Solved Trouble Reading MultiLevel Pointer C#

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

hacke21

Newbie
Full Member
Jun 3, 2013
7
172
0
Hi,
i have some trouble reading a multilevel pointer.

CE Pointer Screenshot:

upload.PNG


Im using the following code from the MemoryAimbot Tutorial:


Function:
C++:
        public int ReadMultiLevelPointer(int MemoryAddress, uint bytesToRead, Int32[] offsetList)
        {
            IntPtr procHandle = _handleProcess;
            IntPtr pointer = (IntPtr)0x0;
            //IF THE PROCESS isnt available we return nothing
            if (procHandle == IntPtr.Zero)
            {
                return 0;
            }

            byte[] btBuffer = new byte[bytesToRead];
            IntPtr lpOutStorage = IntPtr.Zero;

            int pointerAddy = MemoryAddress;
            //int pointerTemp = 0;
            for (int i = 0; i < (offsetList.Length); i++)
            {
                if (i == 0)
                {
                    MemoryApi.ReadProcessMemory(
                        procHandle,
                        (IntPtr)(pointerAddy),
                        btBuffer,
                        (uint)btBuffer.Length,
                        out lpOutStorage);
                }
                pointerAddy = (BitConverter.ToInt32(btBuffer, 0) + offsetList[i]);
                //string pointerAddyHEX = pointerAddy.ToString("X");

                MemoryApi.ReadProcessMemory(
                    procHandle,
                    (IntPtr)(pointerAddy),
                    btBuffer,
                    (uint)btBuffer.Length,
                    out lpOutStorage);
            }
            Console.WriteLine(pointerAddy);
            return pointerAddy;
        }
Function Call:
C++:
            int baseAddress = 0x0003CDD0;
            int temp1 = memory.ReadMultiLevelPointer(baseAddress, 4, new Int32[] { 0x38, 0x8, 0x18, 0x8, 0x98 });
The Problem is that temp1 is always 0
Someone got an idea ?

Edit:
i can confirm that i the memory read functions works by using the current address (0x0C441A44). But after restarting the program i have to use cheatengine to find the new address.
C++:
Console.WriteLine("Ammo (from current Memory Addrees):"+ memory.getValueofAdress((IntPtr)[COLOR="#FF0000"]0x0C441A44[/COLOR]));
 
Last edited:

hacke21

Newbie
Full Member
Jun 3, 2013
7
172
0
I think there is something wrong with my BaseAdress:

clue.png

Because all bytes are empty while reading from it.
 

hacke21

Newbie
Full Member
Jun 3, 2013
7
172
0
i allready used the Cless Memory Class. Had the same issue.

baseaddy = processAdress ?

Because i didt this:
int yourvalue = Trainer.ReadPointerInt32("YOURPROCESSNAMEHERE", 0x3CDD0, new int [] { 0x38, 0x8, 0x18, 0x8, 0x98 });
xD

EDIT:

THX Till0sch97 ! Finally !

I was so dump to forget the MainModule.BaseAdress !!!
(Spent 2 days on Writing memory libaries or editing others, lol)
 
Last edited:

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
i allready used the Cless Memory Class. Had the same issue.

baseaddy = processAdress ?

Because i didt this:
int yourvalue = Trainer.ReadPointerInt32("YOURPROCESSNAMEHERE", 0x3CDD0, new int [] { 0x38, 0x8, 0x18, 0x8, 0x98 });
xD

EDIT:

THX Till0sch97 ! Finally !

I was so dump to forget the MainModule.BaseAdress !!!
(Spent 2 days on Writing memory libaries or editing others, lol)
Glad I could help. Is it working now?
 

tolo

Newbie
Full Member
Dec 11, 2017
14
34
0
Try my trainer class (Actually it's from "Cless", but a bit modified) (https://guidedhacking.com/showthread.php?3165-C-Better-Trainer-Class)

You just have to get baseaddress in e.g. int baseaddy

and then

int yourvalue = Trainer.ReadPointerInt32("YOURPROCESSNAMEHERE", baseaddy+0x3CDD0, new int [] { 0x38, 0x8, 0x18, 0x8, 0x98 });
what does "baseaddy" now mean??

if you have this pointer:
"game.exe"+016C4454
00200000 imagebaseadress of game.exe
--->>tutorial used get module base adress: https://guidedhacking.com/showthread.php?5781-Get-Module-Base-Address-Tutorial-(Spoonfed)

00200000+016C4454 equals 18C4454 and that equals "game.exe"+016C4454

offsets:
38
4
118
0
18

so do you write it like this????:

int thispointer = Trainer.ReadPointerInt32("game.exe", 00200000+0x016C4454, new int[] { 0x18, 0x0, 0x118, 0x4, 0x38 });
 

Roman_Ablo

Banned
Feb 27, 2017
355
2,402
1
like I know how to do that....nope I don't know how to do that. Do you know how to do it?
Just add the damn offsets one by one and check if they are valid. Alternatively, just do BaseAddr + Offset1 + Offset2... and use that. It's the same thing without the checks.
 

tolo

Newbie
Full Member
Dec 11, 2017
14
34
0
Just add the damn offsets one by one and check if they are valid. Alternatively, just do BaseAddr + Offset1 + Offset2... and use that. It's the same thing without the checks.
can you bea bit more precise??? what code do you mean?! Rake gave me a link to another thread with findDMAAddy function in c++...and he said that i should convert that to c#, I don't know how to convert that over...

and I don't really know what you mean, how about an example?!
 

Boboo99

Scrub
Dank Tier VIP
Fleep Tier Donator
Feb 20, 2016
477
12,178
44
Same goes for you bud ^^

C#:
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace Something
{
    public class Memory
    {
        private static Process _process;

        public delegate byte[] ByteArrayParser<in T>(T value);

        public delegate T TypeParser<out T>(byte[] byteArray);

        protected static Dictionary<Type,object> ByteArrayParsers = new Dictionary<Type, object>();
        protected static Dictionary<Type,object> TypeParsers = new Dictionary<Type, object>();


        public Memory(string processName)
        {
            _process = Process.GetProcesses().Count(p => p.ProcessName == processName) == 1
                ? Process.GetProcesses().First(p => p.ProcessName == processName)
                : throw new Exception("Multiple Processes found");
        }

        protected Memory() { }


        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool ReadProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,[Out] byte[] lpBuffer,int dwSize,out IntPtr lpNumberOfBytesRead);

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);


        protected void WriteToMemory(IntPtr adressToWriteTo,byte[] bufferToWrite, int size)
        {
            IntPtr numberOfBytesRead;
            WriteProcessMemory(_process.Handle, adressToWriteTo, bufferToWrite, size, out numberOfBytesRead);
        }

        protected byte[] ReadFromMemory(IntPtr adressToReadFrom, int size)
        {
            IntPtr numberOfBytesRead;
            byte[] bufferToWriteInto = new byte[size];
            ReadProcessMemory(_process.Handle, adressToReadFrom, bufferToWriteInto, size, out numberOfBytesRead);

            return bufferToWriteInto;
        }

        public static void AddByteParser<T>(ByteArrayParser<T> parser)
            => ByteArrayParsers.Add(typeof(T), parser);

        public static void AddTypeParser<T>(TypeParser<T> parser)
            => TypeParsers.Add(typeof(T), parser);

        public Pointer<T> CreateNewPointer<T>(IntPtr adress, int size)
            => new Pointer<T>(adress,size);
    }



    public class Pointer<T> : Memory
    {
        public IntPtr Adress;
        public int Size;


        public Pointer(IntPtr adress, int size)
        {
            Adress = adress;
            Size = size;
        }

        public T Value
        {
            get => ((TypeParser<T>)TypeParsers[typeof(T)])(ReadFromMemory(Adress,Size));
            set => WriteToMemory(Adress, ((ByteArrayParser<T>)ByteArrayParsers[typeof(T)])(value),Size);
        }
    }
    class Program
    {
        static void Main(string[] args)
        {
            Memory.AddByteParser<string>(s => Encoding.ASCII.GetBytes(s));
            Memory.AddTypeParser<string>(bytes => Encoding.ASCII.GetString(bytes));

            Memory.AddByteParser<int>(i => BitConverter.GetBytes(i));
            Memory.AddTypeParser<int>(bytes => BitConverter.ToInt32(bytes,0));


            var iw5mp = new Memory("iw5mp");

            //assuming you have a pointer like 0xDEADBEEF -> 0xFF -> 0xFF -> leads to actual adress
            var basePointer = iw5mp.CreateNewPointer<int>((IntPtr) 0xDEADBEEF, 4);

            var level1Pointer = iw5mp.CreateNewPointer<int>((IntPtr) (basePointer.Value + 0xFF), 4);

            var level2Pointer = iw5mp.CreateNewPointer<int>((IntPtr) (level1Pointer.Value + 0xFF), 4);

            if(level2Pointer.Value < 1)
                level2Pointer.Value = 100; 

            Console.ReadKey();


            //Or to abstract it:

            Pointer<int> ReadDMAddys(Pointer<int> startPointer, List<int> offsets) //Yo the namning of these hacking plebs is terrible -> this is untested tho I might have fucked up something
            {
                foreach (var offset in offsets)
                {
                    startPointer = iw5mp.CreateNewPointer<int>(startPointer.Adress, 4);

                    startPointer.Adress = (IntPtr)startPointer.Value + offset;

                }

                return startPointer;
            }
        }
    }
}
The memory class itself works atleast on the one test I made, the ReadDMAddys function, idk wether it works or not as it is untested.

Anyway good luck have fun ^^
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods