4

I recently learned how to find base addresses of a process with Cheat Engine. I did it on Windows XP with Solitaire and I found a base address for score (something like 000AABBC) and that address never changed.

So I made a C++ program which used WriteProcessMemory(); (I just passed that address) and it was working every time. Now I'm doing it on Windows 7, I find the base address, but it's a pointer and the address it's pointing to changes everytime. When I check the pointer address it says "solitaire.exe"+000BAFD8. So how do I use it in the code like I did earlier?

AstroCB
  • 12,337
  • 20
  • 57
  • 73
user3478487
  • 1,165
  • 2
  • 8
  • 10

1 Answers1

2

You can enumerate the modules of a process and get their base address, in this case the address of the module solitaire.exe. This should give you a consistent address regardless of ASLR.

See: Getting a list of DLLs currently loaded in a process C#

Community
  • 1
  • 1
Zachary Canann
  • 1,131
  • 2
  • 13
  • 23