-1

I used CE to get a pointer to a value. I want to implement the pointer into my C++ Visual Studio Code. It has 3 Offsets.

What I already got:

  • Get the Process ID
  • Add the Offsets to the base address

What I need:

  • The """base address"""

Problem: I'm not sure if that what I am really looking for is the "base address".

POINTER I GOT

What I need is the Value that = 0x141B6658 - 0x5C4C0 = 0x1415A198 = ???

How to get that 0x1415A198 automatically?

I first thought this is the base address of the Module "N3.dll", which would make sense..(?), but it doesn't seem like it is.

I'm grabbing the Module base address with modueentry32, handle=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID), me32.modBaseAddr

And that is something like 

MODULE NAME:     N3.dll
     executable     = D:\xxx\xxx\xxx\N3.dll
     process ID     = 0x00003C2C
     ref count (g)  =     0x0004
     ref count (p)  =     0x0004
     base address   = 0x53230000
     base size      = 401408

But that's not even close to the one I need

Thanks in Advance

xKean
  • 94
  • 6
  • Please [edit] your question title to something that is not simply repeating the tag information. Your title should be clear and descriptive enough to be of use to a future reader here who is scanning a list of search results. Repeating tags does not help that user. The title should describe the problem you're having or question you're asking. Thanks. – Ken White Nov 14 '19 at 21:44

1 Answers1

0

You seem to expect that base address = 0x53230000 holds everything related to N3.dll. This isn't true; that's the base address where code and constants for N3.dll have been loaded. But anything allocated by new will be allocated memory at runtime. There are no module offsets involved in that.

MSalters
  • 173,980
  • 10
  • 155
  • 350
  • Hey, thanks for that information! Is there a way to grab that address the N3.dll is loadet into at runtime? – xKean Nov 15 '19 at 07:15
  • @xKean: That *is* the base address. – MSalters Nov 15 '19 at 07:53
  • Hm. Okay thank you! Im gonna try around a little, maybe i can figure out how it works.. Have to get from base adress -> dynamic adress i can change the value in. Gonna report soon. – xKean Nov 15 '19 at 08:55