There are a couple of ways to go about it, I'll tell you the ones I know:
1. Use a memory scanning tool to find out your address and then find the pointer + offset ( ollydbg, Cheat Engine etc...)
once you have found the pointer + offset do this:
1 2 3 4 5 6
|
unsigned long pointer = 0x123456; // arbitrary numbers
unsigned long offset = 0xEC; // arbitrary numbers
unsigned long address = pointer + offset;
ReadProcessMemory(appHandle, (LPVOID)address, (LPVOID) &buffer, buffersize, 0);
| |
declare a buffer to hold your value and the size of the buffer and that should be it.
The second method requires more work:
2. Read through every address (filtering out as necessary with VirtualQueryEx) until you hit the desired bytes.
So lets say your value in bytes is 01 02 03 04 05 06 just read the memory and repeat until you get these bytes, also there should be a range that you can filter, for example the address should be within these memory region:
just look at where the addresses you get and you should be able to determine.