Sodruza
10-26-2016, 10:45 AM
Hello people,
I have been working on a function where I could input a base address and pointer(s), in order to get the address of the "final" address. That function could be used to deal with the memory pretty easily through excel (I tell you why in my PS).
To be honest, I started to do it alone, but on that one Google couldn't help me. I have literally spent hours searching everywhere on the web :/ Then I started to ask this question in a forum in my native language, unfortunately nothing working has been found. This is why I am trying in an English forum, there must be more people.
Here is a working VB.net version of the function:
<DllImport("kernel32.dll", SetLastError:=True)> Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function
Public Function GetPointedAddr(ByVal BFhandle As IntPtr, ByVal BaseAddr As IntPtr, Optional ByVal Offs0 As Integer = -1, Optional ByVal Offs1 As Integer = -1, Optional ByVal Offs2 As Integer = -1, Optional ByVal Offs3 As Integer = -1, Optional ByVal Offs4 As Integer = -1) As Integer
Dim Ptr As Integer = 0
Dim TempBuf(4) As Byte
ReadProcessMemory(BFhandle, BaseAddr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs0
If Offs1 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs1
If Offs2 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs2
If Offs3 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs3
If Offs4 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs4
Return Ptr
End Function
The thing is : I can not get the read process memory to give me the "name" of the Adress instead of the value of the Address. For example if the Address is 50F4F4 and it's value is 100, I can only get 100 not the "50F4F4"...
I did not think it was a good idea to give you my non-working tries/tests on VBA, since it s more going to mix you up instead of helping. If you want the version of this function in C#, just tell me.
Thanks in advance.
PS: I have this function "GetPointedAddress" working on C# and VB.net. My goal is to be skilled in the 3 languages and not in only one them (I could focus on C#).
I have been working on a function where I could input a base address and pointer(s), in order to get the address of the "final" address. That function could be used to deal with the memory pretty easily through excel (I tell you why in my PS).
To be honest, I started to do it alone, but on that one Google couldn't help me. I have literally spent hours searching everywhere on the web :/ Then I started to ask this question in a forum in my native language, unfortunately nothing working has been found. This is why I am trying in an English forum, there must be more people.
Here is a working VB.net version of the function:
<DllImport("kernel32.dll", SetLastError:=True)> Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, <Out()> ByVal lpBuffer() As Byte, ByVal dwSize As Integer, ByRef lpNumberOfBytesRead As Integer) As Boolean
End Function
Public Function GetPointedAddr(ByVal BFhandle As IntPtr, ByVal BaseAddr As IntPtr, Optional ByVal Offs0 As Integer = -1, Optional ByVal Offs1 As Integer = -1, Optional ByVal Offs2 As Integer = -1, Optional ByVal Offs3 As Integer = -1, Optional ByVal Offs4 As Integer = -1) As Integer
Dim Ptr As Integer = 0
Dim TempBuf(4) As Byte
ReadProcessMemory(BFhandle, BaseAddr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs0
If Offs1 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs1
If Offs2 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs2
If Offs3 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs3
If Offs4 = -1 Then Return BitConverter.ToInt32(TempBuf, 0)
ReadProcessMemory(BFhandle, Ptr, TempBuf, 4, 0)
Ptr = BitConverter.ToInt32(TempBuf, 0) + Offs4
Return Ptr
End Function
The thing is : I can not get the read process memory to give me the "name" of the Adress instead of the value of the Address. For example if the Address is 50F4F4 and it's value is 100, I can only get 100 not the "50F4F4"...
I did not think it was a good idea to give you my non-working tries/tests on VBA, since it s more going to mix you up instead of helping. If you want the version of this function in C#, just tell me.
Thanks in advance.
PS: I have this function "GetPointedAddress" working on C# and VB.net. My goal is to be skilled in the 3 languages and not in only one them (I could focus on C#).