Modify an Address with several Offset

Question

Modify an Address with several Offset

Asked 9 years, 5 months ago

Viewed 50 times

0

Hi, I have this address Game.exe + 01438C2C and these offset 0x0 0x3C 0xA6C and would like to know how to modify the value in their Hex. Ex: 61 72 30 32 for 61 72 30 33

I was using writeprocessmemory with address "false" however I need to use a Pointer and do not know how to do it. Thank you

2

A larger amount of code would help solve the problem, I believe.

– mutlei

2015/01/30 at 13:43
The details are vague, you could post a fragment of your code and where you would have to apply that pointer?

– Metalus

2015/01/31 at 00:08

1 answer

Browser other questions tagged c#

You are not signed in. Login or sign up in order to post.

by Bruno Piovan • **724** points · Answer 1 · 2015-10-23T16:55:43+00:00

As you marked the issue with the C#tag, I believe you are using pinvoke with some function definition Writeprocessmemory in . net that makes the marshal the best way for his need. However I believe the signature defined in pinvoke.net be sufficient.

That being said, assuming you have a valid hProcess for your Game.exe with the proper permissions, you can use something like:

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace ConsoleApplication1
{
    internal class Program
    {
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten);

        private const int PROCESS_VM_WRITE = 0x0020;
        private const int PROCESS_VM_OPERATION = 0x0008;

        [DllImport("kernel32.dll")]
        private static extern IntPtr OpenProcess(int processAccess, bool bInheritHandle, int processId);

        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        private static extern bool CloseHandle(IntPtr hObject);

        private static void Main(string[] args)
        {
            var game = Process.GetProcessesByName("game");
            if (game.Length > 0)
            {
                var hProcess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, false, game[0].Id);
                if (hProcess != IntPtr.Zero)
                {
                    var lpBaseAddress = new IntPtr(0xA6C);
                    var lpBuffer = new byte[] { 0x61, 0x72, 0x30, 0x33 };
                    if (WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, lpBuffer.Length, IntPtr.Zero))
                    {
                        Console.WriteLine("Ok");
                    }
                    else
                    {
                        Console.WriteLine("Falhou");
                    }

                    CloseHandle(hProcess);
                }
                else
                {
                    Console.WriteLine("Não foi possível abrir o processo (OpenProcess).");
                }
            }
            else
            {
                Console.WriteLine("Game não encontrado.");
            }
        }
    }
}

ps: I took the out from the last Writeprocessmemory parameter to pass Intptr.Zero instead of declaring a variable and having to pass.