How do I read base address of DLL?

Ask gaming related questions
AnzeBlaBla
Posts: 1
Joined: 03 Oct 2019, 10:49

How do I read base address of DLL?

03 Oct 2019, 10:59

Hey!
First off, this is my first ever post here, even though I've been using this forum for 3+ years. :bravo:
So...
I've been having an issue reading the base address of a DLL for a hack. I fixed it by calling a c# program and that program writes it in a file, but I want to improve it.
I've tried all the functions I could find, here are some:

Code: Select all



GetDllBase(DllName, PID = 0)
{
    TH32CS_SNAPMODULE := 0x00000008
    INVALID_HANDLE_VALUE = -1
    VarSetCapacity(me32, 548, 0)
    NumPut(548, me32)
    snapMod := DllCall("CreateToolhelp32Snapshot", "Uint", TH32CS_SNAPMODULE
                                                 , "Uint", PID)
    If (snapMod = INVALID_HANDLE_VALUE) {
        Return 0
    }
    If (DllCall("Module32First", "Uint", snapMod, "Uint", &me32)){
        while(DllCall("Module32Next", "Uint", snapMod, "UInt", &me32)) {
            If !DllCall("lstrcmpi", "Str", DllName, "UInt", &me32 + 32) {
                DllCall("CloseHandle", "UInt", snapMod)
                Return NumGet(&me32 + 20)
            }
        }
    }
    DllCall("CloseHandle", "Uint", snapMod)
    Return 0
}



Memory_GetModuleBase(process_id, module_name)
{
    snapshot_handle := DllCall("CreateToolhelp32Snapshot", "UInt", 0x00000008, "UInt", process_id) ; TH32CS_SNAPMODULE

    If (snapshot_handle = INVALID_HANDLE_VALUE)
    {
        Return, False
    }

    VarSetCapacity(me32, 548, 0) ; MODULEENTRY32_SIZE

    NumPut(548, me32) ; MODULEENTRY32_SIZE

    If (DllCall("Module32First", "UInt", snapshot_handle, "UInt", &me32))
    {
        While (DllCall("Module32Next", "UInt", snapshot_handle, "UInt", &me32))
        {
            If (module_name == StrGet(&me32 + 32, 256, "CP0")) ; MODULEENTRY32_szModule
            ;If (DllCall("lstrcmpi", "Str", module_name, "UInt", &me32 + 32) = -1)
            {
                DllCall("CloseHandle", "UInt", snapshot_handle)

                Return, NumGet(&me32, 20) ; MODULEENTRY32_modBaseAddr
            }
        }
    }

    DllCall("CloseHandle", "UInt", snapshot_handle)

    Return, False
}

There are a lot of variations I could find but none of them work, so I think it's my fault.
What am I doing wrong?
BTW I want to read the address of "client_panorama.dll" inside csgo.exe, but I also tried doing it with notepad.exe and explorer.exe and nothing works.

Thanks in advance :D
Sid4G
Posts: 45
Joined: 02 Apr 2016, 19:11

Re: How do I read base address of DLL?

05 Oct 2019, 04:22

Stupid script kiddy, "going pro" in cs:go?

Return to “Gaming”

Who is online

Users browsing this forum: No registered users and 43 guests