Results 1 to 3 of 3

Thread: Get base address of a Process...

  1. Nov 28th, 2001, 03:21 PM #1
    AlbafaN
    AlbafaN is offline

    Thread Starter
    Lively Member
    Join Date
    Aug 2001
    Posts
    109

    Get base address of a Process...

    Anyone know how to do this? Get the base address of a Process. (I want to loop through all of the process's memory address's and read them using ReadMemoryProcess) I heard I can use VirtualQueryEx, but I cant figure out how to use that... any other ways? or does anyone know how to use VirtualQueryEx?
    Reply With Quote Reply With Quote
  2. Nov 28th, 2001, 03:59 PM #2
    jim mcnamara
    Guest
    These guys do internals. The link is aimed at Pmon which gives information about processes. All of their freeware comes with source code. I would take a quick look at their entire site, especially the white papers section.

    Take a look at this code for NT:

    http://www.sysinternals.com/ntw2k/freeware/pmon.shtml
    Reply With Quote Reply With Quote
  3. Nov 28th, 2001, 11:45 PM #3
    AlbafaN
    AlbafaN is offline

    Thread Starter
    Lively Member
    Join Date
    Aug 2001
    Posts
    109
    Private Type MEMORY_BASIC_INFORMATION
    BaseAddress As Long
    AllocationBase As Long
    AllocationProtect As Long
    RegionSize As Long
    State As Long
    Protect As Long
    lType As Long
    End Type

    Private Declare Function VirtualQueryEx Lib "kernel32" (ByVal hProcess As Long, _
    lpAddress As Any, lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long

    Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" _
    (ByVal lpClassName As String, ByVal lpWindowName As String) As Long

    Private Declare Function GetWindowThreadProcessId Lib "user32" _
    (ByVal hWnd As Long, lpdwProcessId As Long) As Long

    Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, _
    ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

    Private Const PROCESS_QUERY_INFORMATION = &H400

    Private Sub Command1_Click()
    Dim hWnd As Long, pId As Long, pHandle As Long, BaseAddr As Long
    Dim MBI As MEMORY_BASIC_INFORMATION

    hWnd = FindWindow(vbNullString, "Rainbow Six")

    GetWindowThreadProcessId hWnd, pId
    pHandle = OpenProcess(PROCESS_QUERY_INFORMATION, False, pId)

    VirtualQueryEx pHandle, 0&, MBI, 28
    CloseHandle pHandle

    BaseAddr = MBI.BaseAddress
    Text1.Text = Hex(BaseAddr)
    End Sub

    -----

    Thats what I've come up with so far, but it doesnt seem to be giving me the proper address... Grr, this is one tough api call
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width