c++winapibase-address

Incorporating base memory addresses in C++


The base address I found for a memory location in an application was in the syntax "application_name.exe" + 0007856 (<- or any other number, this is just an example). My question is, how would I find the address for "application_name.exe" in C++? I'm not sure but this was the method I used:

HANDLE proc_handle = OpenProcess(//parameters go here to open the process);
void * base_add = (void*)proc_handle;    //to store the address of the process

If that method is correct, the first question I asked on how to get the application's address is answered which leads me to my second question: since the base address for the specific memory location was "application_name.exe" + 0007856, can I just do this?:

DWORD specific_memory_base_add = (DWORD)base_add + 0x0007856

Can I use the address I found from "application_name.exe" and add it to 0x0007856 using +? I've tried it and it didn't seem to work. If that is not correct, what is the correct method?


Solution

  • Retrieving the base address of a module in another process requires to enumerate the process' modules and retrieve the module names to find a match.

    To enumerate the modules loaded into a process call EnumProcessModules. Once you have the list of modules call GetModuleBaseName for each module to find the one you are looking for (application_name.exe). The HMODULE for this module is a pointer (in the target process' address space) to the beginning of the module, it's base address. You can use this to add your offset.