Reputation: 1148
How to get the 'start' memory address of an application?
I've found/reworked some code to read/write data directly to the memory of another application. The code to read/write a single address is as fast as I could want, but finding the address is a hassle. I'd assume for any given program the locations of variables in the memory would be the same relative to a given position, I'd guess the start position.
So I currently use this to read memory:
Public Function ReadBytes(ByVal addr As IntPtr, ByVal size As Int32) As Byte()
Dim _rtnBytes(size - 1) As Byte
ReadProcessMemory(_targetProcessHandle, addr, _rtnBytes, size, vbNull)
Return _rtnBytes
End Function
This code requires a bunch of global variables, routines to attach to the memory etc..
The ideal answer would give me a method or reference to code that gives me the starting address of the memory for a given process. I'm doing this in VB.NET
Upvotes: 1
Views: 1155
Answers (1)
Reputation: 3923
Your assumption that variables will always be offset from the start position is not always accurate.
The start position could be assumed to mean the entry point, which is typically the first address of assembly that begins executing after the process is loaded. This is not always the address of the main() function but most would assume it is. It really depends on the executable itself. But it is not the base address of the .exe module.
Now if we assume that start position is the base address where the module is loaded into memory, then yes, a variable or function which is realtive to the base adress of the module would always be located at the same relative offset. This is very common, but depending on what variable or function you're looking for it may not be.
In the case that's relative to the base address of the module, you can use the System.Diagnostics .NET library and grab the Process.MainModule.BaseAddress variable for this purpose. It's pretty much the same procedure in all programming languages, but .NET gives you the easy to use System.Diagnostics lib.
Here's some code I tested working on notepad.exe:
Imports System.Diagnostics
Module Module1
Sub Main()
Try
Dim processName As String = "notepad"
Dim processes() As Process = Process.GetProcessesByName(processName)
If processes.Length = 0 Then
Console.WriteLine("No process found with name: " & processName)
Return
End If
Dim targetProcess As Process = processes(0)
Dim baseAddress As IntPtr = targetProcess.MainModule.BaseAddress
If baseAddress = IntPtr.Zero Then
Console.WriteLine("Could not retrieve the entry point address.")
Else
Console.WriteLine("Main Module Base address: 0x" & baseAddress.ToString("X"))
End If
Catch ex As Exception
Console.WriteLine("Error: " & ex.Message)
End Try
Console.ReadKey()
End Sub
End Module
Upvotes: 0
Related Questions
- How to get the starting/base address of a process in C++?
- How to find the starting address of an application for memory editing a process?
- Finding base address of process in VB.net
- Get Thread's Start Address for External Process in C#
- Get the memory usage of a process in windows in vb.net
- How can i find the start and end memory of a process?
- Detect when exe is started vb.net
- How can I get a process entry point address
- Real Starting Address Of A Process in Memory / Win32 Debug APIs
- starting memory of process