Results 1 to 7 of 7

Thread: How do I get the baseaddress of a 64 bit process?

  1. Oct 19th, 2021, 03:34 PM #1
    Maatooh
    Maatooh is offline

    Thread Starter
    Member
    Join Date
    Oct 2020
    Posts
    63

    Question How do I get the baseaddress of a 64 bit process?

    I need to obtain the base address of a 64-bit .exe process, in the same way that CE does, I find myself in the need to do this since the address changes over time, I have had experience obtaining addresses for dll from a process 32 bits but I have not had success with the .exe process and less with 64 bits since I must store it in a variable that supports the "7FFFFFFFFFFF" type of extension.

    Name: IMG1.jpg Views: 789 Size: 38.3 KB

    Thanks very much!
    Reply With Quote Reply With Quote
  2. Oct 20th, 2021, 12:53 AM #2
    dz32
    dz32 is offline
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,216

    Re: How do I get the baseaddress of a 64 bit process?

    I just use a small 64bit helper app which outputs the results to the command line in csv string format.
    Then parse the results from stdin. you launch x64helper in a hidden window so no console window popup.
    Quick and dirty but reliable.

    https://github.com/dzzie/SysAnalyzer.../Cx64.cls#L588
    https://github.com/dzzie/SysAnalyzer.../main.cpp#L156

    Once you have the 64bit number as string you can then use a x64 math library to work on it if you must.
    for just display the string is fine.

    https://github.com/dzzie/libs/tree/master/vb6_utypes

    example output:
    Code:
    Usage x64Helper:
        /inject decimal_pid dll_path
        /dlls decimal_pid
        /dumpmodule decimal_pid hex_string_base hex_string_size out_file_path
        /dumpprocess decimal_pid out_file_path
        /startwdll exe_path dll_path
        /memmap decimal_pid [out_file_path|-c] (pid -32|-64|-1)
        /loadlib file_path [exportToCall [cdecl] ]
        /procs [32|64|strMatch]

x64helper /procs 64
    Showing 64 bit processes only..
    9912  Zoom.exe
    ...

x64helper /dlls 9912
   0x260000,0x42000,C:\Users\home\AppData\Roaming\Zoom\bin\Zoom.exe
   0x77040000,0x1A3000,C:\WINDOWS\SYSTEM32\ntdll.dll
   0x75CB0000,0xF0000,C:\WINDOWS\System32\KERNEL32.DLL
   ...
    also..

    Attachment 182682
    Reply With Quote Reply With Quote
  3. Oct 20th, 2021, 01:15 AM #3
    The trick
    The trick is offline
    PowerPoster
    Join Date
    Feb 2015
    Posts
    2,783

    Re: How do I get the baseaddress of a 64 bit process?

    NtWow64QueryInformationProcess64
    Multithreading without dependencies|EXE loader|Inline assembler Add-in|Kernel-mode driver on VB6|Multithreading in StandartEXE
    Native VB6-DLL|Code injection to other process|DLL injection|DirectX9|DirectSound|TrickControls|MP3 player from memory
    Easy calling by pointer|Hash-table|Safe subclassing|Vocoder|Creation of native DLL|COM-DLL without registration|FM-synthesizer
    FFT spectrum-analyser|3D Fir-tree|Asynch waiter|Wave steganography|Fast AVI-trimmer|Windows with custom rendering
    String to integer and vice versa|Multithreading with marshaling|Owner-draw listbox mod|Advanced math|Library info|TrickSound class
    Create GIF-animation|Store data to self-EXE|Computer creates a music|Hello World in machine codes|VBPNG|Signal spectrum
    secp256k1 library - generate Bitcoin keys|VBCdeclFix - use CDECL functions in VB6|VbVst - VST framework for VB6

    All my CodeBank projects.
    Reply With Quote Reply With Quote
  4. Oct 20th, 2021, 02:41 PM #4
    Maatooh
    Maatooh is offline

    Thread Starter
    Member
    Join Date
    Oct 2020
    Posts
    63

    Re: How do I get the baseaddress of a 64 bit process?

    Solved without problems, they are heroes. Thanks!!
    Reply With Quote Reply With Quote
  6. Mar 22nd, 2025, 02:35 AM #5
    camomille
    camomille is offline
    Lively Member
    Join Date
    Nov 2017
    Posts
    70

    Re: How do I get the baseaddress of a 64 bit process?

    Quote Originally Posted by dz32 View Post
    I just use a small 64bit helper app which outputs the results to the command line in csv string format.
    Then parse the results from stdin. you launch x64helper in a hidden window so no console window popup.
    Quick and dirty but reliable.

    https://github.com/dzzie/SysAnalyzer.../Cx64.cls#L588
    https://github.com/dzzie/SysAnalyzer.../main.cpp#L156

    Once you have the 64bit number as string you can then use a x64 math library to work on it if you must.
    for just display the string is fine.

    https://github.com/dzzie/libs/tree/master/vb6_utypes

    example output:
    Code:
    Usage x64Helper:
        /inject decimal_pid dll_path
        /dlls decimal_pid
        /dumpmodule decimal_pid hex_string_base hex_string_size out_file_path
        /dumpprocess decimal_pid out_file_path
        /startwdll exe_path dll_path
        /memmap decimal_pid [out_file_path|-c] (pid -32|-64|-1)
        /loadlib file_path [exportToCall [cdecl] ]
        /procs [32|64|strMatch]

x64helper /procs 64
    Showing 64 bit processes only..
    9912  Zoom.exe
    ...

x64helper /dlls 9912
   0x260000,0x42000,C:\Users\home\AppData\Roaming\Zoom\bin\Zoom.exe
   0x77040000,0x1A3000,C:\WINDOWS\SYSTEM32\ntdll.dll
   0x75CB0000,0xF0000,C:\WINDOWS\System32\KERNEL32.DLL
   ...
    also..

    Attachment 182682
    I'm trying to get your library, but the link is dead. Could you provide a working link?

    https://github.com/dzzie/libs/tree/master/vb6_utypes

    Thanks in advance.
    Reply With Quote Reply With Quote
  7. Mar 22nd, 2025, 08:36 AM #6
    fafalone
    fafalone is offline
    PowerPoster
    Join Date
    Jul 2010
    Location
    NYC
    Posts
    6,977

    Re: How do I get the baseaddress of a 64 bit process?

    https://sandsprite.com/CodeStuff/vb6_utypes.zip

    Also this thread is old so I'll add a reminder you no longer need to know another language like C++ to write 64bit helper apps, twinBASIC exists now

    (It doesn't have unsigned types yet; they're planned for sometime after v1.0, but the LongLong and Decimal types do make some workarounds for that easier then Currency and Double)
    oleexp projects: [Shell Browser & Shell Tree Controls] ~ [Advanced Thumbnails LV for All Files] ~ [Customized Open/Save dialogs with IFileDialog] ~ [Host actual Explorer window on form] ~ [Custom Autocomplete Lists] ~ [ITaskbarList3: Overlays, progress, and more] ~ [IFileOperation for modern Copy/Move] ~ [List/execute associated handlers with IAssocHandler] ~ [SHDoDragDrop/SHCreateDataObject for OLE/IDropSource-less File Dragging] ~ [Show Explorer drag image on any control] ~ [Show file previews beyond just images: IPreviewHandler] ~ [IStorage for Unzip w/o shell object/3rd party DLL, and create/add to zips with IDropTarget] ~ [Easy image display/rotate/scale: IShellImageData; IImageList primer] ~ [Core Audio For VB6] ~ [List *all* file properties] ~ Details & more oleexp projects ~ All of my CodeBank submissions
    Reply With Quote Reply With Quote
  8. Apr 1st, 2025, 12:50 AM #7
    camomille
    camomille is offline
    Lively Member
    Join Date
    Nov 2017
    Posts
    70

    Re: How do I get the baseaddress of a 64 bit process?

    Quote Originally Posted by fafalone View Post
    https://sandsprite.com/CodeStuff/vb6_utypes.zip

    Also this thread is old so I'll add a reminder you no longer need to know another language like C++ to write 64bit helper apps, twinBASIC exists now

    (It doesn't have unsigned types yet; they're planned for sometime after v1.0, but the LongLong and Decimal types do make some workarounds for that easier then Currency and Double)
    Thanks, this is for a 64-bit X86 simulator that will be converted to Tb
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width