Jumperz Ko
Reputation: 401
Convert Cheat Engine base address
I found a memory address and used Cheat Engine's pointer scan to get referring pointers. To use it in a script I need a base address, which is [game.exe+009274]. How to convert this to an address for use in AutoIt script?
I use NomadMemory.au3 UDF.
Upvotes: 3
Views: 1968
Answers (1)
user2530266
Reputation: 287
I have written 2 function some time ago. One to load all the modules loaded with the process and one to get the base address of the module you need. Both might be handy here.
Local $iPID = WinGetProcess("app.exe")
Local $sLoadedModules = _ProcessGetLoadedModules($iPID)
Local $My_dll = _MemoryModuleGetBaseAddress($iPID, "My.dll")
For $i = 0 To UBound($sLoadedModules) - 1
ConsoleWrite($sLoadedModules[$i] & @LF) ; find your process here
Next
ConsoleWrite($My_dll & @LF)
Func _ProcessGetLoadedModules($iPID)
Local Const $PROCESS_QUERY_INFORMATION = 0x0400
Local Const $PROCESS_VM_READ = 0x0010
Local $aCall, $hPsapi = DllOpen("Psapi.dll")
Local $hProcess, $tModulesStruct
$tModulesStruct = DllStructCreate("hwnd [200]")
Local $SIZEOFHWND = DllStructGetSize($tModulesStruct) / 200
$hProcess = _WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION, $PROCESS_VM_READ), False, $iPID)
If Not $hProcess Then Return SetError(1, 0, -1)
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", DllStructGetSize($tModulesStruct), "dword*", "")
If $aCall[4] > DllStructGetSize($tModulesStruct) Then
$tModulesStruct = DllStructCreate("hwnd [" & $aCall[4] / $SIZEOFHWND & "]")
$aCall = DllCall($hPsapi, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($tModulesStruct), "dword", $aCall[4], "dword*", "")
EndIf
Local $aReturn[$aCall[4] / $SIZEOFHWND]
For $i = 0 To UBound($aReturn) - 1
$aCall = DllCall($hPsapi, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", DllStructGetData($tModulesStruct, 1, $i + 1), "wstr", "", "dword", 65536)
$aReturn[$i] = $aCall[3]
Next
_WinAPI_CloseHandle($hProcess)
DllClose($hPsapi)
Return $aReturn
EndFunc ;==>_ProcessGetLoadedModules
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020)
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc ;==>_MemoryModuleGetBaseAddress
Upvotes: 4
Related Questions
- What is the nullptr keyword, and why is it better than NULL?
- Typedef function pointer?
- Why should I use a pointer rather than the object itself?
- How can I measure the actual memory usage of an application or process?
- Fatal Error: Allowed Memory Size of 134217728 Bytes Exhausted
- When should I use pointers instead of references in API-design?
- Pointers in C: when to use the ampersand and the asterisk?
- Pointers vs. values in parameters and return values
- c# memory THREADSTACK0 base address
- Using Cheat Engine Base Address in C++ Program