 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hackket_bboy
How do I cheat?
![]() Reputation: 0
Joined: 21 Aug 2013
Posts: 4
|
 Posted: Thu Mar 17, 2016 10:50 am Post subject: Find start address of a DLL |
 |
|
I use CE to find out some static address like XIProject.dll + 0x1
I have a block of C++ code that show loaded modules. But it only shows 5 modules: main.exe, ntdll.dll, wow64.dll, wow64win.dll, wow64cpu.dll.
I know main.exe it uses more than these DLLs
Target of mine is find the start address of XIProject.dll using C++ or C#
I took research and have this code, it shows me about result.
| Code: |
BOOL ListProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == INVALID_HANDLE_VALUE)
{
//printError(TEXT("CreateToolhelp32Snapshot (of modules)"));
return(FALSE);
}
// Set the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module,
// and exit if unsuccessful
if (!Module32First(hModuleSnap, &me32))
{
//printError(TEXT("Module32First")); // Show cause of failure
CloseHandle(hModuleSnap); // Must clean up the snapshot object!
return(FALSE);
}
// Now walk the module list of the process,
// and display information about each module
do
{
_tprintf(TEXT("\n\n MODULE NAME: %s"), me32.szModule);
_tprintf(TEXT("\n executable = %s"), me32.szExePath);
_tprintf(TEXT("\n process ID = 0x%08X"), me32.th32ProcessID);
_tprintf(TEXT("\n ref count (g) = 0x%04X"), me32.GlblcntUsage);
_tprintf(TEXT("\n ref count (p) = 0x%04X"), me32.ProccntUsage);
_tprintf(TEXT("\n base address = 0x%08X"), (DWORD)me32.modBaseAddr);
_tprintf(TEXT("\n base size = %d"), me32.modBaseSize);
} while (Module32Next(hModuleSnap, &me32));
_tprintf(TEXT("\n"));
// Do not forget to clean up the snapshot object.
CloseHandle(hModuleSnap);
return(TRUE);
}
|
[/code]
| Description: |
|
| Filesize: |
41.11 KB |
| Viewed: |
8339 Time(s) |
|
|
|
| Back to top |
|
 |
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Thu Mar 17, 2016 11:19 am Post subject: |
|
|
| Code: | | hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwPID); |
Try that instead of yours, because when this function is called from a 64bit application, it only gives back the 64bit modules (which would be the five you've listed above). To also include the 32bit modules, you have to include the second param too.
|
|
| Back to top |
|
|
hackket_bboy
How do I cheat?
![]() Reputation: 0
Joined: 21 Aug 2013
Posts: 4
|
| Posted: Thu Mar 17, 2016 6:32 pm Post subject: |
|
|
| hhhuut wrote: | | Code: | | hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwPID); |
Try that instead of yours, because when this function is called from a 64bit application, it only gives back the 64bit modules (which would be the five you've listed above). To also include the 32bit modules, you have to include the second param too. |
You saved me. Thank you.
To the others programmers who are looking for solution of this:
There are 2 ways to do:
1. Make x86 application, use the code block I posted.
2. Let it be x64 application, use the code block I posted + modify it as hhhuut said.[/b]
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
