Getting base address of a process

Question

I'm trying to make a program that read the timer value from Minesweeper. (OS is windows 7 64bit)

Using cheat engine I found the base address of the variable, but it changes every time I run Minesweeper.

What do I need to do to find out the base address automatically?

Does it have something to do with the executable base address?

Here's my code:

#include <windows.h>
#include <iostream>
using namespace std;



int main()
{
    DWORD baseAddress = 0xFF1DAA38;//always changing
    DWORD offset1 = 0x18;
    DWORD offset2 = 0x20;
    DWORD pAddress1;
    DWORD pAddress2;

    float value = 0;
    DWORD pid;
    HWND hwnd;

    hwnd = FindWindow(NULL,"Minesweeper");
    if(!hwnd)//didn't find the window
    {
        cout <<"Window not found!\n";
        cin.get();
    }
    else
    {
        GetWindowThreadProcessId(hwnd,&pid);
        HANDLE phandle = OpenProcess(PROCESS_VM_READ,0,pid);//get permission to read
        if(!phandle)//failed to get permission
        {
            cout <<"Could not get handle!\n";
            cin.get();
        }
        else
        {
            ReadProcessMemory(phandle,(void*)(baseAddress),&pAddress1,sizeof(pAddress1),0);
            ReadProcessMemory(phandle,(void*)(pAddress1 + offset1),&pAddress2,sizeof(pAddress2),0);
            while(1)
            {
                ReadProcessMemory(phandle,(void*)(pAddress2 + offset2),&value,sizeof(value),0);
                cout << value << "\n";
                Sleep(1000);
            }
        }
    }
}

Serj-Tm · Answer 1 · 2012-04-07T23:00:18.900

7

#pragma comment( lib, "psapi" )

DWORD GetModuleBase(HANDLE hProc, string &sModuleName) 
{ 
   HMODULE *hModules; 
   char szBuf[50]; 
   DWORD cModules; 
   DWORD dwBase = -1; 
   //------ 

   EnumProcessModules(hProc, hModules, 0, &cModules); 
   hModules = new HMODULE[cModules/sizeof(HMODULE)]; 

   if(EnumProcessModules(hProc, hModules, cModules/sizeof(HMODULE), &cModules)) { 
      for(int i = 0; i < cModules/sizeof(HMODULE); i++) { 
         if(GetModuleBaseName(hProc, hModules[i], szBuf, sizeof(szBuf))) { 
            if(sModuleName.compare(szBuf) == 0) { 
               dwBase = (DWORD)hModules[i]; 
               break; 
            } 
         } 
      } 
   } 

   delete[] hModules; 

   return dwBase; 
}

edited Apr 07 '12 at 23:00

answered Apr 07 '12 at 17:35

Serj-Tm

16,581
4
54
61

I've included and and tried to use it this way: `GetModuleBase(phandle, (string)"Minesweeper.exe");` But I get this error: `error LNK2019: unresolved external symbol _GetModuleBaseNameA@16 referenced in function "unsigned long __cdecl GetModuleBase...` and `error LNK2019: unresolved external symbol _EnumProcessModules@16 referenced in function "unsigned long __cdecl GetModuleBase...`. Perhaps you can give a working example? – yoni0505 Apr 07 '12 at 20:37
1

@yoni0505 add #pragma comment( lib, "psapi" ) – Serj-Tm Apr 07 '12 at 23:00
2

I've added the line and the program compiles. But it gives me this error: `Run-Time Check Failure #3 - The variable 'hModules' is being used without being initialized.`, followed by `Unhandled exception at 0x770215de in Minesweeper Timer.exe: Microsoft C++ exception: std::bad_alloc at memory location 0x0034f8f8..` and `Unhandled exception at 0x770215de in Minesweeper Timer.exe: 0x00000000: The operation completed successfully.` – yoni0505 Apr 08 '12 at 19:42

Getting base address of a process

1 Answers1

Linked