| View previous topic :: View next topic |
| Author |
Message |
DaHandy
Newbie cheater
![]() Reputation: 0
Joined: 03 Nov 2007
Posts: 18
|
 Posted: Sat Apr 16, 2011 9:09 am Post subject: [C#] Getting the BaseAddress of a program |
 |
|
Hi!
I'm fairly new to C# but I have experienced a bit more with C++. Now I'm trying to get a value from another process using Visual Studio 2008 and C#.
I have tried this code to get the base address:
| Code: |
hProc = OpenProcess(dwAllAccess, true, (uint)Process.GetProcessesByName("MineSweeper")[0].Id);
ProcessModule myProcessModule;
ProcessModuleCollection myProcessModuleCollection = hProc.Modules;
myProcessModule = hProc.MainModule; |
I get this error:
| Code: | | 'System.IntPtr' does not contain a definition for 'Modules' and no extension method 'Modules' accepting a first argument of type 'System.IntPtr' could be found (are you missing a using directive or an assembly reference?) |
I can't figure out what's wrong. The program hooks to the process just fine but the error comes in as I try to get the base address.
EDIT: With base address I mean the address in which I add the offset/address of the value. Like [minesweeper.exe] + 0007E1BC to get the grid height.
|
|
| Back to top |
|
 |
ej52
Cheater
![]() Reputation: 0
Joined: 29 Mar 2011
Posts: 39
Location: Mother City
|
| Posted: Sat Apr 16, 2011 9:50 am Post subject: |
|
|
Hey DaHandy
Try this
| Code: |
System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("MineSweeper");
int base = processes[0].MainModule.BaseAddress.ToInt32();
|
_________________
Hitler dNt HiDe WaT mOtHa NaTurE pRoViDe ...  |
|
| Back to top |
|
|
DaHandy
Newbie cheater
![]() Reputation: 0
Joined: 03 Nov 2007
Posts: 18
|
| Posted: Sat Apr 16, 2011 11:23 am Post subject: |
|
|
Thanks!
Now I got rid of the error but the base address still isn't correct... :/
Here is my code:
| Code: | hProc = OpenProcess(dwAllAccess, true, (uint)Process.GetProcessesByName("MineSweeper")[0].Id);
System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("MineSweeper");
int base_adr = processes[0].MainModule.BaseAddress.ToInt32();
int height_offset = 0x0007E1BC;
//height_adr is declared earlier
height_adr = (IntPtr)(base_adr + height_offset);
txt_base.Text = "Base: " + base_adr.ToString("X");
txt_height.Text = "Height: " + height_adr.ToString("X"); |
The base address is always way too big. Example:
Cheat Engine tells me that it is 000016EC
My program tells me that it is 00EB0000
What is wrong?
|
|
| Back to top |
|
|
ej52
Cheater
![]() Reputation: 0
Joined: 29 Mar 2011
Posts: 39
Location: Mother City
|
| Posted: Sat Apr 16, 2011 12:28 pm Post subject: |
|
|
Ok first get rid of the native OpenProcess method, its not needed.
The address tht CE gives you is the "EntryPointAddress", so use this ...
| Code: |
Process[] processes = Process.GetProcessesByName("MineSweeper");
Process mProc= processes[0];
IntPtr hProc = mProc.Handle;
int base_adr = mProc.MainModule.EntryPointAddress.ToInt32();
int height_offset = 0x0007E1BC;
height_adr = (IntPtr)(base_adr + height_offset);
|
_________________
Hitler dNt HiDe WaT mOtHa NaTurE pRoViDe ... |
|
| Back to top |
|
|
DaHandy
Newbie cheater
![]() Reputation: 0
Joined: 03 Nov 2007
Posts: 18
|
| Posted: Sat Apr 16, 2011 1:55 pm Post subject: |
|
|
Hmm this is weird... With this code
| Code: | Process[] processes = Process.GetProcessesByName("MineSweeper");
Process mProc = processes[0];
IntPtr hProc = mProc.Handle;
int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32();
int height_offset = 0x0007E1BC;
height_adr = (IntPtr)(base_adr + height_offset);
ckFreezeFlag.Text = "Base: " + base_adr.ToString("X");
ckFreezeMines.Text = "Height: " + height_adr.ToString("X"); |
I get a different address but it still isn't correct. Example:
Cheat Engine tells me that it is 00000B00
My program tells me that it is 0026E08F
EDIT: I also tried to change
| Code: | | int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32(); |
to
| Code: | | int base_adr = mProc.MainModule.EntryPointAddress.ToInt32(); |
but it changes nothing.
When Cheat Engine tells me that the Entry Point is 00000B00, minesweeper.exe+7E1BC should be 002BE1BC. That means that minesweeper.exe cannot be the same as 00000B00 since 00000B00+7E1BC = 0007ECBC.
EDIT2: Sorry! Actually the base address is the correct one to use here! Thanks for your help! 
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Apr 16, 2011 3:23 pm Post subject: |
|
|
Keep in mind, forcing the following line can throw exceptions:
You should do some error checking to be sure that your process is being found rather then assuming so. This will prevent your application from crashing if the process isn't running.
For example:
| Code: | Process[] processList = Process.GetProcessesByName("MineSweeper");
if (processList == null)
return; // adjust to the proper return if needed
// processList[0] should be safe to use now. |
_________________
- Retired. |
|
| Back to top |
|
|
DaHandy
Newbie cheater
![]() Reputation: 0
Joined: 03 Nov 2007
Posts: 18
|
| Posted: Sat Apr 16, 2011 3:59 pm Post subject: |
|
|
Yup thanks for the tip Wiccaan but I already have an if sentence which does that. 
| Code: | if (Process.GetProcessesByName("MineSweeper").Length == 1)
{//CODE HERE} |
Everything seems to be working now so this thread may be closed.
Thank you both!
|
|
| Back to top |
|
|
Krähne
Expert Cheater
 Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
| Posted: Sun Apr 17, 2011 6:03 am Post subject: |
|
|
Maybe later you will need a code for another module name, so... i have made this snippet, perhaps can help.
| Code: | private static IntPtr GetModuleBaseAddress(string AppName, string ModuleName)
{
IntPtr BaseAddress = IntPtr.Zero;
Process[] myProcess = null;
ProcessModule myProcessModule = null;
myProcess = Process.GetProcessesByName(AppName);
if (myProcess.Length > 0)
{
ProcessModuleCollection myProcessModuleCollection;
try
{
myProcessModuleCollection = myProcess[0].Modules;
}
catch { return IntPtr.Zero; /*Maybe would be ok show the exception after/instead return*/ }
for (int i = 0; i < myProcessModuleCollection.Count; i++)
{
myProcessModule = myProcessModuleCollection[i];
if (myProcessModule.ModuleName.Contains(ModuleName))
{
BaseAddress = myProcessModule.BaseAddress;
break;
}
}
}
return BaseAddress;
} |
Regards.
_________________
Excuse me if you don't understand what I just said, but "english" isn't my native language. |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Apr 17, 2011 7:13 pm Post subject: |
|
|
You can also use Linq to do easy searching and to remove the need for try/catching since FirstOrDefault / SingleOrDefault help us with default returns:
| Code: | /// <summary>
/// Locates a process.
/// </summary>
/// <param name="ProcessName"></param>
/// <returns></returns>
private Process findProcess(String ProcessName)
{
Process proc = (from Process p in Process.GetProcesses()
where p.ProcessName.ToLower() == ProcessName.ToLower()
select p).FirstOrDefault();
return proc;
}
/// <summary>
/// Locates a module.
/// </summary>
/// <param name="proc"></param>
/// <param name="ModuleName"></param>
/// <returns></returns>
private ProcessModule findModule(Process proc, String ModuleName)
{
if (proc == null)
return null;
ProcessModule mod = (from ProcessModule m in proc.Modules
where m.ModuleName.ToLower() == ModuleName.ToLower()
select m).FirstOrDefault();
return mod;
} |
Usage example:
| Code: |
Process myProcess = findProcess("firefox");
ProcessModule myModule = findModule(myProcess, "firefox.exe");
|
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
