Modify an Address with several Offset

Question

Modify an Address with several Offset

Navigation

#1 by (0 votes)

0

Hello, I have this address Game.exe + 01438C2C and these offset 0x0 0x3C 0xA6C and would like to know how to modify the hex value of them. Ex: from 61 72 30 32 to 61 72 30 33

I was using writeprocessmemory with "false" address but I need to use a pointer and I do not know how to do that. Thankful

c#

asked by anonymous 30.01.2015 / 14:42

1 answer

Error Uncaught Error: Syntax error, unrecognized expression: in folder wp-includes Problems starting UIImage with image path coming from core data

score 0 · Answer 1

As you have marked the issue with the C # tag, I believe you are using pinvoke with some function definition WriteProcessMemory in .NET that makes the marshal the best for your need. But I believe the signature set in pinvoke.net is sufficient.

That said, assuming you have a valid hProcess for your Game.exe with the appropriate permissions, you can use something like:

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
    internal class Program
    {
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten);

        private const int PROCESS_VM_WRITE = 0x0020;
        private const int PROCESS_VM_OPERATION = 0x0008;

        [DllImport("kernel32.dll")]
        private static extern IntPtr OpenProcess(int processAccess, bool bInheritHandle, int processId);

        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool CloseHandle(IntPtr hObject);

        private static void Main(string[] args)
        {
            var game = Process.GetProcessesByName("game");
            if (game.Length > 0)
            {
                var hProcess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, false, game[0].Id);
                if (hProcess != IntPtr.Zero)
                {
                    var lpBaseAddress = new IntPtr(0xA6C);
                    var lpBuffer = new byte[] { 0x61, 0x72, 0x30, 0x33 };
                    if (WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, lpBuffer.Length, IntPtr.Zero))
                    {
                        Console.WriteLine("Ok");
                    }
                    else
                    {
                        Console.WriteLine("Falhou");
                    }

                    CloseHandle(hProcess);
                }
                else
                {
                    Console.WriteLine("Não foi possível abrir o processo (OpenProcess).");
                }
            }
            else
            {
                Console.WriteLine("Game não encontrado.");
            }
        }
    }
}

ps: I took the out of the last WriteProcessMemory parameter so I can pass IntPtr.Zero instead of declaring a variable and having to pass.