Python not adding offsets correctly

Question

I'm writing a program that changes the value at a given memory address, I've figured out the pointers using Cheat Engine

I've found the imagebase for UnityPlayer.dll and in cheat engine, everything seems to work fine

However, when I try to implement the same in python, I run into a few problems

pm = pymem.Pymem("hollow_knight.exe")
#204F36DB1C4

gameModule = module_from_name(pm.process_handle, "UnityPlayer.dll").lpBaseOfDll
print(gameModule)

def getPtrAddress(base, offsets):
    addr = pm.read_int(base)
    for i in offsets:
        if i != offsets[-1]:
            addr = pm.read_int(addr + i)
    addr =  addr + offsets[-1]
    return addr

geo = pm.read_int(getPtrAddress(gameModule+0x019B8900, offsets = [0x0, 0xD8, 0x268, 0xC8, 0x1C4]))
print(geo)

On running this code, I run into an error since the memory address I'm trying to access that doesn't exist.

pymem.exception.MemoryReadError: Could not read memory at: 6257936, length: 4 - GetLastError: 299

Answer 1

According to the documentation here:

read_int(self, address)

"Reads 4 byte from an area of memory in a specified process."

Now the application seems to be a 64bit application, as such pointers are 8 bytes. You are only reading half of the address.

Answer 2

Update: I was able to fix the issue by making use of RemotePointers

pm = Pymem("hollow_knight.exe")
gameModule = module_from_name(pm.process_handle, "UnityPlayer.dll").lpBaseOfDll


def getPointerAddress(base, offsets):
    remote_pointer = RemotePointer(pm.process_handle, base)
    for offset in offsets:
        if offset != offsets[-1]:
            remote_pointer = RemotePointer(pm.process_handle, remote_pointer.value + offset)
        else:
            return remote_pointer.value + offset
while True:
    if keyboard.is_pressed("q"):
        geo = pm.read_int(getPointerAddress(gameModule+0x019B8900, offsets=[0x0, 0xD8, 0x268, 0xC8, 0x1C4]))
        pm.write_int(getPointerAddress(gameModule+0x019B8900, offsets=[0x0, 0xD8, 0x268, 0xC8, 0x1C4]), geo+1)