[Help]C# few questions

[shimo diaz]

OK a while ago I posted a thread asking about memory addresses and where to put the codes now I am changing my question

First question: Is this the right place for the codes?
(note: If this isn't the right place there is a chance that I will commit suicide)

Second question: lots of things I can't get or can't understand!
dwProcessId ----> How to get it?
lpBaseAddress ---> Is this where I should put the memory address?
byte[] lpBuffer ---> What exactly is this and how to get it?!

This is my full code (thanks in advance)

PHP Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;
using System.Diagnostics;


namespace ConsoleApplication1
{
    class Program
    {
        enum ProcessAccessFlags : uint
        {
            All = 0x001F0FFF,
            Terminate = 0x00000001,
            CreateThread = 0x00000002,
            VMOperation = 0x00000008,
            VMRead = 0x00000010,
            VMWrite = 0x00000020,
            DupHandle = 0x00000040,
            SetInformation = 0x00000200,
            QueryInformation = 0x00000400,
            Synchronize = 0x00100000
        }
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess,
            [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
            int dwProcessId);
        [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool ReadProcessMemory(IntPtr hProcess,
            IntPtr lpBaseAddress,
     byte[] lpBuffer,
            UIntPtr nSize,
            out int lpNumberOfBytesRead);
        static void Main(string[] args)
        {
            IntPtr hProcess = OpenProcess(ProcessAccessFlags.VMRead, false, 0x0012C0);
            ReadProcessMemory(hProcess, 0xE72E40, , 4, 0);
        }
    }
} 


If there is any thing wrong with the code other than the empty spots please tell me. (thanks again)

I know this isn't actually related to CO but most of epvp coders are Germans.

[Huseby]

#Moved

Most Germans knows English tho.

[n00byplay]

Code:

//Get All Processes with the specified name
Process[] processes = Process.GetProcessesByName("notepad.exe");
//You also can show the user a list of the founded processes and he have to select one
//If you/the user selected one process you can access the Process-Id
OpenProcess( ... , ... , processes[0].Id);

The process Id is an unique number to identify processes.
You need to add the out keyword to the declaration of your function:

Code:

[DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(IntPtr hProcess,
IntPtr lpBaseAddress,
[B][COLOR="Red"]out[/COLOR][/B] byte[] lpBuffer,
UIntPtr nSize,
out int lpNumberOfBytesRead);

Then you create a simple byte array, pass it with the out keyword and convert it in a string/long/... using the BitConverter

Sry for my bad english

[shimo diaz]

Hi thanks for your help I am sorry but can you help me a bit more
Is this code right I am looking for a process with the name "Conquer.exe"

PHP Code:

            Process[] processes = Process.GetProcessesByName("Conquer.exe");
            IntPtr hProcess = OpenProcess(ProcessAccessFlags.VMRead, false, processes[0].Id);
            ReadProcessMemory(hProcess, 0xE72E40, , 4, 0); 


One more thing I don't get the byte[] lpBuffer thing can you explain it more and if it isn't too much trouble please check my code in the first post and after reading the the memory address how do I turn the value into string? (sorry I am asking too much!)

[n00byplay]

You can use the class BitConverter to convert this byte-array into a string:

PHP Code:

byte[] byteArray;
ReadProcessMemory(..., ..., out byteArray, ..., ...);
string strReaded = BitConverter.ToString(byteArray); 


[shimo diaz]

Hi sorry i tried the code you gave me but it didn't work

so please check my code one more time and tell me what's wrong!

PHP Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;
using System.Diagnostics;
using HANDLE = System.IntPtr;


namespace ConsoleApplication1
{
    class Program
    {
        enum ProcessAccessFlags : uint
        {
            All = 0x001F0FFF,
            Terminate = 0x00000001,
            CreateThread = 0x00000002,
            VMOperation = 0x00000008,
            VMRead = 0x00000010,
            VMWrite = 0x00000020,
            DupHandle = 0x00000040,
            SetInformation = 0x00000200,
            QueryInformation = 0x00000400,
            Synchronize = 0x00100000
        }
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess,
            [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
            int dwProcessId);
        [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool ReadProcessMemory(IntPtr hProcess,
            IntPtr lpBaseAddress,
     byte[] lpBuffer,
            UIntPtr nSize,
            out int lpNumberOfBytesRead);
        [DllImport("coredll.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Auto)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool CloseHandle(HANDLE hObject);
        static void Main(string[] args)
        {
            Process[] processes = Process.GetProcessesByName("Conquer.exe");
            HANDLE hProcess = OpenProcess(ProcessAccessFlags.VMRead, false, processes[0].Id);
            if (hProcess == 0)
            {return;}
            byte[] byteArray;
            ReadProcessMemory(hProcess, 0xE72E40, out byteArray, 4, null);
            CloseHandle(hProcess);
            string strReaded = BitConverter.ToString(byteArray); 
        }
    }
} 


[n00byplay]

Code:

        [DllImport("kernel32.dll", SetLastError = true, PreserveSig = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool ReadProcessMemory(IntPtr hProcess,
            IntPtr lpBaseAddress,
     [COLOR="Red"]out[/COLOR] byte[] lpBuffer,
            UIntPtr nSize,
            out int lpNumberOfBytesRead);

You have to write the "out"-keyword at the function-declaration, too.
And what is the other error message?

[Henri_]

What are you trying to do? Get a string or an integer value? If it is an int, you just have to declare "int thisfreakenunknownvalue" and then switch for "byte []lpBuffer". If it is a string, you can either declare "char thatdamnunknownstring" or "char thatdamnunknownstring[]". Also, if the user has 2 process of the same name, this function might not work properly, you better get the handles of the desired window, and then you can be sure that it will work good. Another thing that you must know, if this game has any anti-hacking system such as gameguard or hackshield, it will NOT work... By the way, this is VB.

[shimo diaz]

Quote:

Originally Posted by Henri_

What are you trying to do? Get a string or an integer value? If it is an int, you just have to declare "int thisfreakenunknownvalue" and then switch for "byte []lpBuffer". If it is a string, you can either declare "char thatdamnunknownstring" or "char thatdamnunknownstring[]". Also, if the user has 2 process of the same name, this function might not work properly, you better get the handles of the desired window, and then you can be sure that it will work good. Another thing that you must know, if this game has any anti-hacking system such as gameguard or hackshield, it will NOT work... By the way, this is VB.

Thanks for your concern but I am using C# and I don't understand what do you mean by switching for "byte[] IpBuffer" if you don't mind give me a code that explains this.