The base address I found for a memory location in an application was in the syntax "application_name.exe" + 0007856
(<- or any other number, this is just an example). My question is, how would I find the address for "application_name.exe"
in C++? I'm not sure but this was the method I used:
HANDLE proc_handle = OpenProcess(//parameters go here to open the process);
void * base_add = (void*)proc_handle; //to store the address of the process
If that method is correct, the first question I asked on how to get the application's address is answered which leads me to my second question: since the base address for the specific memory location was "application_name.exe" + 0007856
, can I just do this?:
DWORD specific_memory_base_add = (DWORD)base_add + 0x0007856
Can I use the address I found from "application_name.exe"
and add it to 0x0007856
using +
? I've tried it and it didn't seem to work. If that is not correct, what is the correct method?
Retrieving the base address of a module in another process requires to enumerate the process' modules and retrieve the module names to find a match.
To enumerate the modules loaded into a process call EnumProcessModules
. Once you have the list of modules call GetModuleBaseName
for each module to find the one you are looking for (application_name.exe). The HMODULE
for this module is a pointer (in the target process' address space) to the beginning of the module, it's base address. You can use this to add your offset.