How to get base address of process?

Question

How to get base address of process?

Closed this issue 2 years ago · 17 comments

I have a game that doesnt have any dll modules so i cannot use those, instead i need to take the base address of the game and add my offsets to it. How may i do this?

Answer 1 · 2022-12-11T12:53:23.000Z

Hi!
Which way are you trying to do, external or internal? It depends, but i think it'll work if u pass executable name like "foo.exe" instead of dll name.
if it doesnt work, let me know!

Answer 2 · 2022-12-11T19:58:13.000Z

I am currently using external, and I just tried passing the executable name instead of a dll name and it errors with a PartialCopy error.

Answer 3 · 2022-12-12T02:00:11.000Z

May I take a look at a minimal reproducible example of the bug?
If it appears because of your code or target memory, i can point it out, or if it looks my code's fault, I'll fix it so:)

Answer 4 · 2022-12-12T02:04:00.000Z

    let lol: Process = match Process::from_process_name("League of Legends.exe") {
        Ok(p) => p,
        Err(why) => {
            panic!("{}", why)
        }
    };

    let module_info = lol.get_module_base("League of Legends.exe");

    println!("{:#?}", module_info);

Will print

Err(
    ReadMemoryFailed(
        ErrorPartialCopy,
    ),
)

Answer 5 · 2022-12-12T02:06:32.000Z

Does it print at the line of panic!("{}", why) ??

Answer 6 · 2022-12-12T02:06:50.000Z

Nope, it prints at the last println

Answer 7 · 2022-12-12T02:09:21.000Z

Thanks, Since it's my codes bug, I'll take a look at my code and stuff 🙂

Answer 8 · 2022-12-12T02:17:59.000Z

thank you !!

Answer 9 · 2022-12-12T07:35:37.000Z

plz be informed that it may take a while cuz im swamped this week.

Answer 10 · 2022-12-12T07:36:33.000Z

Thats completely fine! im in no rush just experimenting with gamehacking.

Answer 11 · 2022-12-12T08:08:36.000Z

Thanks.
This is off topic but cpp is way easier than rust when u manipulate memory. Rust complain about types every time u compile...
I just leaving this code as a reference for later and backed to cpp haha.

Answer 12 · 2022-12-12T08:43:21.000Z

yeah ive realized that, i wanted to see how far i could go with rust as its my main language i use. C++ has a lot more resources for gamehacking so i might learn a bit of C++ because itll make this field easier to learn

Answer 13 · 2022-12-16T14:22:27.000Z

So I tested it with random 64bit process I own now and it just worked.

use toy_arms::external::process::Process;

fn main() {
    let process = Process::from_process_name("WAIUA.exe").unwrap();
    println!("process handle: {:?}", process.handle);
    let module_info = process.get_module_info("WAIUA.exe").unwrap();
    println!("{}", module_info);
    while true {}
}

# output
process handle: 0xac
module_name: WAIUA.exe
module_size: 290816
module_base_address: 140698121076736  <-- 0x7ff6d5870000 in hex which is correct as shown below image
module_handle: 0x7ff6d5870000
module_path: C:\Users\pseuxide\AppData\Local\Programs\WAIUA\WAIUA.exe

probably League of Legends has a sort of memory protection technique. or maybe hooking VirtualProtect or something. I'll debug with League of Legends tomorrow.
Are you not getting baned? Careful if u use this kind of library on Anti cheat-equipped game, it might get u baned unless u reverse engineer the integrity checker and hack it beforehands.

Answer 14 · 2022-12-16T17:45:08.000Z

I just examined it and indeed, error get caused in the memory reading part. It's been long time since i peeked at this code, but rust's code is horribly hard to read. omg

Answer 15 · 2022-12-16T19:24:43.000Z

So I tested it with random 64bit process I own now and it just worked.
use toy_arms::external::process::Process;

fn main() {
    let process = Process::from_process_name("WAIUA.exe").unwrap();
    println!("process handle: {:?}", process.handle);
    let module_info = process.get_module_info("WAIUA.exe").unwrap();
    println!("{}", module_info);
    while true {}
}
# output
process handle: 0xac
module_name: WAIUA.exe
module_size: 290816
module_base_address: 140698121076736  <-- 0x7ff6d5870000 in hex which is correct as shown below image
module_handle: 0x7ff6d5870000
module_path: C:\Users\pseuxide\AppData\Local\Programs\WAIUA\WAIUA.exe
probably League of Legends has a sort of memory protection technique. or maybe hooking VirtualProtect or something. I'll debug with League of Legends tomorrow. Are you not getting baned? Careful if u use this kind of library on Anti cheat-equipped game, it might get u baned unless u reverse engineer the integrity checker and hack it beforehands.

They dont care if I do passive memory reading, which is all im doing for now.

Answer 16 · 2022-12-16T19:26:41.000Z

I just examined it and indeed, error get caused in the memory reading part. It's been long time since i peeked at this code, but rust's code is horribly hard to read. omg

i find rust to be easier to read than C++, but thats because ive used it more. It is probably the same thing with you just opposite

Answer 17 · 2022-12-19T01:38:11.000Z

So, i found the possible problem that might be causing this issue, and confirmed it by testing things in C++ haha. Anyway now I have an idea to fix it. I'll fix it in this few days ~~