0

The base address I found for a memory location in an application was in the syntax "application_name.exe" + 0007856 (<- or any other number, this is just an example). My question is, how would I find the address for "application_name.exe" in C++? I'm not sure but this was the method I used:

HANDLE proc_handle = OpenProcess(//parameters go here to open the process);
void * base_add = (void*)proc_handle;    //to store the address of the process

If that method is correct, the first question I asked on how to get the application's address is answered which leads me to my second question: since the base address for the specific memory location was "application_name.exe" + 0007856, can I just do this?:

DWORD specific_memory_base_add = (DWORD)base_add + 0x0007856

Can I use the address I found from "application_name.exe" and add it to 0x0007856 using +? I've tried it and it didn't seem to work. If that is not correct, what is the correct method?

4

2 回答 2

2

在另一个进程中检索模块的基地址需要枚举该进程的模块并检索模块名称以找到匹配项。

枚举加载到进程调用中的模块EnumProcessModules。获得模块列表后,调用GetModuleBaseName每个模块以找到您要查找的模块 (application_name.exe)。该HMODULE模块的 是指向模块开头的指针(在目标进程的地址空间中),它是基地址。您可以使用它来添加偏移量。

于 2013-10-28T02:09:34.390 回答
0

假设你在谈论 Windows(你应该标记winapi吗?)你可以得到一个加载模块的基地址GetModuleHandle()。模块在加载之前没有基地址(尽管链接器可以指定首选基地址,但加载器不必使用/尊重它)。

于 2013-10-28T00:17:13.363 回答