U can also try ro read it without the base added and see if it works.
Some other things:
Where does $885D64 come from?
I saw that you use PeekI() on the result which i dont understand.
When trying to get the base its best to iterate through all modules even thought
the first one is probably always the executable base.
Some code i threw together:
Code: Select all
EnableExplicit
Procedure.i memBase(ProcessId.i,Name.s)
Protected handle.i
Protected me32.MODULEENTRY32
Protected base.i
handle = CreateToolhelp32Snapshot_(#TH32CS_SNAPMODULE32|#TH32CS_SNAPMODULE,ProcessId)
If Not handle = #INVALID_HANDLE_VALUE
me32\dwSize = SizeOf(MODULEENTRY32)
If Module32First_(handle,@me32)
Name = LCase(Name)
Repeat
If LCase(PeekS(@me32\szModule)) = Name
base = me32\modBaseAddr
Break
EndIf
Until Module32Next_(handle,@me32) = #False
EndIf
CloseHandle_(handle)
EndIf
ProcedureReturn base
EndProcedure
Procedure.i Main()
Protected hwnd.i
Protected pid.i
Protected hproc.i
Protected base.i
Protected address.i
hwnd = FindWindow_(#Null,"Barony")
If hwnd
GetWindowThreadProcessId_(hwnd,@pid)
Debug "hwnd: 0x" + Hex(hwnd)
Debug "pid: " + pid
hproc = OpenProcess_(#PROCESS_ALL_ACCESS,#False,pid)
If hproc
Debug "hproc: 0x" + Hex(hproc)
base = memBase(pid,"Barony.exe");<-not sure what the exe name is!
Debug "base: 0x" + Hex(base)
ReadProcessMemory_(hproc,base + $A55D64,@address,4,#Null);<- a pointer is 4 bytes according to CE
If address
Debug "addr1: 0x" + Hex(address)
ReadProcessMemory_(hproc,address + $110,@address,4,#Null)
If address
Debug "addr2: 0x" + Hex(address)
ReadProcessMemory_(hproc,address,@address,4,#Null)
If address
Debug "health: " + Str(address)
EndIf
EndIf
EndIf
CloseHandle_(hproc)
EndIf
EndIf
ProcedureReturn #Null
EndProcedure
Main()
End
