Hello!
Something I'm stupid ... In general, how can I read the bytes following the first four? Here is a picture where everything is perfectly visible , in which everything is indicated. I work in Olka. I understand, the question may be stupid, but still I ask for your help ...
Well, even if, say, I understood how to read data from memory. Now it became clear that our 4 0x797000 are stored at 0x797000 (those in EAX' e), which means 0020(20) in 0x797002 , 041A in 0x797003 , 043E and so on .. But, let's say, ReadProcessMemory I try to read these bytes from memory with the readProcessMemory function, I don’t get anything out of it — only those "cherished" bytes are read that are in eax:
void *lp = VirtualAllocEx(feed,(void*)0x401000,8,MEM_COMMIT,PAGE_READWRITE); DWORD wc; void *buff; BOOL bl = ReadProcessMemory(feed,lp,&buff,8,&wc); /// 002E0022... Thank you, friends!
