Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
532 views
in Technique[技术] by (71.8m points)

windows - How to get the starting/base address of a process in C++?

I'm testing this whole base/static pointer thing by using it on Microsoft's Spider Solitaire. So I got the base pointer of the amount of "moves" the player has used, and cheat engine tells me it's "SpiderSolitaire.exe+B5F78". So now I'm stuck on how to figure out what the starting address is of SpiderSolitaire.exe (of course this changes every time the program starts). How do I find the starting address of SpiderSolitaire.exe so I can add the offsets and get the real address of the "moves" value (in c++ of course)?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Here's another way, written in Visual Studio 2015 but should be backwards compatible.

#define PSAPI_VERSION 1
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>

// To ensure correct resolution of symbols, add Psapi.lib to TARGETLIBS
#pragma comment(lib, "psapi.lib")

void GetBaseAddressByName(DWORD processId, TCHAR *processName)
{
    TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");

    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
        PROCESS_VM_READ,
        FALSE, processId);

    if (NULL != hProcess)
    {
        HMODULE hMod;
        DWORD cbNeeded;

        if (EnumProcessModulesEx(hProcess, &hMod, sizeof(hMod),
            &cbNeeded, LIST_MODULES_32BIT | LIST_MODULES_64BIT))
        {
            GetModuleBaseName(hProcess, hMod, szProcessName,
                sizeof(szProcessName) / sizeof(TCHAR));
            if (!_tcsicmp(processName, szProcessName)) {
                _tprintf(TEXT("0x%p
"), hMod);
            }
        }
    }

    CloseHandle(hProcess);
}

int main(void)
{
    DWORD aProcesses[1024];
    DWORD cbNeeded;
    DWORD cProcesses;

    // Get the list of process identifiers.
    if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
        return 1;

    // Calculate how many process identifiers were returned.
    cProcesses = cbNeeded / sizeof(DWORD);

    // Check the names of all the processess (Case insensitive)
    for (int i = 0; i < cProcesses; i++) {
        GetBaseAddressByName(aProcesses[i], TEXT("SpiderSolitaire.exe"));
    }

    return 0;
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...