Memory Scanner not finding results

Question

Im writing a small memory scanner application to find pointers in the memory.
But i don't seem to be getting the expected results.

I have the following code:

[DllImport("kernel32.dll")]
private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] buffer, UInt32 size, IntPtr lpNumberOfBytesRead);

public int ReadInt(long Address)
{
    byte[] buffer = new byte[4];
    ReadProcessMemory(ProcessHandle, (IntPtr)Address, buffer, 4, IntPtr.Zero); // this always returns true
    return BitConverter.ToInt32(buffer, 0);
}

public List<long> SearchInt(long start, long end, int value)
{
    List<long> results = new List<long>();
    for (long i = start; i < end; i++)
    {
        try
        {
            if (ReadInt(i) == value)
                results.Add(i);
        }
        catch (Exception)
        {
            break; // no exceptions occur
        }
    }
    return results;
}

if i call the method like this:

SearchInt(baseAddress.ToInt64(), lastAddress.ToInt64(), 1234)

I know for a fact that the process im reading has an integer with the value of 1234 but i don't get any results. If i scan for other values i sometimes get results.

baseAddress is process.MainModule.BaseAddress
and
lastAddress is baseAddress + process.MainModule.ModuleMemorySize

Am i missing somthing here?

Answer 1

This would not work if the value you are searching for is initialized at runtime and not a part of the static compiled code. It would then lie outside the memory area defined by BaseAddress + ModuleMemorySize

From ProcessModule.ModuleMemorySize:

ModuleMemorySize does not include any additional memory allocations that the module makes once it is running; it includes only the size of the static code and data in the module file.