Base Address + offset

**marco60** · 06-27-2018

So, im doing something here using Python but the address i got uses the base address + an offset, which is CoDWaWmp.exe+591938(float).
I cant get it working, i read i need to use GetModuleHandle but the way im doing to create that function seems wrong.
"

HMODULE WINAPI GetModuleHandle(
_In_opt_ LPCTSTR lpModuleName
);" lpModuleName being the .exe or .dll, which in this case is the CoDWaWmp.exe.

What do i need to do to be able to modify the value of that address?

**MikeRohsoft** · 06-28-2018

You can't get the Base Address of a Module Handle with GetModuleHandle of another Process.
You can only use it to get the own ModuleHandle or from Modules which are inbound in the Module, like DLL's
You need to do it with CreateToolhelp32Snapshot or EnumProcessModules.

**marco60** · 06-28-2018

and after that, does it return the actual address?

**Hell_Demon** · 06-28-2018

Originally Posted by marco60

and after that, does it return the actual address?

Toolhelp32Snapshot will give you the base address and module size of each module, then you simple add the offset to get to where you need to go.

**marco60** · 06-28-2018

will try that man, thanks. Any problem i might post here again

- - - Updated - - -

Originally Posted by marco60

will try that man, thanks. Any problem i might post here again

seems like the base address is 0x0000015224020B48 (i got a bunch of similars using another function earlier, i didnt know which one to pick cause it was spamming), but i cant get the thing to work, im honestly stuck. By the way, i used a code made by someone to get the base addres(yeah it uses createtoolhelp32snapshot).
print me32.dwSize
print me32.th32ModuleID
print me32.th32ProcessID
print me32.GlblcntUsage
print me32.ProccntUsage
print me32.modBaseAddr
print me32.modBaseSize
print me32.hModule
print me32.szModule
print me32.szExePath

**Hell_Demon** · 06-28-2018

Use me32.szModule to check for "codwew.exe", and log the base address for that. You only need to do this once, the module won't shift around during operation.

**marco60** · 06-28-2018

Yeah during the operation it wont change, but how do i use the base address + the offset together? its giving me an error "expected str, got int instead" when i try to add the offset to it. For example: self.xpMultiplier1 = (me32.modBaseAddr)+0x591938

print(me32.szModule)
print(me32.modBaseAddr)
print(me32.th32ModuleID)

b'CoDWaWmp.exe'
<ctypes.wintypes.LP_c_byte object at 0x0000022743F10BC8>
1
b'ntdll.dll'
<ctypes.wintypes.LP_c_byte object at 0x0000022743F10BC8>
1
b'wow64.dll'
<ctypes.wintypes.LP_c_byte object at 0x0000022743F10BC8>
1
b'wow64win.dll'
<ctypes.wintypes.LP_c_byte object at 0x0000022743F10BC8>
1
b'wow64cpu.dll'
<ctypes.wintypes.LP_c_byte object at 0x0000022743F10BC8>
1

got told that the BaseAddress for any CoD is static and i couldve just used the address that is displayed on CE

thanks anyway, indeed learned stuff from here

Thread: Base Address + offset

Thread Tools

Display

Base Address + offset

Similar Threads

[Help] Base Address with Offset

[Help Request] Garry's Mod sv_cheats base address + offset?

[Release] Assault Cube CT Base Address and OffSets

[Tutorial] Find base address + offset

Writing to address based on offset?