Finding process ID and base address using winapi
Question
I'm writing a program in Code::Blocks that would simply print application's process ID and base address. The PID is found correctly but I'm having difficulties with base address also I'm using GNU GCC Compiler (x64). My guess is that the error lies in HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId); because it returns INVALID_HANDLE_VALUE . But still I can't resolve this problem. The IDE doesn't show any error or warnings. GetLastError() returns 5 (Access Denied)
Console output:
Process ID = 2656 INVALID_HANDLE_VALUE returned BaseAddr = 0
And this is full code:
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <string.h>
DWORD GetProcId(const char* procName)
{
DWORD procId = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(procEntry);
if (Process32First(hSnap, &procEntry))
{
do
{
if (lstrcmpi(procEntry.szExeFile, procName) == 0) {
procId = procEntry.th32ProcessID;
break;
}
} while (Process32Next(hSnap, &procEntry));
}
}
CloseHandle(hSnap);
return procId;
}
uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
uintptr_t modBaseAddr = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof(modEntry);
if (Module32First(hSnap, &modEntry))
{
do
{
if (!_stricmp(modEntry.szModule, modName))
{
modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
break;
}
} while (Module32Next(hSnap, &modEntry));
}
} else {
std::cout << "INVALID_HANDLE_VALUE returned" << std::endl;
}
CloseHandle(hSnap);
return modBaseAddr;
}
int main()
{
DWORD procId = GetProcId("Game.exe");
std::cout << "Process ID = " << procId << std::endl;
uintptr_t baseAddr = GetModuleBaseAddress(procId, "Game.exe");
std::cout << "BaseAddr = " << baseAddr << std::endl;
std::getchar();
return 0;
}
1 answers
solution1
-1 2020-04-05 19:10:54
Well after putting it to Code Blocks, i just changed the _stricmp in the GetModuleBaseAddress function to strcmp also this line
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
to this
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procId);
Try this code:
#include <windows.h>
#include <tlhelp32.h>
#include <string>
#include <iostream>
using namespace std;
HANDLE _process = NULL;
DWORD pid = 0;
DWORD baseAddr = 0;
bool getID(string process)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 entry;
entry.dwSize = sizeof(entry);
do
{
if(!strcmp(entry.szExeFile,process.c_str()))
{
pid = entry.th32ProcessID;
CloseHandle(hHandle);
_process = OpenProcess(PROCESS_ALL_ACCESS,false,pid);
return true;
}
} while(Process32Next(hHandle,&entry));
return false;
}
bool getModuleBaseAddress(string module)
{
HANDLE hHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);
MODULEENTRY32 mentry;
mentry.dwSize = sizeof(mentry);
do
{
if(!strcmp(mentry.szModule,module.c_str()))
{
CloseHandle(hHandle);
baseAddr = (DWORD)mentry.modBaseAddr;
return true;
}
} while(Module32Next(hHandle,&mentry));
return false;
}
int main()
{
while(!getID("popo.exe")) {Sleep(10);}
while(!getModuleBaseAddress("popo.exe")) {Sleep(10);}
cout << "PID: " << pid << endl << "Base Address: " << baseAddr;
return 0;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.