Page 1 of 1

find base address of a process

Posted: 28 Mar 2017, 09:01
by Trigun
when i use cheatengine for find the address i get "game.exe"+1234
if i add the address manually "game.exe" i get the address: 00a50000
how i can find that address?
i tried with this code:

Code: Select all

getProcessBaseAddress(WindowTitle, windowMatchMode := "3")    ;WindowTitle can be anything ahk_exe ahk_class etc

    WinGet, hWnd, ID, %WindowTitle%
    return DllCall(A_PtrSize = 4     ; If DLL call fails, returned value will = 0
        ? "GetWindowLong"
        : "GetWindowLongPtr"
        , "Ptr", hWnd, "Int", -6, A_Is64bitOS ? "Int64" : "UInt")
        ; For the returned value when the OS is 64 bit use Int64 to prevent negative overflow when AHK is 32 bit and target process is 64bit
        ; however if the OS is 32 bit, must use UInt, otherwise the number will be huge (however it will still work as the lower 4 bytes are correct)
        ; Note - it's the OS bitness which matters here, not the scripts/AHKs

but i get a different address 0x7ffbfdaf0000
so i can't use the offset ... how i can solve? tnx :-)

Re: find base address of a process

Posted: 28 Mar 2017, 10:11
by Trigun

Code: Select all

#include classMemory.ahk
test := new _ClassMemory("A", "", hProcessCopy)
value :=, "UInt")
if i try with that code i get the address 0x7ff6cc670000
different address but still 6 byte instead 4

Ps i have windows 10

Re: find base address of a process

Posted: 28 Mar 2017, 12:33
by SnowFlake

Code: Select all

IF NOT A_IsAdmin
   Run *RunAs "%A_ScriptFullPath%"
setSeDebugPrivilege(enable := True)

#SingleInstance Force

#include %a_scriptdir%/classMemory.ahk

Game := new _ClassMemory("ahk_exe AQ3D.exe")
if !isObject(Game)
    msgbox failed to open a handle

baseAddress := Game.getModuleBaseAddress("mono.dll")

arrayPointerOffsets := [0x6F8, 0x290, 0x10, 0x24, 0x44]
value := + 0x001F65AC, "int", arrayPointerOffsets*)

msgbox %value%
i use this,

Re: find base address of a process  Topic is solved

Posted: 28 Mar 2017, 13:50
by Trigun

Code: Select all

Game := new _ClassMemory("A")
if !isObject(Game)
    msgbox failed to open a handle

baseAddress := Game.getModuleBaseAddress("mono.dll")
msgbox %baseAddress%
value := + 0xA5F604, "int")
i get -1 on baseAddress

no idea why i can't get the baseaddress...

Re: find base address of a process

Posted: 28 Mar 2017, 21:43
Trigun wrote:

Code: Select all

Game := new _ClassMemory("A")
if !isObject(Game)
    msgbox failed to open a handle

baseAddress := Game.getModuleBaseAddress("mono.dll")
msgbox %baseAddress%
value := + 0xA5F604, "int")
i get -1 on baseAddress

no idea why i can't get the baseaddress...

-1 means that DLL wasn't found.

Are you using 64 or 32 AHK?

What game?
Don't use "A" as the winTitle. Try something like

Code: Select all

Game := new _ClassMemory("ahk_exe AQ3D.exe") ;Where AQ3D.exe is the exe/process name
if !isObject(Game)
    msgbox failed to open a handle

msgbox % game.BaseAddress  ;process base address.

Re: find base address of a process

Posted: 29 Mar 2017, 10:00
by Trigun1
in windows 10 the ahk_exe don't works with a lot of process ( ) so i'm using "A" for bypass this problem
i have 64bit ahk

and u can try it with the calculator (on win10)

Re: find base address of a process

Posted: 30 Mar 2017, 00:37
Trigun1 wrote:in windows 10 the ahk_exe don't works with a lot of process ( ) so i'm using "A" for bypass this problem
i have 64bit ahk

and u can try it with the calculator (on win10)
The active window 'A' title won't always fix this issue. I have windows 10 and haven't had any issues with STANDALONE games.... but the built in windows apps are another story.

Calculator in win10 works, but you need to use another method to find the 'correct' PID and then turn on DetectHiddenWindows before using classMemory.

Code: Select all

; This gets the PID that matches Task Manager Details and CE
for process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where Name = 'Calculator.exe'")
    PID := process.processId
if !PID 
    msgbox PID not found 

DetectHiddenWindows, On ; Required for the next line to work.
Game := new _ClassMemory("AHK_PID " PID)

if !isObject(Game)
    msgbox failed to open a handle

SetFormat, IntegerFast, H
msgbox % "Base: " game.BaseAddress 


Re: find base address of a process

Posted: 30 Mar 2017, 04:36
by Trigun1
oh this way works :-)
i tried with pid but not with the memoryclass.ahk and still failed

thanks :-)
this will solve me a lot of problems in the future :-P