0

I'm trying to extract the value from a memory address using the base address of a .dll + offsets.

I used Cheat Engine to find the base address, and pymem to get the base address as hex.

enter image description here

Here's the code I used to find the base address:

import pymem
pm = pymem.Pymem("PD.exe")
baseAddress = pymem.process.module_from_name(pm.process_handle, "jvm.dll").lpBaseOfDll

print(hex(baseAddress))

#output: 0x51250000

For reading the value I'm using ReadWriteMemory.

from ReadWriteMemory import ReadWriteMemory

rwm = ReadWriteMemory()

process = rwm.get_process_by_id(4372)
process.open()

hp_pointer = process.get_pointer(0x51250000 + 0x0036e654, offsets=[0x28, 0x1d0, 0x26, 0x3a, 0x12])
hp = process.read(hp_pointer)
print(hp)

I used the output from the first code as the base address and added +0036e654 to it, but the output is always 0.

If I replace "jvm.dll" with 51250000 in Cheat Engine the addresses are still calculated correctly.

enter image description here

Serveira
  • 41
  • 1
  • 3
  • 21

1 Answers1

0

I was getting it all wrong from the start. The pointer offsets showed in Cheat Engine are hex values, so the offsets should be offsets=[0x40, 0x464, 0x38, 0x58, 0x18].

Serveira
  • 41
  • 1
  • 3
  • 21
  • Does this solve your problem? If so, you should mark this as the correct answer. If not, you should edit your original question to include this new information. – RufusVS Oct 13 '21 at 01:26
  • It does, but I can only mark is as an answer tomorrow – Serveira Oct 13 '21 at 11:27