Hi! Sorry if I missed the section)
I don't know much about С++ and ctypes, please don't kick me right away)
If this question was already asked - sorry.
Im writing a program to track the state of the character in the game.
I have a fragment python code, with it help i wanna get someone value from memory, but i dont comprehend how i can sum base DLL address and its offsets..
Adding up the address of the desired DLL and its offsets in python I do not get the same address as CE:
CE: 0x0F386E40
Py: 0xDAD07B4
And of course, i cant get true value from wrong address.. But if i just put (dynamic)address which found by CE, i get true value.
I dont have enough knowledge of working with RAM, help me please..)
I hope I made the question clear..
I don't know much about С++ and ctypes, please don't kick me right away)
If this question was already asked - sorry.
Im writing a program to track the state of the character in the game.
I have a fragment python code, with it help i wanna get someone value from memory, but i dont comprehend how i can sum base DLL address and its offsets..
# with pywin32 get pid and loaded modules ..... for i in range(len(modules)): dllName = re.search('NWindow.DLL', win32process.GetModuleFileNameEx(processHandle,modules[i])) if dllName: dllAddress = modules[i] print(hex(dllAddress),win32process.GetModuleFileNameEx(processHandle,modules[i])) break processHandle.close() dllAddress += 0x009CF49C # Base DLL address + something from CE ..:D offsets = [0x5AC, 0x200, 0x268, 0x6C4, 0x240] # Offsets list buffer = (ctypes.c_byte * 4)() bytesRead = ctypes.c_ulonglong(0) pHandle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, get_pid('proccess.exe')) ctypes.windll.kernel32.ReadProcessMemory(pHandle, dllAddress+sum(offsets), buffer, len(buffer), ctypes.byref(bytesRead)) print(struct.unpack('i', buffer)[0])For example: from Cheat Engine i get this view:
Adding up the address of the desired DLL and its offsets in python I do not get the same address as CE:
CE: 0x0F386E40
Py: 0xDAD07B4
And of course, i cant get true value from wrong address.. But if i just put (dynamic)address which found by CE, i get true value.
I dont have enough knowledge of working with RAM, help me please..)
I hope I made the question clear..