Python Forum

Full Version: Get sum of base DLL address and its offsets?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi! Sorry if I missed the section)
I don't know much about С++ and ctypes, please don't kick me right away)
If this question was already asked - sorry.

Im writing a program to track the state of the character in the game.
I have a fragment python code, with it help i wanna get someone value from memory, but i dont comprehend how i can sum base DLL address and its offsets..

# with pywin32 get pid and loaded modules


for i in range(len(modules)):
dllName ='NWindow.DLL', win32process.GetModuleFileNameEx(processHandle,modules[i]))

if dllName:
    dllAddress = modules[i]

dllAddress += 0x009CF49C      # Base DLL address + something from CE ..:D
offsets = [0x5AC, 0x200, 0x268, 0x6C4, 0x240]  # Offsets list

buffer = (ctypes.c_byte * 4)()
bytesRead = ctypes.c_ulonglong(0)
pHandle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, get_pid('proccess.exe'))

ctypes.windll.kernel32.ReadProcessMemory(pHandle, dllAddress+sum(offsets), buffer, len(buffer), 

print(struct.unpack('i', buffer)[0])
For example: from Cheat Engine i get this view:
[Image: Vnh1d.png]

Adding up the address of the desired DLL and its offsets in python I do not get the same address as CE:

CE: 0x0F386E40
Py: 0xDAD07B4
And of course, i cant get true value from wrong address.. But if i just put (dynamic)address which found by CE, i get true value.

I dont have enough knowledge of working with RAM, help me please..)
I hope I made the question clear..