How to get the "Base Address" of the main module of another process

Navigation
1
Hi, I made software that analyzes the dump of a certain Engine process to extract the XOR key from the game automatically because it has a dynamic 16-byte XOR changing from compilation to compilation of the game ... And for translate games from that engine need to decrypt your files.

Currently I analyze a dump done by ProcessDump and the same one when dumped a process leaves in the name of the file the Base Address of the dumped module.

I wanted to know how I could in C # an x86 and x64 compatible way to get the Base Address of a process without having to dump it ... after all, the Process class can not tell me the Base Address, always crashing when I try.

I was aware yesterday of a Library called MemorySharp, should it be useful in my case?

PS: I accept P / Invoke

    
asked by anonymous 09.08.2016 / 19:25

1 answer

1

Try this: 

Process[] processes = Process.GetProcessesByName("meuPrograma"); 
Process mProc = processes[0]; 
IntPtr hProc = mProc.Handle; 

int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32(); 
int height_offset = 0x0007E1BC; 
height_adr = (IntPtr)(base_adr + height_offset); 

ckFreezeFlag.Text = "Base: " + base_adr.ToString("X"); 
ckFreezeMines.Text = "Height: " + height_adr.ToString("X");

Keep in mind that the call mProc = processes [0]; it may not have a completed result, so it may cause an error, you should test if it is empty.

The offset is on your own;)

    
10.08.2016 / 01:53
Saving multiple array at once laravel Autocomplete rails 4 + jQuery