| View previous topic :: View next topic |
| Author |
Message |
redhead
Cheater
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 47
|
 Posted: Wed Dec 12, 2007 12:28 pm Post subject: Question about Readmemory... *****.dll+25E20 (c++) |
 |
|
Hey there.
In my programm, I need to know a value from an adress,usually it's np with readprocessmemory, but this time I found an adress with CE wich looks like:
*****.dll+25E20 instead of 6FAE5E20 ..(just an example).
this:
ReadProcessMemory(hProcess,(LPVOID)d2launch.dll+25E20,&Buffer,2,NULL);
ofc doesn't work... (if the adress would b 6FAE5E20, this just would go ReadProcessMemory(hProcess,(LPVOID)0x6FAE5E20,&Buffer,2,NULL)
Any Idea?Thanks in advance |
|
| Back to top |
|
 |
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Wed Dec 12, 2007 12:57 pm Post subject: |
|
|
So, you want to know the address of the DLL? ::GetModuleHandle();
You could clarify your question a bit.. |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Dec 12, 2007 2:18 pm Post subject: |
|
|
| Jani wrote: | So, you want to know the address of the DLL? ::GetModuleHandle();
You could clarify your question a bit.. |
By looking at his code, I would guess hes not injected into the process. (ReadProcessMemory would be pointless if he was.) So GetModuleHandle() wont work in his case.
Instead, take a look at CreateToolhelp32Snapshot and Process32First/Process32Next as well as Module32First/Module32Next.
Process32First/Next will loop the processes on your system which you can use to locate the process you want to get the module list (and info) of. Then you can loop the Module tree and locate your module, in your case: d2launch.dll
The MODULEENTRY32 structure has an entry which holds the base address of the given module which is what you want when doing the dll+offset calculation. MODULEENTRY32.modBaseAddr is the entry you will want to use.
There are a few explains posted on this subject already in this section. And you can check out the MSDN for documentation on each API. (Some include examples.)
_________________
- Retired. |
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Thu Dec 13, 2007 7:36 am Post subject: |
|
|
| Wiccaan wrote: | | By looking at his code, I would guess hes not injected into the process. (ReadProcessMemory would be pointless if he was.) So GetModuleHandle() wont work in his case. |
| redhead wrote: | | In my programm, |
Someone could understand that he's RPM'ing his own program (no idea why tho.)
I asked him to clarify his situtation.. :/ |
|
| Back to top |
|
|
redhead
Cheater
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 47
|
| Posted: Thu Dec 13, 2007 11:13 am Post subject: |
|
|
Sorry if it wasn't clear(hadn't mucht time, yesterday..).. Wiccaan was right, I'm looking to msdn atm, hope I'll understand all, thx.
EDIT:
Thx! Work's gr8 now  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
