Posted: Fri Feb 25, 2022 1:23 pm Post subject: Why I get different address in CE and python scripts
I'm trying to convert a pointer with offset in CE into python scripts, using pymem.
However the first base address of xxx.dll is different.
In ce, it looks like: xxx.dll + 0x 040DF480 = 0x 24FF2830A80
0x 24FF2830A80 + 0x 80 = 0x 24FF2830B00
[0x 24FF2830B00] = 100 (the right value)
IN python: I use pymem to locate the dll
pm = pymem.Pymem("abc.exe")
baseAddress = pymem.process.module_from_name(pm.process_handle, "xxx.dll").lpBaseOfDll
but it return baseaddress of xxx.dll is 0x7ffccac40000
They're totally different.
I lookup win's docs, it said the function return the load address of dll, not main function address? could It be the reason?
Oh. Thanks.
Suddenly, I know the reason after reading your words.
It's exactly address and value.
I didn't realized that the first offset from dll is also a pointer before.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum