| View previous topic :: View next topic |
| Author |
Message |
DarkS1d3
Newbie cheater
![]() Reputation: 0
Joined: 27 Dec 2014
Posts: 11
|
 Posted: Tue Apr 23, 2019 5:23 am Post subject: Memoryscanner module size |
 |
|
I currently working on a memory scanner and have been searching around and cant seem to find any solution to my problem, most examples i have seen uses the same "solution" as i do in the script below
The issue i have is that when i try to list all modules and i always get incorrect "EndAddress" aka size of the main .exe. however all the dlls lists just fine.
Anyone have any tips on how to solve this? (tried GetModuleInformation also, same result)
| Code: |
function GetModuleInfo(pID:integer; Module:string; out BaseAddy:integer; out EndAddy:integer):boolean;
var
SnapShot:tHandle;
GetModuleInfo:tModuleEntry32;
NotLastModule:boolean;
begin
result := false;
BaseAddy := 0;
EndAddy := 0;
SnapShot := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pID);
GetModuleInfo.dwSize := SizeOf(GetModuleInfo);
NotLastModule := Module32First(SnapShot, GetModuleInfo);
while NotLastModule = true do begin
if (GetModuleInfo.szModule = Module) then begin
result := true;
BaseAddy := integer(GetModuleInfo.modBaseAddr);
EndAddy := integer(GetModuleInfo.modBaseAddr)+ GetModuleInfo.modBaseSize;
break;
end;
NotLastModule := Module32Next(SnapShot, GetModuleInfo);
end;
CloseHandle(SnapShot);
end;
|
PlantsVsZombies.exe should end at 00815000 (which CE states in the memory regions table) yet i always get 00628000 (Have used this methode and GetModuleInformation)
repeat "however all the dlls lists just fine"
| Code: |
00400000
00628000
PlantsVsZombies.exe
C:\Program Files\Plants vs Zombies\PlantsVsZombies.exe
77910000
77AAC000
ntdll.dll
C:\Windows\SYSTEM32\ntdll.dll
75D90000
75E70000
KERNEL32.DLL
C:\Windows\System32\KERNEL32.DLL
75B40000
75D3A000
KERNELBASE.dll
C:\Windows\System32\KERNELBASE.dll
6A510000
6A5AC000
apphelp.dll
C:\Windows\SYSTEM32\apphelp.dll
759A0000
75B39000
USER32.dll
C:\Windows\System32\USER32.dll
75020000
75037000
win32u.dll
C:\Windows\System32\win32u.dll
|
My guess? is that the game is packed and gets unpacked and the ModuleSize is just a value set when its allocated into memory the first time? anyway i guess there is a cleaver way of doing this and i hope someone could give me some help.
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Wed Apr 24, 2019 3:36 pm Post subject: |
|
|
useless, data stored in "popcap1" executable.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
|
| Posted: Thu Apr 25, 2019 12:13 am Post subject: |
|
|
The size you are getting from that API is not going to account for all the custom regions that are allocated by the process and such. You are only getting the size of the module itself. If you want to get all the regions of the process, you need to enumerate them with something such as VirtualQuery/VirtualQueryEx.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
