Read From My Own Address Space

03/15/2016 01:24 majidemo#1
I'm trying to read some data from a pointer on my own address space. I got the pointer from CE.

My code is currently:

PHP Code:
HANDLE ExeBaseAddress GetModuleHandleA(0);

DWORD value = *(DWORD*)(*(DWORD*)ExeBaseAddress 0x7198BC 0x70E);

printf("%d\n\n"value); 
But it always returns "0". Why? On CE it gives the right value.

[Only registered and activated users can see links. Click Here To Register...]
03/15/2016 01:32 Shawak#2
don't know c++ or either internal hacks that good but you may try this:

Code:
DWORD value= ((*(DWORD*)(ExeBaseAddress +0x7198BC)) + 0x70E);
03/15/2016 07:10 wurstbrot123#3
why add modulebase ?
try this:

DWORD value = *(DWORD*)(*(DWORD*)0x7198BC + 0x70E);

printf("%d\n\n", value);
03/15/2016 08:28 Jeoni#4
I would like to quote myself here:
Quote:
Originally Posted by Jeoni View Post
This won't work if you're working in a x64 application.
Why is every god damn newbie (excuse that word, but it was my experience so far) so obsessed with using DWORD as pointer type? Even the winapi does have something like UINT_PTR. In my opinion it's just bad coding style and shows that the programmer didn't make his own basic thoughts and / or has no idea what he is doing and / or is just C&Ping.
And has anyone seen that the target type is a 2 byte integer? Reading 4 byte may destroy the result by reading 2 byte from another unrelated value. Taking that and the fact that using DWORD as a pointer type is just bad style into account, I would do something like this:
Code:
short value = *(short*)(*(UINT_PTR*)0x7198BC + 0x70E);
Or with native types only:
Code:
short value = *(short*)(*(char**)0x7198BC + 0x70E);
Of course, you can use C++-Casts, if you want to and if you're using "C++".

With best regards
Jeon
03/16/2016 14:18 +Yazzn#5
Go C++ or go home.

Code:
#include <cstdint>

std::uintptr_t ptr = *reinterpret_cast<std::uintptr_t *>(0x7198BC);
if (ptr) {
    std::uint16_t value = *reinterpret_cast<std::uint16_t *>(ptr + 0x70E); // or std::int16_t
}