, that i don't need to put in the window name rather the name of the .exe.
So in my case it was gta_sa.exe.

Code:

DWORD SAMPDLLBASE = GetModuleBaseAddress(L"gta_sa.exe", L"samp.dll");

/close

**bario2009** · 05-30-2016

Where I Need Put The Value?

**RazorHacker** · 07-27-2016

Your Is Float how about 4bytes

**UberCamper2012** · 08-03-2016

What is in your dll?
Did you make it?
Is it re-used code?
What is your knowledge of pointers? Is it small?

Thread: ReadProcessMemory from a .DLL with offset

Thread Tools

Display

ReadProcessMemory from a .DLL with offset

Similar Threads

[Help] New Update from WH.dll pls the LINK!!

[Help] Dealing with pointers from a dll

only sat chams hack .dll with hotkey

Help with hooking from a dll

need help with offset problem

Tags for this Thread