Find base address of a a specific program in storage/memory?

Question

I want to find the current base address of a program without any manual input. Basically I want to write to specific addresses in memory using offsets. To do that, I need to find the base address of the program I'm modifying. Currently, I can do that by finding the base address manually through another software, however, I want it to be automated.

I've tried GetModuleHandle(NULL) and casting that to uintptr_t to get the base address, but it does not seem to point to the correct spot.

I might not be understanding something and I appreciate all the help.

EDIT: I am looking for the relative offset of the base address. I found a way to get the base address, now I just need the offset of the actual base address. -- Every Program has its own CONSTANT relative offset which can be found online or through special software.

The solution is down below.

Answer 1

I've researched this a lot and we only need two methods two find the base address of any process you want.

DWORD GetProcessId(const wchar_t* processName); //gets the process Id

uintptr_t GetModuleBaseAddress(DWORD processId, const wchar_t* moduleName);  //gets the module base address

These are the main headers that we need.

The first header will find the process ID by taking a snapshot of all running processes and compare each name to the name you pass in.

DWORD GetProcessId(const wchar_t* processName) {

    DWORD processId = 0;
    HANDLE hSnap = (CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0));
    if (hSnap != INVALID_HANDLE_VALUE) {

        PROCESSENTRY32 processEntry;
        processEntry.dwSize = sizeof(processEntry);

        if (Process32First(hSnap, &processEntry)) {

            do {
            
                if (!_wcsicmp(processEntry.szExeFile, processName)) {

                    processId = processEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &processEntry));
        }
    }
    else {

        cout << "CreateToolhelp32Snapshot failed. GetLastError = " << dec << GetLastError() << endl;
        system("pause");
        return EXIT_FAILURE;
    }

    CloseHandle(hSnap);
    return processId;
}

This method takes a snapshot of all running modules within the process specified and compares the module (in my case I need the base address of the whole process, so it is the same as the processName ) you specify to every module in the current process.

uintptr_t GetModuleBaseAddress(DWORD processId, const wchar_t* moduleName) {

    uintptr_t moduleBaseAddr = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, processId);
    if (hSnap != INVALID_HANDLE_VALUE) {

        MODULEENTRY32 moduleEntry;
        moduleEntry.dwSize = sizeof(moduleEntry);
        if (Module32Next(hSnap, &moduleEntry)) {

            do {
            
                if (!_wcsicmp(moduleEntry.szModule, moduleName)) {

                    moduleBaseAddr = (uintptr_t)moduleEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &moduleEntry));
        }
    }

    CloseHandle(hSnap);
    return moduleBaseAddr;
}

The way I understand it, each program has its own base address (what we found) as well as a set pointer that will lead you to the dynamic pointer base address (the pointer that you add to the base address could be found through special software or online).

Thanks All!