EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 202 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: AnthonyFurey3

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Kimler hatta?
Toplam 1 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 1 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 92 kişi Paz Ağus. 28, 2016 6:58 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

[C#] Getting the BaseAddress of a program

Önceki başlık Sonraki başlık Aşağa gitmek

[C#] Getting the BaseAddress of a program

Mesaj tarafından EMO Bir Perş. Haz. 02, 2011 8:44 am

Hi!



I'm fairly new to C# but I have experienced a bit more with C++. Now I'm
trying to get a value from another process using Visual Studio 2008 and
C#.



I have tried this code to get the base address:

Code:

hProc = OpenProcess(dwAllAccess, true, (uint)Process.GetProcessesByName("MineSweeper")[0].Id);

ProcessModule myProcessModule;

ProcessModuleCollection myProcessModuleCollection = hProc.Modules;

myProcessModule = hProc.MainModule;



I get this error:

Code:
'System.IntPtr'
does not contain a definition for 'Modules' and no extension method
'Modules' accepting a first argument of type 'System.IntPtr' could be
found (are you missing a using directive or an assembly reference?)



I can't figure out what's wrong. The program hooks to the process just
fine but the error comes in as I try to get the base address.



EDIT: With base address I mean the address in which I add the
offset/address of the value. Like [minesweeper.exe] + 0007E1BC to get
the grid height.

Hey DaHandy



Try this



Code:

System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("MineSweeper");



int base = processes[0].MainModule.BaseAddress.ToInt32();

Thanks!



Now I got rid of the error but the base address still isn't correct... :/



Here is my code:



Code:
hProc = OpenProcess(dwAllAccess, true, (uint)Process.GetProcessesByName("MineSweeper")[0].Id);

System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("MineSweeper");

int base_adr = processes[0].MainModule.BaseAddress.ToInt32();



int height_offset = 0x0007E1BC;

//height_adr is declared earlier

height_adr = (IntPtr)(base_adr + height_offset);



txt_base.Text = "Base: " + base_adr.ToString("X");

txt_height.Text = "Height: " + height_adr.ToString("X");



The base address is always way too big. Example:

Cheat Engine tells me that it is 000016EC

My program tells me that it is 00EB0000



What is wrong?

Ok first get rid of the native OpenProcess method, its not needed.



The address tht CE gives you is the "EntryPointAddress", so use this ...

Code:

Process[] processes = Process.GetProcessesByName("MineSweeper");



Process mProc= processes[0];

IntPtr hProc = mProc.Handle;



int base_adr = mProc.MainModule.EntryPointAddress.ToInt32();

int height_offset = 0x0007E1BC;



height_adr = (IntPtr)(base_adr + height_offset);





Hmm this is weird... With this code



Code:
Process[] processes = Process.GetProcessesByName("MineSweeper");

Process mProc = processes[0];

IntPtr hProc = mProc.Handle;



int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32();

int height_offset = 0x0007E1BC;

height_adr = (IntPtr)(base_adr + height_offset);



ckFreezeFlag.Text = "Base: " + base_adr.ToString("X");

ckFreezeMines.Text = "Height: " + height_adr.ToString("X");



I get a different address but it still isn't correct. Example:

Cheat Engine tells me that it is 00000B00

My program tells me that it is 0026E08F



EDIT: I also tried to change

Code:
int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32();

to

Code:
int base_adr = mProc.MainModule.EntryPointAddress.ToInt32();

but it changes nothing.



When Cheat Engine tells me that the Entry Point is 00000B00,
minesweeper.exe+7E1BC should be 002BE1BC. That means that
minesweeper.exe cannot be the same as 00000B00 since 00000B00+7E1BC =
0007ECBC.



EDIT2: Sorry! Actually the base address is the correct one to use here! Thanks for your help!




--------------


Maybe later you will need a code for another module name, so... i have made this snippet, perhaps can help.



Code:
private static IntPtr GetModuleBaseAddress(string AppName, string ModuleName)

{

IntPtr BaseAddress = IntPtr.Zero;

Process[] myProcess = null;

ProcessModule myProcessModule = null;



myProcess = Process.GetProcessesByName(AppName);



if (myProcess.Length > 0)

{

ProcessModuleCollection myProcessModuleCollection;



try

{

myProcessModuleCollection = myProcess[0].Modules;

}

catch { return IntPtr.Zero; /*Maybe would be ok show the exception after/instead return*/ }



for (int i = 0; i < myProcessModuleCollection.Count; i++)

{

myProcessModule = myProcessModuleCollection[i];

if (myProcessModule.ModuleName.Contains(ModuleName))

{

BaseAddress = myProcessModule.BaseAddress;

break;

}

}

}



return BaseAddress;

}



Regards.






You can also use Linq to do easy searching and to
remove the need for try/catching since FirstOrDefault / SingleOrDefault
help us with default returns:



Code:
///

/// Locates a process.

///


///

///

private Process findProcess(String ProcessName)

{

Process proc = (from Process p in Process.GetProcesses()

where p.ProcessName.ToLower() == ProcessName.ToLower()

select p).FirstOrDefault();

return proc;

}



///

/// Locates a module.

///


///

///

///

private ProcessModule findModule(Process proc, String ModuleName)

{

if (proc == null)

return null;



ProcessModule mod = (from ProcessModule m in proc.Modules

where m.ModuleName.ToLower() == ModuleName.ToLower()

select m).FirstOrDefault();

return mod;

}



Usage example:

Code:

Process myProcess = findProcess("firefox");

ProcessModule myModule = findModule(myProcess, "firefox.exe");
avatar
EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 110693
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön

- Similar topics

 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz