1

I wrote a dll application that is hooked into a process. It works but it ONLY shows the FIRST letter.
I wanted to get the whole string. The string could vary from 2 letters to 32 letters.

//READING MEMORY
HANDLE ExeBaseAddress = GetModuleHandleA(0);

char uNameAddr = *(char*)((char*)ExeBaseAddress + 0x34F01C);
printf("%c \n", uNameAddr);

I also wanted to understand the parts:

 *(char*)((char*) //<-- what this is for.

And if it is possible to use this if using multilevel pointers:

char multipoint = *(char*)((char*)ExeBaseAddress + 0x34F01C + 0x123 + 0x321 + 0x20);

UPDATE

I guess something is wrong here:

if(uNameAddr == "omnicient")
    cout << "YOU ARE OMNI" << endl;

I used the username name omnicient but it did not cout YOU ARE OMNI. I guess my compare is wrong?

Improve this question
6
  • %c means character. %s means string. Commented Apr 18, 2013 at 0:02
  • And *(char*)((char*) something) means: convert something into a char pointer, then... convert it again for some reason (bizarre code), then dereference it (find the thing it pointed to). In this case, the first character of the string Commented Apr 18, 2013 at 0:03
  • Yes, but if I use %s when the app displays the data. It crashes. Commented Apr 18, 2013 at 0:03
  • yes because you also need to change it to a char*. Hang on, too much code for a comment Commented Apr 18, 2013 at 0:03
  • Well for starters uNameAddr is defined as a single character, Commented Apr 18, 2013 at 0:03

2 Answers 2

Reset to default
2

%c displays chars (single characters), %s displays NULL-terminated char*s (strings):

HANDLE ExeBaseAddress = GetModuleHandleA(0);

char *uNameAddr = (char*) ExeBaseAddress + 0x34F01C;
printf("%s \n", uNameAddr);

Notice that I also tidied up the pointer casting, but the important thing is I got rid of the final dereference (* at the front) and assigned it to a char* (pointer) instead of a char.

If your string isn't NULL-terminated (unlikely), you will need to use %.*s and pass the length of your string too.

As for the second part of your question:

*(char*)((char*) ExeBaseAddress + 0x34F01C)

let's break it down. Inside the brackets (therefore the first thing to be evaluated) is this:

(char *) ExeBaseAddress + 0x34F01C

Well that's a C cast (casting the HANDLE to a char*) followed by an addition. In other words, it says "Treat this thing as if it is a pointer to some memory, then look ahead by 0x34F01C bytes of memory" (char is always 1 byte). It is now a pointer to a new position in memory.

Then we get out of the brackets and cast to char* again... needlessly. It could have been:

*((char*) ExeBaseAddress + 0x34F01C)

and finally we dereference (the * at the front), which says "Now tell me what the bit of memory you're pointing to is". But in this case you don't want that, because you want the whole string, not just the first letter (inside printf, it loops along the memory you send it printing each character until it finds a 0, aka \0 aka NULL).

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks. :) This works. Anyways, I also had the question about the multilevel pointer. Can you shed some light?
Oh I get it now. so the first * was the reason I'm getting only the first char. Thanks.
I updated the question. Can you please check? Its about the comparing.
@user1553142 that's a new question really, but I'll let you off! You're comparing two char* pointers, and even though the strings have the same value, they are distinct strings, so are not equal. You need to use if(strcmp(uNameAddr,"whatever")==0) to check their values for equality (which, internally, loops along them checking if every character is the same).
(this sort of thing gets abstracted by most languages, but C is all about giving you near-direct control of the program)
2

char uNameAddr is a character, you need a list of chars (or char*)

try this instead:

char* name= (char*)((char*)ExeBaseAddress + 0x34F01C);
printf("%s \n", name);

What does *(char*)((char*) mean?

(char*)ExeBaseAddress treat ExeBaseAddress as a pointer to some data of type char

((char*)ExeBaseAddress + 0x34F01C) means add 0x34F01C to the above pointer to offset it by 0x34F01C chars

(char*)((char*)ExeBaseAddress + 0x34F01C) means treat this new address as pointer to some chars

*(char*)((char*)ExeBaseAddress + 0x34F01C) take the contents of the first char at that location

char uNameAddr = *(char*)((char*)ExeBaseAddress + 0x34F01C); means put that character into the char sized variable called uNameAddr.

So basically you had a pointer, you offset it, and then took the first character and printed it.

In the example I gave note how I don't take the firat character, and I put it a pointer variable.

Then I used %s in the printf to make it print out all the chars potnted to by name.

Improve this answer

2 Comments

Note that the (char*)((char*)ExeBaseAddress + 0x34F01C) step is redundant, as ((char*)ExeBaseAddress + 0x34F01C) is already a char*.
HANDLE ExeBaseAddress is not a char but 32 bit in no? the first cast is safe no? The second it not needed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.