c/c ++如何获取.exe运行进程的基地址? [英] c/c++ how can i get base address of .exe running process?
问题描述
我在寻找一种方法/函数,可以用来获取"program.exe" + 03262C08->的基地址.B4895A0 .该地址来自作弊引擎,并且已通过Pointer扫描程序找到了基址.在指针扫描器中,我可以按 show module list ,然后从地址 00400000 program.exe 开始有 program.exe 的地址.扫描了指针扫描器以查找地址 09c3000 (我要在基地址+许多偏移量[最终地址]之后到达的地址).该地址是某些对象的基础,但我无法到达该地址.我只能在 00400000 处获取exe文件的基地址.我正在尝试从指针 03262C08 (和其他指针)添加偏移量,但是我仍然无法到达该地址.我不能使用函数 FindWindow().因为该程序的名称将被更改,因此坚持下去将是多余的.我正在使用 OpenProcess(),EnumProcessModulesEx(),GetModuleFileNameEx()函数.我也尝试了其他方法,例如 GetModuleInformation(),... ,结果相同. GetModuleHandle()以结果 0x126 [ERROR_MOD_NOT_FOUND] 结尾.我正在使用64位OS,并且试图获取另一个进程的基地址.我可以看到本地计算机上的所有进程以及程序"进程的模块.
Im looking for a method/function that i can use to get base address of "program.exe"+03262C08 -> B4895A0. This address is from Cheat Engine and base address has been found with Pointer scanner. In pointer scanner i can press show module list and there is address of program.exe starting at address 00400000 program.exe. Pointer scanner was scanned for address 09c3000(The address which i want to reach after base address+many offsets[the final address]). This address is base for certain object but i cant reach the address. I'm able to get only base address of exe file at 00400000. I'm trying to add offsets from pointer 03262C08(and the others) but i cant still reach the address. I cant use function FindWindow(). Becouse a name of the program will be changing and it will be redundant to stick with it. I'm using OpenProcess(), EnumProcessModulesEx(), GetModuleFileNameEx() functions. I have tried others as well like GetModuleInformation(),... with the same result. GetModuleHandle() ended with result 0x126 [ERROR_MOD_NOT_FOUND]. I'm using 64 bit OS and I'm trying to get base address of another process.
I can see all processes on local machine and modules of "program" process.
if (!K32EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) {
return 1;
}
cProcesses = cbNeeded / sizeof(DWORD);
cout << setw(15) << left << "Process ID" << setw(10) << left << "Modules";
cout << setw(30) << left << "Process Name" << endl;
for (i = 0; i < cProcesses; i++) {
if (aProcesses[i] != 0) {
ProcessView::GetProccesses(aProcesses[i], modules, sizeModules, &cModules, &hCurrProcess);
if (hCurrProcess != NULL) {
cout << endl << setw(15) << left << aProcesses[i] << setw(10) << left << cModules;
ProcessView::PrintModuleName(hCurrProcess, modules);
CloseHandle(hCurrProcess);
}
}
}
ProcessView::GetProccesses(cProcesses, modules, sizeModules, &cModules, &hCurrProcess);
system("cls");
ProcessView::PrintModuleNameAll(hCurrProcess, modules, cModules);
我在这里从我创建的ProcessView.h文件中的示例中添加了功能定义.
I added here definition of function in example from ProcessView.h file that i have created.
static void GetProccesses(_In_ DWORD processID, _Inout_ HMODULE ahModules[], _In_ int sizeModules, _Out_ DWORD* cModules, _Out_ HANDLE* hProcess);
static void PrintModuleName(_In_ HANDLE processID, _In_ HMODULE* modules);
static void PrintModuleNameAll(_In_ HANDLE hProcess, _In_ HMODULE * modules, _In_ DWORD cModules);
推荐答案
Windows大约十年来一直在使用地址空间布局随机化",但是EXE中的模块库远不如此.只需忽略它,它现在变得毫无意义.
Windows has been using Address Space Layout Randomization for about a decade now, but the module base in EXE's is far older than that. Simply ignore it, it's now meaningless.
请不要忘记:每个进程都有自己的地址空间.一个进程中的指针在另一个进程中是没有意义的.
And don't forget: each process has its own address space. A pointer in one process is meaningless in the other.
这篇关于c/c ++如何获取.exe运行进程的基地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
