Finding PID and Base Address in C++

1
votes

I'm trying to write a code in C++ which would display a process ID and base address of some application, PID seems to look correct but base address is 0, which is incorrect. My question is - what's wrong here?

IDE: Code::Blocks

Also to make it even run i had to set up "-lpsapi" in Settings -> Compiler -> Linker settings -> Other linker options

I was thinking about building this as admin but could't find such option in Code::Block (maybe build-in?)

Console output

Build messages

#define WINVER 0x0501
#include <iostream>
#include <cstdio>
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
#include <Psapi.h>
#include <tlhelp32.h>

using namespace std;

HANDLE GetHandle()
{
    string name = "PathOfExile_x64.exe";
    DWORD pid = 0;

    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 process;
    ZeroMemory(&process, sizeof(process));
    process.dwSize = sizeof(process);

    if (Process32First(snapshot, &process))
    {
        do
        {
            if (string(process.szExeFile) == name)
            {
               pid = process.th32ProcessID;
               break;
            }
        } while (Process32Next(snapshot, &process));
    }

    CloseHandle(snapshot);

    if (pid != 0)
    {
        cout << "pid = " << pid << endl;
        return OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    }


    return NULL;
}

HMODULE GetModule()
{
    HMODULE hMods[1024];
    HANDLE pHandle = GetHandle();
    DWORD cbNeeded;
    unsigned int i;

    if (EnumProcessModules(pHandle, hMods, sizeof(hMods), &cbNeeded))
        {
        for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
        {
            TCHAR szModName[MAX_PATH];
            if (GetModuleFileNameEx(pHandle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
            {
                string wstrModName = szModName;

                string wstrModContain = "PathOfExile_x64.exe";
                if (wstrModName.find(wstrModContain) != string::npos)
                {
                    CloseHandle(pHandle);
                    return hMods[i];
                }
            }
        }
    }
    return nullptr;
}


int main()
{
    HWND WindowHandle = FindWindow(nullptr, "Path of Exile");
    DWORD PID;
    GetWindowThreadProcessId(WindowHandle, &PID);
    PVOID hProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, 0, PID);

    HMODULE Module = GetModule();
    DWORD BaseAddress = (DWORD)Module;

    cout << BaseAddress << endl;

}
1
c++winapicodeblocks
Building as admin shouldn't make a difference, but running as admin may. Please check out the used functions in the MSDN, in particular with respect to the way they signal errors. There, you should also find psapi as the name of the library you had to link with. - Ulrich Eckhardt
Base address should not be cast to DWORD. Read compiler warnings. - Michael Chourdakis
Is there some mistakes in the process of data conversion? - Suarez Zhou
GetHandle returns a nullptr, unless you are running the code with sufficient privileges. You need those privileges since you are requesting PROCESS_ALL_ACCESS for no obvious reason. Both debugging the code as well as handling errors would have given this away instantly. - IInspectable
Even with sufficient privileges I'm still getting wrong base address. - Miłosz Tomkiel

1 Answers

0
votes

I would do it like this, tested working. I'm not familiar with the Enum functions, I prefer to use the ToolHelp32Snapshot function

#include "stdafx.h"
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>

DWORD GetProcId(const char* procName)
{
    DWORD procId = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 procEntry;
        procEntry.dwSize = sizeof(procEntry);

        if (Process32First(hSnap, &procEntry))
        {
            do
            {
                if (!_stricmp(procEntry.szExeFile, procName))
                {
                    procId = procEntry.th32ProcessID;
                    break;
                }
            } while (Process32Next(hSnap, &procEntry));

        }
    }
    CloseHandle(hSnap);
    return procId;
}

uintptr_t GetModuleBaseAddress(DWORD procId, const char* modName)
{
    uintptr_t modBaseAddr = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 modEntry;
        modEntry.dwSize = sizeof(modEntry);
        if (Module32First(hSnap, &modEntry))
        {
            do
            {
                if (!_stricmp(modEntry.szModule, modName))
                {
                    modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}

int main()
{
    DWORD procId = GetProcId("PathOfExile_x64.exe");

    uintptr_t modBase = GetModuleBaseAddress(procId, "PathOfExile_x64.exe");

    std::cout << "0x" << std::hex << modBase << std::endl;
    std::getchar();
    return 0;
}