mibiz Posted January 28, 2010 Share Posted January 28, 2010 Hi,I'm trying to get the base address of a process but having problems getting to work. In CE, I have a 2 level pointer:game.exe+00650454 offset 28 offset 2c8brings to address 0x12BF4238 having a 4-byte value of 694break down of addresses in CE:game.exe >> address 0x00905A4Dgame.exe+00650454 >> address 0x05BFA808game.exe+00650454 + offset 28 >> address 0x05BFA830Running this AutoIt script:#include <Array.au3> #include <NomadMemory.au3> ;because you need this for _memread functions Global $winProcess = "game.exe", $pidProcess = ProcessExists($winProcess) Global $offsetStatic = "00650454", $hProcess, $baseMem1, $baseMem2 SetPrivilege("SeDebugPrivilege", 1) $hProcess = _MemoryOpen($pidProcess) If @Error Then MsgBox (16, "", "Error opening process: " & $pidProcess & " [ code: " & @error & "]") Exit EndIf $baseMem1 = _MemoryGetBaseAddress($hProcess, 1) If @Error Then MsgBox (16, "", "Error getting base address: " & $pidProcess & " [ code: " & @error & "]") Exit EndIf $baseMem2 = "0x" & Hex($baseMem1 + Dec($offsetStatic)) _MemoryClose($hProcess) MsgBox(64, "", $pidProcess & " ] " & @CRLF & _ Hex($baseMem1) & " - " & $baseMem2)gives Hex($baseMem1) = 0x002C0000 and $baseMem2 = 0x00910454I'm using this Nomad Memory from this post. I've also read these posts: 1 & 2.TIA,mib Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now