View previous topic :: View next topic |
Author |
Message |
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Tue Jun 06, 2017 10:53 pm Post subject: Reading module address failed.... |
|
|
Please take a look at the following code:
Code: |
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
//function for string comparison
int strcompare(const wchar_t* One, const wchar_t* Two, bool CaseSensitive)
{
#if defined _WIN32 || defined _WIN64
return CaseSensitive ? wcscmp(One, Two) : _wcsicmp(One, Two);
#else
return CaseSensitive ? strcmp(One, Two) : strcasecmp(One, Two);
#endif
}
//Read module information..
MODULEENTRY32 GetModuleInfo(std::uint32_t ProcessID, const wchar_t* ModuleName)
{
void* hSnap = nullptr;
MODULEENTRY32 Mod32 = { 0 };
if ((hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID)) == INVALID_HANDLE_VALUE)
return Mod32;
Mod32.dwSize = sizeof(MODULEENTRY32);
while (Module32Next(hSnap, &Mod32))
{
if (!strcompare(ModuleName, Mod32.szModule, false))
{
CloseHandle(hSnap);
return Mod32;
}
}
CloseHandle(hSnap);
return{ 0 };
}
int main()
{
//get process ID and the base module address
HWND windowHandle = FindWindowW(NULL, L"calc.exe");
DWORD processID;
GetWindowThreadProcessId(windowHandle, &processID);
BYTE* BaseAddr = GetModuleInfo(processID, L"calc.exe").modBaseAddr;
int i = 0;
std::cout << "BASE ADDRESS: " << (void*)BaseAddr << "\n";
std::cin >> i;
return 0;
}
|
However, the returned base address is always: "00000000".....
What went wrong? _________________
**************
A simple example is better then ten links.
Last edited by Dr.Disrespect on Fri Jun 09, 2017 3:49 pm; edited 1 time in total |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Wed Jun 07, 2017 5:53 pm Post subject: |
|
|
Walk through the code via debugging and see where it's failing at.
On another note, you shouldn't be returning a local variable of a function the way you are doing inside of the GetModuleInfo function. Doing this is not guaranteed to be valid and can lead to incorrect information and false assumptions on what it should be doing.
You should pass a pointer to a MODULEENTRY32 object and fill that instead upon finding the valid module you want. _________________
- Retired. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Jun 08, 2017 3:12 pm Post subject: |
|
|
atom0s wrote: | Walk through the code via debugging and see where it's failing at.
On another note, you shouldn't be returning a local variable of a function the way you are doing inside of the GetModuleInfo function. Doing this is not guaranteed to be valid and can lead to incorrect information and false assumptions on what it should be doing.
You should pass a pointer to a MODULEENTRY32 object and fill that instead upon finding the valid module you want. |
I changed the code a little bit, but this part always return 0:
Code: |
HANDLE HSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0);
PROCESSENTRY32 PE32;
PE32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(HSnap, &PE32) == 0) { <------ this condition is always met, which is not good.....
CloseHandle(HSnap);
return 0;
}
|
_________________
**************
A simple example is better then ten links. |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Thu Jun 08, 2017 3:26 pm Post subject: |
|
|
Are you compiling under the correct bit type for the project? 32bit processes cannot access 64bit process modules etc. You need to be sure that if your target is 64bit that you are compiling your program for 64bit as well.
Also you are trying to snapshot the module list of process 0, which in general cases you do not have proper permissions to. You sure you are wanting process 0's modules and that you didn't forget to pass it the proper process id instead? _________________
- Retired. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Jun 08, 2017 3:40 pm Post subject: |
|
|
atom0s wrote: | Are you compiling under the correct bit type for the project? 32bit processes cannot access 64bit process modules etc. You need to be sure that if your target is 64bit that you are compiling your program for 64bit as well.
Also you are trying to snapshot the module list of process 0, which in general cases you do not have proper permissions to. You sure you are wanting process 0's modules and that you didn't forget to pass it the proper process id instead? |
Thanks for the reply. I think I have compiled the right way.
I'm new to WINAPI, so I don't know how to answer your question about the process 0 issue.... I thought what this code did was to get all the module names and try to match them with the name given by me, and when it gets a hit, it returns the module base address ...
All I want to do is just read the module base address, and add an offset, and change the value at that offset. It seems so hard for me. _________________
**************
A simple example is better then ten links.
Last edited by Dr.Disrespect on Fri Jun 09, 2017 3:49 pm; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Thu Jun 08, 2017 5:20 pm Post subject: |
|
|
your original code is missing module32first
your second code uses TH32CS_SNAPMODULE while it probably needed to usa TH32CS_SNAPPROCESS
tip: google the individual API's you use and read their documentation _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Jun 08, 2017 7:51 pm Post subject: |
|
|
Dark Byte wrote: | your original code is missing module32first
your second code uses TH32CS_SNAPMODULE while it probably needed to usa TH32CS_SNAPPROCESS
tip: google the individual API's you use and read their documentation |
Thanks a lot, DB. I will follow your advice. _________________
**************
A simple example is better then ten links. |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Fri Jun 09, 2017 2:58 pm Post subject: |
|
|
Code: | __int64 GetModuleBaseAddr(LPCWSTR ProcessName, LPCWSTR ModuleName) {
HANDLE HSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0); |
The first line of your code here, TH32CS_SNAPMODULE is wrong. This should be TH32CS_SNAPPROCESS instead. _________________
- Retired. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Fri Jun 09, 2017 3:48 pm Post subject: |
|
|
atom0s wrote: | Code: | __int64 GetModuleBaseAddr(LPCWSTR ProcessName, LPCWSTR ModuleName) {
HANDLE HSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0); |
The first line of your code here, TH32CS_SNAPMODULE is wrong. This should be TH32CS_SNAPPROCESS instead. |
Thanks to both of you, atom0s and Db, the problem is solved.
BTW,atom0s, is QT a good IDE for C++ programming? _________________
**************
A simple example is better then ten links. |
|
Back to top |
|
|
|