I'm attempting to read a float within a process (a game).
Looking in Cheat Engine I can locate the address I need, however it's at wow64cpu.dll + 4720, with an offset of 34.
As such I've tried finding the base address of the wow64cpu.dll in the process, but this is where I'm confused.
I don't understand how to now use this address as all my attempts seem to be way off.
Process[] processes = Process.GetProcessesByName("Napoleon");
Process process = processes[0];
ProcessModuleCollection modules = process.Modules;
ProcessModule dllBaseAdress = null;
foreach (ProcessModule i in modules)
{
if (i.ModuleName == "wow64cpu.dll")
{
dllBaseAdress = i;
break;
}
}
IntPtr dllPtr = dllBaseAdress.BaseAddress;
int pointer = dllPtr.ToInt32() + 0x4720;
int offset = 34;
IntPtr hProc = OpenProcess(ProcessAccessFlags.All, false, process.Id);
int bytesRead;
byte[] buffer = new byte[4];
ReadProcessMemory(hProc, new IntPtr(pointer + offset), buffer, 4, out bytesRead);
float lightColourScale = BitConverter.ToSingle(buffer, 0);
My question is where am I going wrong with the use of the base address of the DLL, or perhaps elsewhere, I'm unsure how to use it to find my address?
I've also compiled the program in x64 as otherwise it won't find the wow64cpu.dll.
Thanks
Your offset must be added to the pointer read at the location
wow64cpu.dll + 4720, so if your addresses are correct, the location of your float is located at[wow64cpu.dll + 4720] + 30.Your code would be
Nevertheless, it's really a pain to call all these functions by hand. I highly suggest you to use an injection library, that wraps all these calls for you.
The library MemorySharp would be fine for you (I'm the author). In your case, you could write the following code.
Cheat Engine gives its values in hex. Did you convert them in dec before using them ?
Also, another question is similar to yours: Find address using pointer and offset C#