Find the address a Module is loadet into (memory)
Question
I used CE to get a pointer to a value. I want to implement the pointer into my C++ Visual Studio Code. It has 3 Offsets.
What I already got:
- Get the Process ID
- Add the Offsets to the base address
What I need:
- The """base address"""
Problem: I'm not sure if that what I am really looking for is the "base address".
What I need is the Value that = 0x141B6658 - 0x5C4C0 = 0x1415A198 =???
How to get that 0x1415A198 automatically?
I first thought this is the base address of the Module "N3.dll", which would make sense..(?), but it doesn't seem like it is.
I'm grabbing the Module base address with modueentry32, handle=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID), me32.modBaseAddr
And that is something like
MODULE NAME: N3.dll
executable = D:\xxx\xxx\xxx\N3.dll
process ID = 0x00003C2C
ref count (g) = 0x0004
ref count (p) = 0x0004
base address = 0x53230000
base size = 401408
But that's not even close to the one I need
Thanks in Advance
1 answers
solution1
0 2019-11-14 21:46:30
You seem to expect that base address = 0x53230000 holds everything related to N3.dll. This isn't true; that's the base address where code and constants for N3.dll have been loaded. But anything allocated by new will be allocated memory at runtime. There are no module offsets involved in that.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.