Finding PID and Base Address in C++
Question
I'm trying to write a code in C++ which would display a process ID and base address of some application, PID seems to look correct but base address is 0, which is incorrect. My question is - what's wrong here?
IDE: Code::Blocks
Also to make it even run i had to set up "-lpsapi" in Settings -> Compiler -> Linker settings -> Other linker options
I was thinking about building this as admin but could't find such option in Code::Block (maybe build-in?)
#define WINVER 0x0501
#include <iostream>
#include <cstdio>
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
#include <Psapi.h>
#include <tlhelp32.h>
using namespace std;
HANDLE GetHandle()
{
string name = "PathOfExile_x64.exe";
DWORD pid = 0;
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 process;
ZeroMemory(&process, sizeof(process));
process.dwSize = sizeof(process);
if (Process32First(snapshot, &process))
{
do
{
if (string(process.szExeFile) == name)
{
pid = process.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &process));
}
CloseHandle(snapshot);
if (pid != 0)
{
cout << "pid = " << pid << endl;
return OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
}
return NULL;
}
HMODULE GetModule()
{
HMODULE hMods[1024];
HANDLE pHandle = GetHandle();
DWORD cbNeeded;
unsigned int i;
if (EnumProcessModules(pHandle, hMods, sizeof(hMods), &cbNeeded))
{
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
{
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(pHandle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
string wstrModName = szModName;
string wstrModContain = "PathOfExile_x64.exe";
if (wstrModName.find(wstrModContain) != string::npos)
{
CloseHandle(pHandle);
return hMods[i];
}
}
}
}
return nullptr;
}
int main()
{
HWND WindowHandle = FindWindow(nullptr, "Path of Exile");
DWORD PID;
GetWindowThreadProcessId(WindowHandle, &PID);
PVOID hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, PID);
HMODULE Module = GetModule();
DWORD BaseAddress = (DWORD)Module;
cout << BaseAddress << endl;
}
1 answers
solution1
0 2020-02-15 06:07:21
I would do it like this, tested working. I'm not familiar with the Enum functions, I prefer to use the ToolHelp32Snapshot function
#include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
DWORD GetProcId(const char* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (!_stricmp(procEntry.szExeFile, procName))
{
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_stricmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
}
CloseHandle(hSnap);
return modBaseAddr;
}
int main()
{
DWORD procId = GetProcId("PathOfExile_x64.exe");
uintptr_t modBase = GetModuleBaseAddress(procId, "PathOfExile_x64.exe");
std::cout << "0x" << std::hex << modBase << std::endl;
std::getchar();
return 0;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.