4

I recently learned how to find base addresses of a process with Cheat Engine. I did it on Windows XP with Solitaire and I found a base address for score (something like 000AABBC) and that address never changed.

So I made a C++ program which used WriteProcessMemory(); (I just passed that address) and it was working every time. Now I'm doing it on Windows 7, I find the base address, but it's a pointer and the address it's pointing to changes everytime. When I check the pointer address it says "solitaire.exe"+000BAFD8. So how do I use it in the code like I did earlier?

AstroCB
  • 12,101
  • 20
  • 56
  • 70
user3478487
  • 1,055
  • 1
  • 8
  • 9

1 Answers1

2

You can enumerate the modules of a process and get their base address, in this case the address of the module solitaire.exe. This should give you a consistent address regardless of ASLR.

See: Getting a list of DLLs currently loaded in a process C#

Community
  • 1
  • 1
Zachary Canann
  • 1,053
  • 2
  • 12
  • 21