value of GetModuleHandle() always is 0...

[Laertesiceking]

hi everybody!

I practice using c++ builder & cheat engine to change the money of Plants VS Zombies.

and I know the address of money. ("popcapgame1.exe"+0002619C, Offest = C)

First step, i use GetModuleHandle() like this in C++ builder:

//-------------------------------------------------------------------------------------------

DWORD baseAddr = (DWORD)GetModuleHandle("popcapgame1.exe");

//-------------------------------------------------------------------------------------------

when i use debugger to check the value of the baseAddr, the value is always 0. (i don't know why...)

i'm sure that process's name is right and process is running.

and i can't use Findwindow() because the money of data saves in popcapgame1.exe.

it's not saving in PlantsVSZombies.exe

[Eddington]

Is your exe path correct?
edit:
Wait what the hell GetModuleHandle returns a handle which is totally not an address. It is nonsensical trying to cast it to a DWORD and use it as an address.

[Hitokiri~]

GetModuleHandle only works for exe's if it's in the same process ( Aka only in DLLs injected into a process can it be used to return the base of a process )
Besides, GMH returns -1 for the local process ( psuedo-handle ) anyways.

I.E.
Process Name: calc.exe
Code: GetModuleHandleA( "calc.exe" ) -> Returns "-1"
Code: GetModuleHandleA( NULL ) -> Returns "-1"
Code: GetModuleHandleA( "explorer.exe" ) -> Returns NULL ( No such module in the process calc.exe exists. )

If you want to read an external process's modules, you'll need to create a snapshot and walk through the module list, locate the desired module and read the base from the PROCESSENTRY32/MODULEENTRY32 structures.

In your case however, since you're merely dealing with a process named "popcapwhatever.exe" a simple snapshot with TH32CS_SNAPPROCESS will work. ( Simply do strcmp with szExeFile stripping out the last "\" delimiter and attach to that process ID. )

Refs:
https://msdn.microsof*****m/en-us/librarydows/desktop/ms682489(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684834(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684836(v=vs.85).aspx
https://msdn.microsof*****m/en-us/librarydows/desktop/ms684218(v=vs.85).aspx
https://msdn.microsof*****m/en-us/lib...(v=vs.85).aspx

Try googling next time.

Code:

// Find the process and get the PROCESSENTRY32 structure from it
PROCESSENTRY32 pe; MODULEENTRY32 me;

while( Module32First( moduleSnapshot, &me ){
   if( me.th32ProcessID == pe.th32ProcessID ){ // Module is a child of the parent
      moduleBase = reinterpret_cast< ULONG_PTR >( me.modBaseAddr );
      break;
  }

  Module32Next( moduleSnapshot, &me );
}

[Laertesiceking]

Sorry, i'm newbie in Windows API.

Actually I found a source code at first.

refs: =.=" sorry i can't post links yet.

//------------------------------------------------------------------------------------------------------------------------

// My first game hack. This is for "Sniper: Ghost Warrior"

#include "stdafx.h"
#include <iostream>
#include <Windows.h>

using namespace std;

int main ()
{
HWND hWnd = FindWindow(0, L"Sniper: Ghost Warrior"); // Finds the window titled "Sniper: Ghost Warrior".

if (hWnd == 0) // If it can't find the window, then:
{
cout << "Can't find window, dopey noonga!" << endl;
}
else
{
DWORD pr0c3zz;
GetWindowThreadProcessId(hWnd, &pr0c3zz); // Locates the process through the window.
HANDLE trollpr0c3zz = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pr0c3zz); // Gives access to process.
if (!trollpr0c3zz) // If it can't access the process, then:
{
cout << "I can nawtz open pr0c3zz ." << endl;
}
else
{
int ammoAmount = 10; // Amount of bullets in current round.
int roundsAmount = 60; // Amount of rounds left.
int ammoAddr = 0x29500340; // Ammunition memory address.
int roundsAddr = 0x296E629C; // Rounds memory address.

cout << "Unlimited ammo - F1" << endl;

bool AmmoHax = false;

while(1) // Loops so the memory keeps rewriting itself if it's changed.
{
if (GetAsyncKeyState(VK_F1)) // If the "F1" hotkey is pressed then it will write the new data to the memory address.
AmmoHax = !AmmoHax;

if (AmmoHax)
WriteProcessMemory(trollpr0c3zz, (LPVOID)ammoAddr, &ammoAmount, sizeof(ammoAmount), NULL); // Modifies the ammunition's memory value to 10.
WriteProcessMemory(trollpr0c3zz, (LPVOID)roundsAddr, &roundsAmount, sizeof(roundsAmount), NULL); // Modifies the rounds' memory value to 60.

} // End of loop.

}
CloseHandle(trollpr0c3zz); // Removes access to the process when it is not needed.
}
system("pause");
return 0;
}

//--------------------------------------------------------------------------------------------------------------------------

when this game is running, it generates two processes. (popcapgame1.exe and PlantsVSZombies.exe)

i can't use Findwindow() like the above example after i analysis the money of memory address by cheat engine.

the money of data saves in popcapgame1.exe. it's not saving in PlantsVSZombies.exe.

i google it, and i found GetModuleHandle() could be used maybe.

refs: sorry i can't post links yet.

that's why i have the first problem.

thanks rely.

but Hitokiri's rely is too diffcult for me. = ||

could you explain simpler like the first example?

i think i need to learn more about the windows api.

thanks rely again.

[Hitokiri~]

Code:

#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <Shlwapi.h>
using namespace std;
DWORD GetProcessIdByName( LPCSTR procName ){
        PROCESSENTRY32 pe;
        HANDLE snapShot;
        pe.dwSize = sizeof( pe );
        snapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
        if( !snapShot ) throw runtime_error( "Unable to create a snapshot for processes." );
        if( Process32First( snapShot, &pe ) ){
                do{
                        if( !stricmp( pe.szExeFile, procName ) ){
                                CloseHandle( snapShot );
                                return pe.th32ProcessID;
                        }
                } while( Process32Next( snapShot, &pe ) );
        }
        CloseHandle( snapShot );
        return -1;
}
HMODULE GetModuleBaseByName( DWORD PID, LPCSTR modName ){
        MODULEENTRY32 me;
        HANDLE snapShot;
        WCHAR wModName[MAX_PATH];
        wcstombs_s(
        me.dwSize = sizeof( me );
        me.th32ProcessID = PID;
        snapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, NULL );
        if( !snapShot ) throw runtime_error( "Unable to create a snapshot for process modules." );
        if( Module32First( snapShot, &me ) ){
                do{
                        if( !StrCmpW( me.szModule, wModName ) ){
                                CloseHandle( snapShot );
                                return HMODULE( me.modBaseAddr );
                        }
                } while( Module32Next( snapShot, &me );
        }
        CloseHandle( snapShot );
        return HMODULE( NULL );
}
HANDLE OpenProcessByName( LPCSTR procName ){
        HANDLE hProc = INVALID_HANDLE_VALUE;
        DWORD pID = GetProcessIdByName( procName );
        if( pID != -1 )
                hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID );
        return hProc;
}
HANDLE OpenProcessID( DWORD PID ){
        return OpenProcess( PROCESS_ALL_ACCESS, FALSE, PID );
}
int main( int argc, char** argv ){
        DWORD pid = -1, tick = 0;
        HANDLE Proc = INVALID_HANDLE_VALUE;
        PVOID BaseModule = NULL, PVOID Money = NULL;
        DWORD MoneyInt = 99999, Out = 0;
        cout << "Waiting for Plants vs Zombies to start " << endl;
        while( ( pid = GetProcessIdByName( "popcapgame1.exe" ), pid == -1 ) )
        {
                cout << ".";
                Sleep(1000);
        }
        cout << endl << "Located Process with ID of ( " << pid << " )" << endl << "Attaching ..." << endl;
        Proc = OpenProcessID( pid );
        if( !Proc ) throw runtime_error( "Unable to attach to the process." );
        cout << "Attached to process." << endl << "Locating module's base address..." << endl;
        BaseModule = PVOID( GetModuleBaseByName( "popcapgame1.exe" );
        if( !BaseModule ) throw runtime_error( "Unable to locate the module's base address." );
        else cout << "Located module's base address at: " << BaseModule << endl;
        Money = PVOID( PCHAR( BaseModule ) + 0x2619C );
        cout << "Keeping $$ value constant .";
        while( 1 ){
                if( GetAsyncKeyState( VK_F1 ) & 1 )
                        break;
                if( tick++ > 10 ){
                        cout << "."
                        tick = 0;
                }
                WriteProcessMemory( Proc, Money, LPCVOID( &MoneyInt ), sizeof( DWORD ), &Out );
                Sleep( 100 );
        }
        cout << "Hotkey pressed. Program terminated." << endl;
        CloseHandle( Proc );
        getchar();
        return 0;
}

https://pastebin.com/zvdGCZ4R

You really should pay me for my kind work. Especially since I'm not a kind person.

[Laertesiceking]

Thank you so much!
I'll study hard.

[[MPGH]Mayion]

I guess OP found his answer.